代理入口总是发送404
我在aws托管的kubernetes集群(v1.21.2-eks-06eac09)中有一个have ingress (v0.13.5,默认舵机设置)和一个服务/部署。该服务已启动并运行,可以通过curl成功调用,haproxy stats页面显示一个绿色后端,并具有正确的ip。在我看来,一切看起来都很好,但是如果我调用url,我会得到默认404后端,除非我用相同的服务配置默认后端。这使我得出结论,主机或路径映射一定有问题,对吗?我的配置中是否有错误,还是在其他地方出现了问题?
这是我的入口资源:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-service
namespace: my-service
annotations:
haproxy-ingress.github.io/affinity: "cookie"
haproxy-ingress.github.io/backend-server-naming: "pod"
haproxy-ingress.github.io/secure-backends: "true"
haproxy-ingress.github.io/session-cookie-dynamic: "true"
haproxy-ingress.github.io/session-cookie-keywords: "indirect nocache httponly maxidle 900"
haproxy-ingress.github.io/session-cookie-preserve: "true"
haproxy-ingress.github.io/session-cookie-same-site: "true"
haproxy-ingress.github.io/slots-min-free: "0"
haproxy-ingress.github.io/ssl-redirect: "false"
haproxy-ingress.github.io/strict-host: "true"
spec:
ingressClassName: haproxy-ingress
tls:
- secretName: my-service-tls
rules:
- http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: my-service
port:
number: 443
host: my-service.dev.aws.company.local
# defaultBackend:
# service:
# name: my-service
# port:
# number: 443进取心:
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: haproxy-ingress
spec:
controller: haproxy-ingress.github.io/controller舵机安装命令:
helm install haproxy-ingress haproxy-ingress/haproxy-ingress --create-namespace --namespace ingress-controller --set controller.service.type=ClusterIP --version 0.13.5从haproxy.conf生成的后端
backend my-service_my-service_https
mode http
balance roundrobin
acl https-request ssl_fc
http-request set-header X-Original-Forwarded-For %[hdr(x-forwarded-for)] if { hdr(x-forwarded-for) -m found }
http-request del-header x-forwarded-for
option forwardfor
cookie INGRESSCOOKIE insert preserve attr SameSite=None secure indirect nocache httponly maxidle 900 dynamic
dynamic-cookie-key "Ingress"
http-response set-header Strict-Transport-Security "max-age=15768000" if https-request
server my-service-0 10.19.25.214:443 weight 1 ssl no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets verify none check inter 2s从haproxy.conf生成的前端
frontend _front_https
mode http
bind :443 ssl alpn h2,http/1.1 crt-list /etc/haproxy/maps/_front_bind_crt.list ca-ignore-err all crt-ignore-err all
option httplog
http-request set-var(req.path) path
http-request set-var(req.host) hdr(host),field(1,:),lower
http-request set-var(req.base) var(req.host),concat(\#,req.path)
http-request set-var(req.hostbackend) var(req.base),map_dir(/etc/haproxy/maps/_front_https_host__prefix.map)
http-request set-header X-Forwarded-Proto https
http-request del-header X-SSL-Client-CN
http-request del-header X-SSL-Client-DN
http-request del-header X-SSL-Client-SHA1
http-request del-header X-SSL-Client-Cert
use_backend %[var(req.hostbackend)] if { var(req.hostbackend) -m found }
use_backend %[var(req.defaultbackend)]
default_backend _error404生成的映射/_前沿_https_host__prefix.map.map
my-service.dev.aws.company.local#/ my-service_my-service_https回答 1
Stack Overflow用户
发布于 2022-01-21 16:04:33
我发现问题了!我的tls定义中的主机部分丢失了。这样就不会生成/etc/haproxy/maps_front_https_host__begin.map,在我生成的前端部分(http-request set-var(req.hostbackend) var(req.base),lower,map_beg(/etc/haproxy/maps/_front_https_host__begin.map))中也没有映射配置。
我的完全工作的入口现在看起来如下(我将注释移到configmap):
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-service
namespace: my-service
spec:
ingressClassName: haproxy-ingress
tls:
- secretName: my-service-tls
hosts:
- my-service.dev.aws.company.local
rules:
- http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: my-service
port:
number: 443
host: my-service.dev.aws.company.localhttps://stackoverflow.com/questions/70774194
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号