Open minikiller opened 8 years ago
this is as far as I got it
I know vulcand is working because it is reponding on port 1080.
core@master ~ $ curl $(kubectl --namespace=kube-system describe pod POD_NAME | grep IP | awk '{print $NF}'):1080
{"error":"not found"}
I know romulus is accessing the kubernetes api through Service Account token, when I create the blog-example
root@desktop: ~/code/go/src/bitbucket.org/cescoferraro/cluster on master [+!?$]
$ kubectl --namespace=kube-system logs POD_NAME romulus
[romulusd] 2016/03/28 13:15:07 [info] Starting up romulusd version=v0.2.0-c3608443
[romulusd] 2016/03/28 13:15:07 [info] Creating kubernetes object cache
[romulusd] 2016/03/28 13:15:08 [info] Starting kubernetes watchers
[romulusd] 2016/03/28 13:15:08 [info] ADD Endpoints(Name="news-blog", Namespace="blog", Subsets=1)
[romulusd] 2016/03/28 13:15:08 [info] Upserting Backend(id=blog.news-blog.web)
[romulusd] 2016/03/28 13:15:08 [info] ADD Service(Name="news-blog", Namespace="blog")
[romulusd] 2016/03/28 13:15:08 [info] ADD Ingress(Name="blogs", Namespace="blog", DefBackend=, Rules=2)
[romulusd] 2016/03/28 13:15:08 [info] Upserting HTTPServer(blog.news-blog.07d725c2, http://10.100.45.5:2368, <nil>)
[romulusd] 2016/03/28 13:15:08 [info] Upserting Frontend(http, blog.news-blog.web, blog.news-blog.web)
[romulusd] 2016/03/28 13:15:08 [info] ADD Endpoints(Name="tech-blog", Namespace="blog", Subsets=1)
[romulusd] 2016/03/28 13:15:08 [info] Upserting Backend(id=blog.tech-blog.web)
[romulusd] 2016/03/28 13:15:08 [info] Upserting HTTPServer(blog.tech-blog.a15db0bd, http://10.100.40.4:2368, <nil>)
[romulusd] 2016/03/28 13:15:08 [info] Upserting Frontend(http, blog.tech-blog.web, blog.tech-blog.web)
[romulusd] 2016/03/28 13:15:08 [info] Upserting Backend(id=blog.news-blog.web)
[romulusd] 2016/03/28 13:15:08 [info] Upserting HTTPServer(blog.news-blog.07d725c2, http://10.100.45.5:2368, <nil>)
[romulusd] 2016/03/28 13:15:08 [info] Upserting Backend(id=blog.tech-blog.web)
[romulusd] 2016/03/28 13:15:08 [info] Upserting HTTPServer(blog.tech-blog.a15db0bd, http://10.100.40.4:2368, <nil>)
[romulusd] 2016/03/28 13:15:08 [info] Upserting Frontend(http, blog.news-blog.web, blog.news-blog.web)
[romulusd] 2016/03/28 13:15:08 [info] Upserting Frontend(http, blog.tech-blog.web, blog.tech-blog.web)
[romulusd] 2016/03/28 13:15:09 [info] Upserting Backend(id=blog.news-blog.web)
[romulusd] 2016/03/28 13:15:09 [info] Upserting HTTPServer(blog.news-blog.07d725c2, http://10.100.45.5:2368, <nil>)
[romulusd] 2016/03/28 13:15:09 [info] Upserting Frontend(http, blog.news-blog.web, blog.news-blog.web)
[romulusd] 2016/03/28 13:15:09 [info] ADD Service(Name="tech-blog", Namespace="blog")
[romulusd] 2016/03/28 13:15:09 [info] Upserting Backend(id=blog.tech-blog.web)
[romulusd] 2016/03/28 13:15:09 [info] Upserting HTTPServer(blog.tech-blog.a15db0bd, http://10.100.40.4:2368, <nil>)
[romulusd] 2016/03/28 13:15:09 [info] Upserting Frontend(http, blog.tech-blog.web, blog.tech-blog.web)
The I can curl the pod on port 1080[vulcand] and the domain work
core@master ~ $ curl --verbose --header 'Host: news.example.com' 'http://10.100.40.5:1080'
* Rebuilt URL to: http://10.100.40.5:1080/
* Trying 10.100.40.5...
* Connected to 10.100.40.5 (10.100.40.5) port 1080 (#0)
> GET / HTTP/1.1
> Host: news.example.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Location: https://news.example.com/
< Date: Mon, 28 Mar 2016 13:53:34 GMT
< Content-Length: 0
< Content-Type: text/plain; charset=utf-8
<
* Connection #0 to host 10.100.40.5 left intact
But when I try to follow the 302 redirect
core@master ~ $ curl --verbose --header 'Host: news.example.com' -L 'http://10.100.40.5:1080'
* Rebuilt URL to: http://10.100.40.5:1080/
* Trying 10.100.40.5...
* Connected to 10.100.40.5 (10.100.40.5) port 1080 (#0)
> GET / HTTP/1.1
> Host: news.example.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Location: https://news.example.com/
< Date: Mon, 28 Mar 2016 13:51:58 GMT
< Content-Length: 0
< Content-Type: text/plain; charset=utf-8
<
* Connection #0 to host 10.100.40.5 left intact
* Issue another request to this URL: 'https://news.example.com/'
* getaddrinfo(3) failed for news.example.com:443
* Couldn't resolve host 'news.example.com'
* Closing connection 1
curl: (6) Couldn't resolve host 'news.example.com'
@albertrdixon Can you take a look at this, please?
@cescoferraro Thanks for your reply. Does you can access http://10.100.40.5:1080, I found vulcand do not register a service under K8. Where is this address come from? Also this maybe a cluster ip,can you access cluster ip from your master machine? Thanks!
It is the pod's ip. It is the ip you get when you run.
kubectl --namespace=kube-system describe pod POD_NAME | grep IP | awk '{print $NF}'
just replace the POD_NAME
@cescoferraro Thank you very much. Now I have same situation when i input your command. I still don't know vulcand proxyed news-blog or tech-blog. can I see access logs under vulcand?
Just got it to work now. I can submit a PR with some docs on how to get started, if that OK with the author. I have debugged this way too much. lol
@cescoferraro thanks for all that debugging, heh :smile: Real life has gotten in the way of maintaining this project a bit. Please do send in a PR for updates to the examples, that would rock.
On the topic of examples, With regards to the blog example should it not be setting a hostname in vulcand to whatever is passed in as the ingress host? I am currently seeing it as empty
@DefunctExodus the problem I was having with the blog example is that
annotations:
romulus/redirect_to_ssl: "true"
as you can see on the log above. It is redirectiong to https but the ghost blog does not serve https.
On regards of the romulus controller, there is a typo on- --vulcan-api=http://127.0.0.1:8182
that should be- --vulcand-api=http://127.0.0.1:8182
. And for the configuration as is, you need SKYDNS and Service Accounts enabled on your kubenete cluster, otherwise you will need to provide an ip address for your apiserver flag - --kube-api=https://kubernetes.default
, but then there is no https.
And if you are using https , you should loos the - --kube-insecure
flag
This expose the vulcand to the internet, so you do not need to test it internelly. Might help
---
apiVersion: v1
kind: Service
metadata:
namespace: kube-system
name: ingress-controller-v1
labels:
name: ingress-controller-v1
spec:
ports:
- name: http
port: 80
targetPort: 1080
- name: https
port: 443
targetPort: 1080
externalIPs:
- xx.xxx.xxx.xx
selector:
k8s-app: ingress-controller
@cescoferraro
Thanks for the response, I also encountered all the same issues you did with the examples.
But what I was actually getting at is that running the blog example (as is) sets up the Vulcand back-ends and front-ends but does not actually assign a hostname to the front-end rule.
So in this example the blog essentially acts as a wildcard match on any hostname..I was under the impression that when using ingress it would pull the hostname from the ingress service and we would not need to specify it in the annotations of the service. But perhaps that was just a lack of understanding on my part
vulcand always logs no frontend rules at startup. It looks for entry already on etcd, but on romulus case there is always a fresh etcd.
Hmm.
So in your case what does a curl to vulcand v2/frontends
show you for the blogs route
or settings.hostname
?
Is it actually populated?
both
"Frontends": [
{
"Id": "blog.tech-blog.web",
"Route": "Host(`blog.cescoferraro.xyz`)",
"Type": "http",
"BackendId": "blog.tech-blog.web",
"Settings": {
"Limits": {
"MaxMemBodyBytes": 1048576,
"MaxBodyBytes": 1048576,
"MaxRespMemBodyBytes": 1048576,
"MaxRespBodyBytes": 1048576
},
"FailoverPredicate": "",
"Hostname": "blog.cescoferraro.xyz",
"TrustForwardHeader": true,
"PassHostHeader": true
}
},
See for some reason mine are empty. Ingress is on and working correctly as far as I can tell.
{
"BackendId": "default.news-blog.web",
"Id": "default.news-blog.web",
"Route": "PathRegexp(`.*`)",
"Settings": {
"FailoverPredicate": "",
"Hostname": "",
"Limits": {
"MaxBodyBytes": 1048576,
"MaxMemBodyBytes": 1048576
},
"PassHostHeader": true,
"TrustForwardHeader": true
},
"Type": "http"
},
{
"BackendId": "default.tech-blog.web",
"Id": "default.tech-blog.web",
"Route": "PathRegexp(`.*`)",
"Settings": {
"FailoverPredicate": "",
"Hostname": "",
"Limits": {
"MaxBodyBytes": 1048576,
"MaxMemBodyBytes": 1048576
},
"PassHostHeader": true,
"TrustForwardHeader": true
},
"Type": "http"
},
seems like you are messing with regexp.
Not to my knowledge
here it is my whole setup. Take a look https://gist.github.com/cescoferraro/b1a4d4a34f77d47acf394abeed75272c
That will actually help a ton , Thank you very much
Hi I run the example under bare metal environment. It works properly. But now I do not know how to check vulcan works. Would you like to give me some suggestion? Thanks!