如何解决使用Kubernetes Ingress Nginx的GRPC服务器无响应
我正在尝试在0.34.1版的Kubernetes Ingress-Nginx入口后面部署基于GRPC的引擎,并且我已经测试了它在常规REST API设置下是否可以正常工作,但是我没有运气从端口50051连接时来自后端GRPC的流量。后端GRPC本身包含一个使用以下配置在端口50051上侦听的容器:
apiVersion: apps/v1
kind: Deployment
metadata:
name: microservice-one
spec:
selector:
matchLabels:
app: microservice-one
template:
metadata:
labels:
app: microservice-one
spec:
containers:
- name: microservice
image: azurecr.io/microservice:v1
ports:
- containerPort: 50051
resources:
requests:
memory: "5G"
cpu: 250m
limits:
cpu: 1000m
---
apiVersion: v1
kind: Service
metadata:
name: microservice-one
spec:
type: ClusterIP
ports:
- protocol: TCP
port: 50051
selector:
app: microservice-one
type: LoadBalancer
当我的入口的yaml文件应用以下配置时:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: service1
namespace: ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
spec:
tls:
- hosts:
- [HOSTNAME]
secretName: aks-ingress-tls
rules:
- host: [HOSTNAME]
- http:
paths:
- backend:
serviceName: microservice-one
servicePort: 50051
path: /(.*)
但是,在测试并查看原始生成的nginx配置后,下面省略了不相关的部分,我意识到nginx服务器仅监听443和80端口,这是nginx配置的标准配置。我已经读到入口仅允许https使用一个端口,因此我尝试了多个不同的注释(例如loadbalancer),据说它们绕过了限制,但没有一个起作用。谁能为这个问题提出什么其他可能的解决方案?
server {
server_name [HOSTNAME] ;
listen 80 ;
listen 443 ssl http2 ;
set $proxy_upstream_name "-";
ssl_certificate_by_lua_block {
certificate.call()
}
location / {
set $namespace "";
set $ingress_name "";
set $service_name "";
set $service_port "";
set $location_path "/";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,ssl_redirect = true,force_no_ssl_redirect = false,use_port_in_redirects = false,})
balancer.rewrite()
plugins.run()
}
port_in_redirect off;
set $balancer_ewma_score -1;
set $proxy_upstream_name "upstream-default-backend";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
client_max_body_size 1m;
grpc_set_header Upgrade $http_upgrade;
grpc_set_header Connection $connection_upgrade;
grpc_set_header X-Request-ID $req_id;
grpc_set_header X-Real-IP $remote_addr;
grpc_set_header X-Forwarded-For $remote_addr;
grpc_set_header X-Forwarded-Proto $pass_access_scheme;
grpc_set_header X-Forwarded-Host $best_http_host;
grpc_set_header X-Forwarded-Port $pass_port;
grpc_set_header X-Scheme $pass_access_scheme;
grpc_set_header X-Original-Forwarded-For $http_x_forwarded_for;
grpc_set_header Proxy "";
proxy_connect_timeout 5s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_buffers 4 4k;
proxy_max_temp_file_size 1024m;
proxy_request_buffering on;
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
proxy_next_upstream error timeout;
proxy_next_upstream_timeout 0;
proxy_next_upstream_tries 3;
proxy_pass http://upstream_balancer;
proxy_redirect off;
}
}
## end server [HOSTNAME]
## start server _
server {
server_name _ ;
listen 80 default_server reuseport backlog=511 ;
listen 443 default_server reuseport backlog=511 ssl http2 ;
set $proxy_upstream_name "-";
ssl_certificate_by_lua_block {
certificate.call()
}
location /(.*) {
set $namespace "myingress";
set $ingress_name "service1";
set $service_name "";
set $service_port "";
set $location_path "/(.*)";
rewrite_by_lua_block {
lua_ingress.rewrite({
force_ssl_redirect = false,})
balancer.rewrite()
plugins.run()
}
port_in_redirect off;
set $balancer_ewma_score -1;
set $proxy_upstream_name "myingress-microservice-one-50051";
set $proxy_host $proxy_upstream_name;
set $pass_access_scheme $scheme;
set $pass_server_port $server_port;
set $best_http_host $http_host;
set $pass_port $pass_server_port;
set $proxy_alternative_upstream_name "";
grpc_set_header Upgrade $http_upgrade;
grpc_set_header Connection $connection_upgrade;
grpc_set_header X-Request-ID $req_id;
grpc_set_header X-Real-IP $remote_addr;
grpc_set_header X-Forwarded-For $remote_addr;
grpc_set_header X-Forwarded-Proto $pass_access_scheme;
grpc_set_header X-Forwarded-Host $best_http_host;
grpc_set_header X-Forwarded-Port $pass_port;
grpc_set_header X-Scheme $pass_access_scheme;
grpc_set_header X-Original-Forwarded-For $http_x_forwarded_for;
grpc_set_header Proxy "";
grpc_pass grpc://upstream_balancer;
proxy_redirect off;
}
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com(将#修改为@)