bachr提出的问题 -server

bachr

Asked: 2020-06-04 11:52:21 +0800 CST

如何在 nginx 入口后面正确配置对 kubernees 仪表板的访问

2

我正在尝试配置 nginx 入口以访问多个服务，如下所示：

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-monit
spec:
  rules:
  - host: grafana.localhost
    http:
      paths:
      - path: /
        backend:
          serviceName: prometheus-grafana
          servicePort: 80
  - host: kubernetes-dashboard.localhost
    http:
      paths:
      - path: /
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 80

我可以毫无问题地访问 grafana 服务，我的问题是 kubernetes-dashboard。我已经将 kubernetes-dashboard 配置为允许使用此配置的 HTTP 流量

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: monit
spec:
  ports:
    - port: 80
      targetPort: 9090
  selector:
    k8s-app: kubernetes-dashboard

---

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: monit
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
        - name: kubernetes-dashboard
          image: kubernetesui/dashboard:v2.0.0-beta8
          imagePullPolicy: Always
          ports:
            - containerPort: 9090
              protocol: TCP
          args:
            - --namespace=monit
            - --insecure-bind-address=0.0.0.0
            - --insecure-port=9090
            - --enable-insecure-login
            # Uncomment the following line to manually specify Kubernetes API server Host
            # If not specified, Dashboard will attempt to auto discover the API server and connect
            # to it. Uncomment only if the default does not work.
            # - --apiserver-host=http://my-address:port
          volumeMounts:
            - name: kubernetes-dashboard-certs
              mountPath: /certs
              # Create on-disk volume to store exec logs
            - mountPath: /tmp
              name: tmp-volume
          livenessProbe:
            httpGet:
              scheme: HTTP
              path: /
              port: 9090
            initialDelaySeconds: 30
            timeoutSeconds: 30
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      volumes:
        - name: kubernetes-dashboard-certs
          secret:
            secretName: kubernetes-dashboard-certs
        - name: tmp-volume
          emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "beta.kubernetes.io/os": linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule

我还有一个有效的令牌，当我使用 ClusterIP 时，我可以使用它来访问 kubernetes 仪表板。但是，当我通过 ngress 访问它时，即使使用有效令牌，我也无法浏览登录页面（参见屏幕截图）。

我查看了 Nginx 日志中的问题/错误，但一切似乎都很好

$ kubectl logs -n monit ingress-nginx-controller-bbdc786b4-6nl9h  -f
192.168.65.3 - - [03/Jun/2020:02:03:13 +0000] "GET /api/v1/csrftoken/login HTTP/1.1" 200 85 "http://kubernetes-dashboard.localhost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36" 479 0.001 [monit-kubernetes-dashboard-80] [] 10.1.0.123:9090 85 0.001 200 59fc952888dfadf0223740c31e562ef8
192.168.65.3 - - [03/Jun/2020:02:03:13 +0000] "POST /api/v1/login HTTP/1.1" 200 1508 "http://kubernetes-dashboard.localhost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36" 1545 0.005 [monit-kubernetes-dashboard-80] [] 10.1.0.123:9090 1508 0.005 200 241388246b11031765557475bea603ff
192.168.65.3 - - [03/Jun/2020:02:03:13 +0000] "GET /api/v1/plugin/config HTTP/1.1" 200 185 "http://kubernetes-dashboard.localhost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36" 477 0.003 [monit-kubernetes-dashboard-80] [] 10.1.0.123:9090 185 0.003 200 45371469793ce4f35c45dec70530bea0
192.168.65.3 - - [03/Jun/2020:02:03:13 +0000] "GET /api/v1/login/status HTTP/1.1" 200 108 "http://kubernetes-dashboard.localhost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36" 476 0.001 [monit-kubernetes-dashboard-80] [] 10.1.0.123:9090 108 0.001 200 49171f5e9316a2d6da883d1c4f0b50df
192.168.65.3 - - [03/Jun/2020:02:03:13 +0000] "GET /api/v1/login/status HTTP/1.1" 200 108 "http://kubernetes-dashboard.localhost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36" 476 0.001 [monit-kubernetes-dashboard-80] [] 10.1.0.123:9090 108 0.001 200 c69b9d166f1527f00e7cd175696ec8c7
192.168.65.3 - - [03/Jun/2020:02:03:13 +0000] "GET /api/v1/login/status HTTP/1.1" 200 108 "http://kubernetes-dashboard.localhost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36" 476 0.001 [monit-kubernetes-dashboard-80] [] 10.1.0.123:9090 108 0.001 200 1f9c27ca407bca57dcc0c26bca65be58

我的入口配置中缺少什么？

更新：我尝试使用此配置为仪表板设置 https 入口

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: https-ingress-monit
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  rules:
  - host: kubernetes-dashboard.localhost
    http:
      paths:
      - path: /
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 443

但这似乎不起作用，没有配置端点

$ kubectl describe ingress https-ingress-monit -n monit
Name:             https-ingress-monit
Namespace:        monit
Address:          localhost
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host                            Path  Backends
  ----                            ----  --------
  kubernetes-dashboard.localhost  
                                  /   kubernetes-dashboard:443 (<error: endpoints "kubernetes-dashboard" not found>)
Annotations:                      nginx.ingress.kubernetes.io/backend-protocol: HTTPS
Events:
  Type    Reason  Age   From                      Message
  ----    ------  ----  ----                      -------
  Normal  CREATE  87s   nginx-ingress-controller  Ingress monit/https-ingress-monit
  Normal  UPDATE  74s   nginx-ingress-controller  Ingress monit/https-ingress-monit

现在，当我尝试访问http://kubernetes-dashboard.localhost/我看到503 Service Temporarily Unavailable

bachr

Asked: 2020-06-03 15:30:51 +0800 CST

在从上游读取响应标头时，入口 nginx 上游未发送有效的 HTTP/1.0 标头

1

我正在尝试为我的命名空间中的服务设置一个 nginx 入口控制器。其中一个后端服务接受端口 80 上的 HTTP 流量，另一个仅接受端口 443 上的 HTTPS 流量。请参阅这两个服务的描述

$ kubectl describe svc service-1 -n monit
Name:              service-1
Namespace:         monit
Labels:            app=service-1
Annotations:       <none>
Selector:          app=service-1
Type:              ClusterIP
IP:                10.104.185.173
Port:              https  443/TCP
TargetPort:        8443/TCP
Endpoints:         10.1.0.95:8443
Session Affinity:  None
Events:            <none>

$ kubectl describe svc service-2 -n monit
Name:              service-2
Namespace:         monit
Labels:            app=service-2
Annotations:       <none>
Selector:          app=service-2
Type:              ClusterIP
IP:                10.110.93.64
Port:              service  80/TCP
TargetPort:        3000/TCP
Endpoints:         10.1.0.87:3000
Session Affinity:  None
Events:            <none>

这是我的入口配置

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-monit
spec:
  rules:
  - host: service-2.localhost
    http:
      paths:
      - path: /
        backend:
          serviceName: service-2
          servicePort: 80
  - host: service-1.localhost
    http:
      paths:
      - path: /
        backend:
          serviceName: service-1
          servicePort: 443

当我查看 Nginx 配置时，一切正常

$ kubectl describe ingress ingress-monit -n monit                  
Name:             ingress-monit
Namespace:        monit
Address:          localhost
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host                            Path  Backends
  ----                            ----  --------
  service-2.localhost               
                                  /   service-2:80 (10.1.0.87:3000)
  service-1.localhost  
                                  /   service-1:443 (10.1.0.95:8443)
Annotations:                      Events:
  Type                            Reason  Age   From                      Message
  ----                            ------  ----  ----                      -------
  Normal                          CREATE  31m   nginx-ingress-controller  Ingress monit/ingress-monit
  Normal                          UPDATE  30m   nginx-ingress-controller  Ingress monit/ingress-monit

现在的问题是我可以使用http://service-2.localhost/正确访问我的 service-2，但我无法访问 service-1。在 chrome 上访问http://service-1.localhost/给了我

This site can’t be reachedThe webpage at https://service-1.localhost/ might be temporarily down or it may have moved permanently to a new web address.
ERR_INVALID_RESPONSE

当我查看 Nginx 日志时，我看到：

$ kubectl logs -n monit ingress-nginx-controller-bbdc786b4-8crdm -f
-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:       0.32.0
  Build:         git-446845114
  Repository:    https://github.com/kubernetes/ingress-nginx
  nginx version: nginx/1.17.10

-------------------------------------------------------------------------------
. . .
2020/06/02 22:56:47 [error] 2363#2363: *64928 upstream sent no valid HTTP/1.0 header while reading response header from upstream, client: 192.168.65.3, server: service-1.localhost, request: "GET / HTTP/1.1", upstream: "http://10.1.0.95:8443/", host: "service-1.localhost"
192.168.65.3 - - [02/Jun/2020:22:58:13 +0000] "GET / HTTP/1.1" 200 7817 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36" 594 0.005 [monit-service-2-80] [] 10.1.0.87:3000 30520 0.005 200 2baefff713047b14a81643650cb50c4c

该错误似乎与 service-1 返回 bad response 相关upstream sent no valid HTTP/1.0 header while reading response header from upstream。问题是如果我使用kubectl proxy我可以正确访问该服务！

有什么想法可以让我弄清楚真正的问题是什么？

bachr

Asked: 2020-05-17 12:01:51 +0800 CST

如何删除 helm 安装包？

0

我正在使用 Helm 3 安装 kubernetes 包。现在我需要删除/清理已安装的内容，我尝试使用 unintall 但它似乎正在寻找一个版本（不确定它是什么意思）而不是一个包：

$ helm install prometheus stable/prometheus-operator --namespace monit
$ helm delete prometheus
Error: uninstall: Release not loaded: prometheus: release: not found

当试图列出是否有任何版本时，我什么也没得到！

$ helm list
NAME    NAMESPACE   REVISION    UPDATED STATUS  CHART   APP VERSION

在这种情况下删除普罗米修斯资源的正确方法是什么？

bachr

Asked: 2015-03-03 07:25:57 +0800 CST

本地机器和远程服务器上运行的虚拟机之间的路由

1

我正在尝试在我的本地机器（LM）和Host-only Networking在远程服务器（RS）上运行的 VirtualBox VM（VM，使用 Vagrant 创建并配置）之间建立路由。设置如下：

LM (OS: Windows 7, IP: 192.168.2.8)
VM (OS: Ubuntu server 14., IP: 192.168.50.4)
RS (OS: Ubuntu server 14., eth0: 192.168.2.204, vboxnet0: 192.168.50.1)

我尝试将以下路由添加到我的本地计算机：

route add 192.168.50.0 mask 255.255.255.0 192.168.2.204

但是我只能ping远程服务器的第二个接口（即192.168.50.1），无法访问VM。我该如何解决这个问题？

如何在 nginx 入口后面正确配置对 kubernees 仪表板的访问

在从上游读取响应标头时，入口 nginx 上游未发送有效的 HTTP/1.0 标头

如何删除 helm 安装包？

本地机器和远程服务器上运行的虚拟机之间的路由

新安装后 postgres 的默认超级用户用户名/密码是什么？

SFTP 使用什么端口？

命令行列出 Windows Active Directory 组中的用户？

什么是 Pem 文件，它与其他 OpenSSL 生成的密钥文件格式有何不同？

如何确定bash变量是否为空？

bachr's questions