如何解决从 AKS 私有集群通过 Internet 访问 Pod
我有一个完全私有的 AKS 集群,我将它设置在一个私有 VNET 上,我通过 Azure Bastion 访问该 VNET 以运行 kubectl 命令。我还设置了一个 DevOps 管道,它使用自托管代理在私有集群上运行命令。我所有的豆荚和入口似乎都运行良好。但是,当我尝试使用主机名(通过映射公共 ip)访问我的入口时,我发现 404 未找到。根据我的公共集群设置进行验证时,我没有看到任何问题。有人可以解释一下为什么我无法访问似乎运行良好的 pod 吗?
此外,即使在虚拟网络上的虚拟机上,我似乎也无法访问入口的外部 IP。但我可以运行 kubectl 命令并访问 kubernetes 仪表板。
---
apiVersion: v1
kind: Service
Metadata:
namespace: app-auth
labels:
environment: staging
name: app-auth-staging # The name of the app
spec:
type: ClusterIP
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: app-auth-staging
---
apiVersion: apps/v1
kind: Deployment
Metadata:
name: app-auth-staging
namespace: app-auth
labels:
app: app-auth-staging
environment: staging # The environment being used
app-role: api # The application type
tier: backend # The tier that this app represents
spec:
replicas: 1
selector:
matchLabels:
app: app-auth-staging
template:
Metadata:
labels:
app: app-auth-staging
environment: staging
app-role: api
tier: backend
annotations:
build: _{Tag}_
spec:
containers:
- name: auth
image: auth.azurecr.io/auth:_{Tag}_ # Note: Do not modify this field.
imagePullPolicy: Always
env:
- name: ConnectionStrings__ZigzyAuth # Note: The appsettings value being replaced
valueFrom:
secretKeyRef:
name: connectionstrings
key: _{ConnectionString}_ # Note: This is an environmental variable,it is replaced accordingly in DevOps
ports:
- containerPort: 80
readinessProbe:
tcpsocket:
port: 80
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
tcpsocket:
port: 80
initialDelaySeconds: 15
periodSeconds: 20
volumeMounts:
- name: secrets-store-inline
mountPath: "/mnt/secrets-store"
readOnly: true
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeselectorTerms:
- matchExpressions:
- key: agentpool
operator: In
values:
- general
volumes:
- name: secrets-store-inline
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: "aks-provider"
nodePublishSecretRef:
name: aks-prod-credstore
imagePullSecrets:
- name: aks-prod-acrps
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
Metadata:
name: app-auth-staging-ingress-main # The name of the ingress,ex: app-auth-ingress-main
namespace: app-auth
labels:
environment: staging
annotations:
kubernetes.io/ingress.class: Nginx
# Nginx.ingress.kubernetes.io/enable-cors: "true"
# Nginx.ingress.kubernetes.io/cors-allow-methods: "GET,POST,OPTIONS"
# Nginx.ingress.kubernetes.io/cors-allow-origin: "https://admin.example.com"
# Nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
spec:
tls:
- hosts:
- stagingauth.app.com # Modify
- frontend.21.72.207.63.nip.io
- aksstagingauth.app.com
secretName: zigzypfxtls
rules:
- host: stagingauth.app.com
http:
paths:
- backend:
serviceName: zigzy-auth-staging # Modify
servicePort: 80
path: /
- host: frontend.21.72.207.63.nip.io
http:
paths:
- backend:
serviceName: app-auth-staging # Modify
servicePort: 80
path: /
- host: aksstagingauth.app.com
http:
paths:
- backend:
serviceName: app-auth-staging # Modify
servicePort: 80
path: /
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。