基于kubernetes的Hangfire仪表板url设置

Question

我有消防仪表板在当地环境中正常工作。现在，我正在尝试将它设置为集群中的容器(pod)，部署到azure中，这样我就可以通过它的url访问hangfire仪表板了。但是，我对它有很大的访问权限。

下面是我的设置：

        [UsedImplicitly]
        public void Configure(IApplicationBuilder app)
        {
            var hangFireServerOptions = new BackgroundJobServerOptions
            {
                Activator = new ContainerJobActivator(app.ApplicationServices)
            };

            app.UseHealthChecks("/liveness");
            app.UseHangfireServer(hangFireServerOptions);

            app.UseHangfireDashboard("/hangfire", new DashboardOptions()
            {
                AppPath = null,
                DashboardTitle = "Hangfire Dashboard",
                Authorization = new[]
                {
                    new HangfireCustomBasicAuthenticationFilter
                    {
                        User = Configuration.GetSection("HangfireCredentials:UserName").Value,
                        Pass = Configuration.GetSection("HangfireCredentials:Password").Value
                    }
                }
            });

            app.UseHttpsRedirection();
            app.UseRouting();
            app.UseAuthorization();
            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });

            HangfireJobScheduler.ScheduleJobs(app.ApplicationServices.GetServices<IScheduledTask>()); //serviceProvider.GetServices<IScheduledTask>()
        }

Service.yml

apiVersion: v1
kind: Service
metadata:
  name: task-scheduler-api
spec:
  ports:
  - port: 80
    targetPort: 80
    name: http
  - port: 443
    targetPort: 443
    name: https
  selector:
    app: task-scheduler-api     

Deployment.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: task-scheduler
spec:
  selector:
    matchLabels:
      app: task-scheduler  
  template:
    metadata:
      labels:
        app: task-scheduler
    spec:
      containers:
      - name: task-scheduler
        image: <%image-name%>
        # Resources and limit
        resources:
          requests:
            cpu: <%cpu_request%>
            memory: <%memory_request%>
          limits:
            cpu: <%cpu_limit%>
            memory: <%memory_limit%>
        ports:
        - name: http
          containerPort: 80
        - name: https
          containerPort: 443        
        readinessProbe:
          httpGet:
            path: /liveness
            port: 80
          initialDelaySeconds: 3
          periodSeconds: 5
          timeoutSeconds: 30
        livenessProbe:
          httpGet:
            path: /liveness
            port: 80
          initialDelaySeconds: 15
          periodSeconds: 10
          timeoutSeconds: 5
          failureThreshold: 7

Ingress.yml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: "nginx"    
    cert-manager.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/rewrite-target: /
  name: task-scheulder-api-ingress
  namespace: default
spec:
  rules:
    - host: example.com
      http:
        paths:
        - path: /          
          pathType: Prefix
          backend:
            service:
              name: task-scheduler-api
              port:
                number: 80
  tls:
    - hosts:
        - example.com
      secretName: task-scheduler-tls-production        

我试图通过运行: example.com/hangfire来访问仪表板，但是503服务暂时不可用。

我在检查吊舱上的日志。一切似乎都很好：

...
...
Content root path: /data
Now listening on: http://0.0.0.0:80
Now listening on: https://0.0.0.0:443
Application started. Press Ctrl+C to shut down.
....

有人知道我错过了什么吗?怎么解决？谢谢

Answer 1

我已经解决了这个问题。主要问题是我在deployment.yml和service.yml中没有选择器应用程序的匹配值。如果我执行kubectl get ep，它将向我显示我没有为任务调度程序pod分配任何端点，这意味着它还没有真正部署。

一旦我更新了deployment.yml和service.yml中的值，url就可以访问。

service.yml

apiVersion: v1
kind: Service
metadata:
  name: task-scheduler-api
spec:
  ports:
  - port: 80
    targetPort: 80
    name: http
  - port: 443
    targetPort: 443
    name: https
  selector:
    app: task-scheduler-api  # This needs to match with value inside the deployment   

deployment.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: task-scheduler
spec:
  selector:
    matchLabels:
      app: task-scheduler  # This needs to match with value in service
  template:
    metadata:
      labels:
        app: task-scheduler # This needs to match as well
    spec:
      containers:
      - name: task-scheduler
        image: <%image-name%>
        # Resources and limit
        resources:
          requests:
            cpu: <%cpu_request%>
            memory: <%memory_request%>
          limits:
            cpu: <%cpu_limit%>
            memory: <%memory_limit%>
        ports:
        - name: http
          containerPort: 80
        - name: https
          containerPort: 443        
        readinessProbe:
          httpGet:
            path: /liveness
            port: 80
          initialDelaySeconds: 3
          periodSeconds: 5
          timeoutSeconds: 30
        livenessProbe:
          httpGet:
            path: /liveness
            port: 80
          initialDelaySeconds: 15
          periodSeconds: 10
          timeoutSeconds: 5
          failureThreshold: 7

希望有人会发现它有用。谢谢

Answer 2

这可能与ingress类有关，bcs将其从注释转移到networking.k8s.io/v1中的自己的字段：

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: task-scheulder-api-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - "example.com"
      secretName: task-scheduler-tls-production
  rules:
    - host: "example.com"
      http:
        paths:
          - path: /hangfire
            pathType: ImplementationSpecific
            backend:
              service:
                name: task-scheduler-api
                port:
                  number: 8080

您还不需要在服务中指定端口80 & 443，因为入口负责实现TLS：

apiVersion: v1
kind: Service
metadata:
  name: task-scheduler-api
spec:
  ports:
  - port: 8080
    targetPort: http
    protocol: TCP
    name: http
  selector:
    app: task-scheduler-api

为了方便起见，您还应该更新部署：

- name: http
  containerPort: 80
  protocol: TCP