bad gateway when expose service using treafik
2/2/2020
I am using treafik(v2.0) to expose my eureka service,this is my treafik config:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: fat-eureka-route
spec:
entryPoints:
- web
routes:
- match: Host(`k8s-fat-eureka.example.com`)
kind: Rule
services:
- name: eureka
port: 8761when I access eureka(in kubernetes namespace dabai-fat),it gives bad gateway tips like this:
[root@ops001 conf.d]# curl --header 'Host:k8s-fat-eureka.example.com' http://eureka:123456@172.19.150.82
Bad Gatewaywhat should I do to fix this problem? This is the eureka service yaml file:
{
"kind": "Service",
"apiVersion": "v1",
"metadata": {
"name": "eureka",
"namespace": "dabai-fat",
"selfLink": "/api/v1/namespaces/dabai-fat/services/eureka",
"uid": "ee2949e2-dbef-4b45-868b-efc60f52bed4",
"resourceVersion": "13217746",
"creationTimestamp": "2020-02-01T16:55:54Z",
"labels": {
"app": "eureka"
}
},
"spec": {
"ports": [
{
"name": "server",
"protocol": "TCP",
"port": 8761,
"targetPort": 8761
},
{
"name": "management",
"protocol": "TCP",
"port": 8081,
"targetPort": 8081
}
],
"selector": {
"app": "eureka"
},
"clusterIP": "None",
"type": "ClusterIP",
"sessionAffinity": "None"
},
"status": {
"loadBalancer": {}
}
}
The service location is:
This is the eureka service file:
{
"kind": "StatefulSet",
"apiVersion": "apps/v1beta2",
"metadata": {
"name": "eureka",
"namespace": "dabai-fat",
"selfLink": "/apis/apps/v1beta2/namespaces/dabai-fat/statefulsets/eureka",
"uid": "92eefc3d-4601-4ebc-9414-8437f9934461",
"resourceVersion": "13319530",
"generation": 14,
"creationTimestamp": "2020-02-01T16:55:54Z",
"labels": {
"app": "eureka"
}
},
"spec": {
"replicas": 1,
"selector": {
"matchLabels": {
"app": "eureka"
}
},
"template": {
"metadata": {
"creationTimestamp": null,
"labels": {
"app": "eureka"
}
},
"spec": {
"containers": [
{
"name": "eureka",
"image": "registry.cn-hangzhou.aliyuncs.com/dabai_app_k8s/dabai_fat/soa-eureka:v1.0.0",
"ports": [
{
"name": "server",
"containerPort": 8761,
"protocol": "TCP"
},
{
"name": "management",
"containerPort": 8081,
"protocol": "TCP"
}
],
"env": [
{
"name": "APP_NAME",
"value": "eureka"
},
{
"name": "POD_NAME",
"valueFrom": {
"fieldRef": {
"apiVersion": "v1",
"fieldPath": "metadata.name"
}
}
},
{
"name": "APP_OPTS",
"value": " --spring.application.name=${APP_NAME} --eureka.instance.hostname=${POD_NAME}.${APP_NAME} --registerWithEureka=true --fetchRegistry=true --eureka.instance.preferIpAddress=false --eureka.client.serviceUrl.defaultZone=http://eureka-0.${APP_NAME}:8761/eureka/,http://eureka-1.${APP_NAME}:8761/eureka/"
},
{
"name": "APOLLO_META",
"valueFrom": {
"configMapKeyRef": {
"name": "fat-config",
"key": "apollo.meta"
}
}
},
{
"name": "ENV",
"valueFrom": {
"configMapKeyRef": {
"name": "fat-config",
"key": "env"
}
}
}
],
"resources": {
"limits": {
"cpu": "2",
"memory": "1Gi"
},
"requests": {
"cpu": "2",
"memory": "1Gi"
}
},
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File",
"imagePullPolicy": "IfNotPresent"
}
],
"restartPolicy": "Always",
"terminationGracePeriodSeconds": 10,
"dnsPolicy": "ClusterFirst",
"securityContext": {},
"imagePullSecrets": [
{
"name": "regcred"
}
],
"schedulerName": "default-scheduler"
}
},
"serviceName": "eureka-service",
"podManagementPolicy": "Parallel",
"updateStrategy": {
"type": "RollingUpdate",
"rollingUpdate": {
"partition": 0
}
},
"revisionHistoryLimit": 10
},
"status": {
"observedGeneration": 14,
"replicas": 1,
"readyReplicas": 1,
"currentReplicas": 1,
"updatedReplicas": 1,
"currentRevision": "eureka-57c8656b89",
"updateRevision": "eureka-57c8656b89",
"collisionCount": 0
}
}
This is the treafik service yaml:
{
"kind": "Service",
"apiVersion": "v1",
"metadata": {
"name": "traefik",
"namespace": "kube-system",
"selfLink": "/api/v1/namespaces/kube-system/services/traefik",
"uid": "b2695279-2467-4480-aab5-a720a43951c1",
"resourceVersion": "12750877",
"creationTimestamp": "2020-01-29T10:26:34Z",
"annotations": {
"kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"annotations\":{},\"name\":\"traefik\",\"namespace\":\"kube-system\"},\"spec\":{\"ports\":[{\"name\":\"web\",\"port\":80},{\"name\":\"websecure\",\"port\":443},{\"name\":\"admin\",\"port\":8080}],\"selector\":{\"app\":\"traefik\"}}}\n"
}
},
"spec": {
"ports": [
{
"name": "web",
"protocol": "TCP",
"port": 80,
"targetPort": 80
},
{
"name": "websecure",
"protocol": "TCP",
"port": 443,
"targetPort": 443
},
{
"name": "admin",
"protocol": "TCP",
"port": 8080,
"targetPort": 8080
}
],
"selector": {
"app": "traefik"
},
"clusterIP": "10.254.169.66",
"type": "ClusterIP",
"sessionAffinity": "None"
},
"status": {
"loadBalancer": {}
}
}
By the way,my kuubernetes(v1.15.2) dashboard(in kube-system namespace) works fine with this config:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: kubernetes-dashboard-route
spec:
entryPoints:
- websecure
tls:
secretName: cloud-mydlq-tls
routes:
- match: Host(`kubernetes.example.com`)
kind: Rule
services:
- name: kubernetes-dashboard
port: 443This is the service eureka descibe output:
[root@ops001 conf.d]# kubectl describe service eureka -n dabai-fat
Name: eureka
Namespace: dabai-fat
Labels: app=eureka
Annotations: <none>
Selector: app=eureka
Type: ClusterIP
IP: None
Port: server 8761/TCP
TargetPort: 8761/TCP
Endpoints: 172.30.224.17:8761
Port: management 8081/TCP
TargetPort: 8081/TCP
Endpoints: 172.30.224.17:8081
Session Affinity: None
Events: <none>this is treafik logs output:
[root@ops001 traefik-deployment-yaml]# kubectl logs --tail=10 traefik-ingress-controller-hx4xd --namespace kube-system
E0202 13:46:25.977450 1 reflector.go:125] pkg/mod/k8s.io/client-go@v0.0.0-20190718183610-8e956561bbf5/tools/cache/reflector.go:98: Failed to list *v1.Service: services is forbidden: User "system:serviceaccount:kube-system:traefik-ingress-controller" cannot list resource "services" in API group "" at the cluster scope
E0202 13:46:25.978591 1 reflector.go:125] pkg/mod/k8s.io/client-go@v0.0.0-20190718183610-8e956561bbf5/tools/cache/reflector.go:98: Failed to list *v1alpha1.IngressRoute: ingressroutes.traefik.containo.us is forbidden: User "system:serviceaccount:kube-system:traefik-ingress-controller" cannot list resource "ingressroutes" in API group "traefik.containo.us" at the cluster scope
E0202 13:46:26.972861 1 reflector.go:125] pkg/mod/k8s.io/client-go@v0.0.0-20190718183610-8e956561bbf5/tools/cache/reflector.go:98: Failed to list *v1alpha1.Middleware: middlewares.traefik.containo.us is forbidden: User "system:serviceaccount:kube-system:traefik-ingress-controller" cannot list resource "middlewares" in API group "traefik.containo.us" at the cluster scope
E0202 13:46:26.973546 1 reflector.go:125] pkg/mod/k8s.io/client-go@v0.0.0-20190718183610-8e956561bbf5/tools/cache/reflector.go:98: Failed to list *v1beta1.Ingress: ingresses.extensions is forbidden: User "system:serviceaccount:kube-system:traefik-ingress-controller" cannot list resource "ingresses" in API group "extensions" at the cluster scope
E0202 13:46:26.974483 1 reflector.go:125] pkg/mod/k8s.io/client-go@v0.0.0-20190718183610-8e956561bbf5/tools/cache/reflector.go:98: Failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:kube-system:traefik-ingress-controller" cannot list resource "secrets" in API group "" at the cluster scope
E0202 13:46:26.975571 1 reflector.go:125] pkg/mod/k8s.io/client-go@v0.0.0-20190718183610-8e956561bbf5/tools/cache/reflector.go:98: Failed to list *v1.Endpoints: endpoints is forbidden: User "system:serviceaccount:kube-system:traefik-ingress-controller" cannot list resource "endpoints" in API group "" at the cluster scope
E0202 13:46:26.976691 1 reflector.go:125] pkg/mod/k8s.io/client-go@v0.0.0-20190718183610-8e956561bbf5/tools/cache/reflector.go:98: Failed to list *v1alpha1.IngressRouteTCP: ingressroutetcps.traefik.containo.us is forbidden: User "system:serviceaccount:kube-system:traefik-ingress-controller" cannot list resource "ingressroutetcps" in API group "traefik.containo.us" at the cluster scope
E0202 13:46:26.977765 1 reflector.go:125] pkg/mod/k8s.io/client-go@v0.0.0-20190718183610-8e956561bbf5/tools/cache/reflector.go:98: Failed to list *v1alpha1.TLSOption: tlsoptions.traefik.containo.us is forbidden: User "system:serviceaccount:kube-system:traefik-ingress-controller" cannot list resource "tlsoptions" in API group "traefik.containo.us" at the cluster scope
E0202 13:46:26.978815 1 reflector.go:125] pkg/mod/k8s.io/client-go@v0.0.0-20190718183610-8e956561bbf5/tools/cache/reflector.go:98: Failed to list *v1.Service: services is forbidden: User "system:serviceaccount:kube-system:traefik-ingress-controller" cannot list resource "services" in API group "" at the cluster scope
E0202 13:46:26.980811 1 reflector.go:125] pkg/mod/k8s.io/client-go@v0.0.0-20190718183610-8e956561bbf5/tools/cache/reflector.go:98: Failed to list *v1alpha1.IngressRoute: ingressroutes.traefik.containo.us is forbidden: User "system:serviceaccount:kube-system:traefik-ingress-controller" cannot list resource "ingressroutes" in API group "traefik.containo.us" at the cluster scope-- Dolphin
kubernetes