在Kubernetes环境中有关Nginx Ingress与API Gateway的连接问题

文章目录

• 小结
• 问题
• 解决
• 参考

小结

在Kubernetes环境中是通过Nginx Ingress来从外部访问Kubernetes内部的环境，并用API Gateway来分发请求，碰到了 502 Bad gateway.的问题，并尝试解决。

问题

从外部通过Nginx Ingress访问Kubernetes内部的环境API Gateway，返回错误： 502 Bad gateway. 这里API Gateway也起到了Load Balancer的作用。

[john@Node1 ~]$ curl -H 'Host:apigw.com' http://192.168.18.16:80/Test Application/process
<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.25.1</center>
</body>
</html>

查看Nginx运行的实例：

[john@Master ~]$ kubectl get pods -o wide -A | tail -n 2
nginx-ingress    nginx-ingress-c46vc                      1/1     Running   0          31d     10.244.3.163     Node1   <none>           <none>
nginx-ingress    nginx-ingress-hvqjg                      1/1     Running   0          31d     10.244.4.164     Node2   <none>           <none>

查看错误日志，

[john@Master ~]$ kubectl logs -f nginx-ingress-hvqjg -n nginx-ingress

可以看到类似以下错误：connect() failed (111: Connection refused) while connecting to upstream。

查看Nginx的配置文件：

[john@Master ~]$ kubectl exec -it nginx-ingress-c46vc -n nginx-ingress -- /bin/bash
nginx@nginx-ingress-hvqjg:/$ cat /etc/nginx/nginx.conf
nginx@nginx-ingress-hvqjg:/$ cat /etc/nginx/conf.d/default-apigw-ingress.conf

解决

通常情况下需要去查找后台服务的问题，有可能是后台服务没有正常启动所导致的连接问题。

确认了后台服务没有问题后，那么需要去看Nginx Ingress的配置问题。

以下是正确Ngnix Ingress配置示例 （在Nginx Ingress的pod中）：

nginx@nginx-ingress-hvqjg:/$ cat /etc/nginx/conf.d/default-apigw-ingress.conf
# configuration for default/apigw-ingress

upstream default-apigw-ingress-apigw.com-apigw-service-80 {
	zone default-apigw-ingress-apigw.com-apigw-service-80 256k;
	random two least_conn;
	
	server 10.244.3.169:8090 max_fails=1 fail_timeout=10s max_conns=0;
	server 10.244.4.171:8090 max_fails=1 fail_timeout=10s max_conns=0;
	
}
server {
	
	listen 80;

	server_tokens on;

	server_name apigw.com;

	set $resource_type "ingress";
	set $resource_name "apigw-ingress";
	set $resource_namespace "default";

	
	location / {
		set $service "apigw-service";
		
		proxy_http_version 1.1;

		proxy_connect_timeout 60s;
		proxy_read_timeout 60s;
		proxy_send_timeout 60s;
		client_max_body_size 1m;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Host $host;
		proxy_set_header X-Forwarded-Port $server_port;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_buffering on;
		
		proxy_pass http://default-apigw-ingress-apigw.com-apigw-service-80/;
		
	}
	location /eureka {
		set $service "eureka-lb";
		
		proxy_http_version 1.1;
		
		proxy_connect_timeout 60s;
		proxy_read_timeout 60s;
		proxy_send_timeout 60s;
		client_max_body_size 1m;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Host $host;
		proxy_set_header X-Forwarded-Port $server_port;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_buffering on;
		
		
		proxy_pass http://default-apigw-ingress-apigw.com-eureka-lb-80/;
		
		
	}
	
	
}

参考

Stackoverflow: 502 Bad gateway when trying to connect to backend
Nginx Ingress Installation with Manifests
server fault: connect() failed (111: Connection refused) while connecting to upstream
stackoverflow: Why does attempting to connect to my ingress show connection refused?
CSDN: nginx报错：connect() failed (111: Connection refused) while connecting to upstream
CSDN: Nginx报502错误，日志connect() failed (111: Connection refused) while connecting to upstream的个人有效解决方案
Kubernetes Ingress