kubernetes Argo工作流UI无法与AWS入口控制器配合使用

b5buobof  于 2022-12-11  发布在  Kubernetes
关注(0)|答案(3)|浏览(131)

我试图在EKS上设置一个AWS ALB入口。但是Argo UI不工作。但是端口转发工作正常。

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    alb.ingress.kubernetes.io/healthcheck-path: /
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
    alb.ingress.kubernetes.io/scheme: internal
    kubernetes.io/ingress.class: alb
  name: admin-ns-endpoints
  namespace: admin
spec:
  rules:
  - host: argo-nonprod.sample.com
    http:
      paths:
      - backend:
          serviceName: argo-server
          servicePort: 2746
        path: /*
status:
  loadBalancer:
    ingress:
    - hostname: xxxxxxx.ap-south-1.elb.amazonaws.com

访问终结点时获得404。

apiVersion: apps/v1
kind: Deployment
metadata:
  name: argo-server
  namespace: admin
spec:
  replicas: 1
  template:
    spec:
      containers:
      - args:
        - server
        - --configmap=argo-workflow-controller-configmap
        env:
        - name: BASE_HREF
          value: /
        - name: IN_CLUSTER
          value: "true"
        - name: ARGO_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        image: argoproj/argocli:v2.9.3
        imagePullPolicy: Always
        name: argo-server
        ports:
        - containerPort: 2746
          name: web
          protocol: TCP

我用舵图来展开海图。
我尝试在入口文件中更改不同的值,但没有成功。

6yt4nkrj

6yt4nkrj1#

你能试着删除www.example.com吗spec.rules.http.host??

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-alb-ingress
  namespace: argo
  annotations:
    kubernetes.io/ingress.class: aws-alb
    alb.ingress.kubernetes.io/load-balancer-attributes: access_logs.s3.enabled=false
    alb.ingress.kubernetes.io/backend-protocol: HTTPS
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
    alb.ingress.kubernetes.io/subnets: REDACTED
    alb.ingress.kubernetes.io/security-groups: REDACTED
    alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
    alb.ingress.kubernetes.io/healthcheck-path: /
    external-dns.alpha.kubernetes.io/hostname: REDACTED
  labels:
    app: nginx-service
spec:
  rules:
    - http:
        paths:
          - path: /*
            backend:
              serviceName: argo-server
              servicePort: 2746
jtoj6r0c

jtoj6r0c2#

你可以试试

alb.ingress.kubernetes.io/backend-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-protocol: HTTP

我的完整配置是:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ${name_http_ingress}
  namespace: ${namespace}
  labels:
    app.kubernetes.io/component: server
    app.kubernetes.io/instance: argo-cd
    app.kubernetes.io/part-of: argocd
    app.kubernetes.io/name: argocd-server
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/backend-protocol: HTTP
    alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
    alb.ingress.kubernetes.io/healthcheck-port: traffic-port
    alb.ingress.kubernetes.io/healthcheck-path: /
    # alb.ingress.kubernetes.io/success-codes: 200,301,302,307
    alb.ingress.kubernetes.io/conditions.argogrpc: >-
      [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["^application/grpc.*$"]}}]
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: >-
      {"type":"redirect","redirectConfig":{"port":"443","protocol":"HTTPS","statusCode":"HTTP_301"}}
    # external-dns.alpha.kubernetes.io/hostname: ${domain_name_public}
    alb.ingress.kubernetes.io/certificate-arn: ${domain_certificate}
    # alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-2-Ext-2018-06
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/load-balancer-name: ${name_http_ingress}
    alb.ingress.kubernetes.io/target-type: instance
    # alb.ingress.kubernetes.io/target-type: ip # require to enable sticky sessions ,stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=60
    alb.ingress.kubernetes.io/target-group-attributes: load_balancing.algorithm.type=least_outstanding_requests
    alb.ingress.kubernetes.io/target-node-labels: ${tolerations_key}=${tolerations_value}
    alb.ingress.kubernetes.io/tags: Environment=${tags_env},Restricted=false,Customer=customer,Project=ops,Name=${name_http_ingress}
    alb.ingress.kubernetes.io/load-balancer-attributes: routing.http2.enabled=true,idle_timeout.timeout_seconds=180

spec:
  ingressClassName: alb
  tls:
    - hosts:
        - ${domain_name_public}
  rules:
    - host: ${domain_name_public}
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: ssl-redirect
                port:
                  name: use-annotation
    - host: ${domain_name_public}
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                # name: argo-cd-argocd-server
                name: argogrpc
                port:
                  number: 4433

          - path: /
            pathType: Prefix
            backend:
              service:
                name: rnd-server-argo
                port:
                  number: 2746

          - path: /argo
            pathType: Prefix
            backend:
              service:
                name: argo-workwlow-server-argo
                port:
                  number: 2746
e4yzc0pl

e4yzc0pl3#

To achieve this you need to do below steps

Step1: Configure below argogrpc service.

https://raw.githubusercontent.com/naguait85/argocd_helm-1/master/argocd-install/argogrpc.yaml

Step2: Configure ingress using below ingress in argocd. change the hostname and certificate arn from aws public certificate.

https://raw.githubusercontent.com/naguait85/argocd_helm-1/master/argocd-install/ingress.yaml

相关问题