Le conteneur Kubernetes Nginx ne peut pas accéder au conteneur php-fpm

Question

J'ai créé 2 déploiements Kubernetes pour les conteneurs Laravel nginx et php-fpm. Mais pour une raison quelconque, le trafic de nginx ne semble pas atteindre le conteneur php-fpm avec succès et produit l'erreur suivante

172.18.0.1 - - [18/Jul/2022:16:51:10 +0000] "GET / HTTP/1.1" 404 555 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36"

Voici mon fichier de déploiement

apiVersion: v1
kind: ConfigMap
metadata:
  name: web-server-config
  namespace: dev-api
data:
  nginx.conf: |
    server {
        li sten 80;
        index index.php index.html;
        error_log  /var/log/nginx/error.log;
        access_log /var/log/nginx/access.log;
        root /var/www/html/public;

        location ~ .php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+.php)(/.+)$;

            fastcgi_pass api-web-svc:9000;
            fastcgi_index index.php;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
        }

        location / {
            try_files $uri $uri/ /index.php?$query_string;
                gzip_static on;
        }
    }
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: php-config
  namespace: dev-api
data:
  laravel.ini: |
    upload_max_filesize: 80M
    post_max_size: 80M
---
apiVersion: v1
kind: Secret
metadata:
  name: api-web-secret
  namespace: dev-api
type: Opaque
data:
 ...
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: api-web
  namespace: dev-api
spec:
  selector:
    matchLabels:
      app: api-web
  replicas: 1
  template:
    metadata:
      labels:
        app: api-web
    spec:
      containers:
      - name: api-web
        image: XXX.dkr.ecr.us-east-1.amazonaws.com/api-web:0.9.4-alpha
        volumeMounts:
         - name: php-config
           mountPath: /usr/local/etc/php/conf.d/laravel.ini
         - name: env-config
           mountPath: /var/www/html/.env
        ports:
        - containerPort: 9000
      volumes:
        - name: php-config
          configMap:
            name: php-config
        - name: env-config
          secret:
            secretName: api-web-secret
      imagePullSecrets:
      - name: regcred  
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: dev-api
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:alpine
        volumeMounts:
         - name: web-server-config
           mountPath: /etc/nginx/conf.d/
        ports:
        - containerPort: 80
      volumes:
        - name: web-server-config
          configMap:
            name: web-server-config 
---
apiVersion: v1
kind: Service
metadata:
  name:  web-server-svc
  namespace: dev-api
spec:
  type: NodePort
  selector:
    app:  nginx
  ports:
  - protocol: TCP
    port:  80
    targetPort:  80
    nodePort: 32420
---
apiVersion: v1
kind: Service
metadata:
  name:  api-web-svc
  namespace: dev-api
  labels:
    app: api-web
spec:
  type: ClusterIP
  selector:
    app:  api-web
  ports:
  - protocol: TCP
    port:  9000

namespace est déclaré séparément. Les deux conteneurs de chaque déploiement s'exécutent correctement.

k logs deployment/nginx-deployment  -n dev-api
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-list en-on-ipv6-by-default.sh
10-lis ten-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf is not a file or does not exist
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2022/07/18 16:18:50 [notice] 1#1: using the "epoll" event method
2022/07/18 16:18:50 [notice] 1#1: nginx/1.21.6
2022/07/18 16:18:50 [notice] 1#1: built by gcc 10.3.1 20211027 (Alpine 10.3.1_git20211027) 
2022/07/18 16:18:50 [notice] 1#1: OS: Linux 5.4.0-109-generic
2022/07/18 16:18:50 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2022/07/18 16:18:50 [notice] 1#1: start worker processes
2022/07/18 16:18:50 [notice] 1#1: start worker process 21
2022/07/18 16:18:50 [notice] 1#1: start worker process 22
2022/07/18 16:18:50 [notice] 1#1: start worker process 23
2022/07/18 16:18:50 [notice] 1#1: start worker process 24
2022/07/18 16:18:50 [notice] 1#1: start worker process 25
2022/07/18 16:18:50 [notice] 1#1: start worker process 26
2022/07/18 16:18:50 [notice] 1#1: start worker process 27
2022/07/18 16:18:50 [notice] 1#1: start worker process 28

k logs deployment/api-web -n dev-api
[18-Jul-2022 16:18:51] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
[18-Jul-2022 16:18:51] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
[18-Jul-2022 16:18:51] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
[18-Jul-2022 16:18:51] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
[18-Jul-2022 16:18:51] NOTICE: fpm is running, pid 1
[18-Jul-2022 16:18:51] NOTICE: ready to handle connections

Et le api-web部署中用于生成镜像api-web:0.9.4-alphaDockerfile est le suivant

FROM php:7.2-fpm

# Copy composer.lock and composer.json
COPY composer.lock composer.json /var/www/html/

# Set working directory
WORKDIR /var/www/html

# Install dependencies
RUN apt-get update && apt-get install -y 
    build-essential 
    libpng-dev 
    libjpeg62-turbo-dev 
    libfreetype6-dev 
    locales 
    zip 
    jpegoptim optipng pngquant gifsicle 
    vim 
    unzip 
    git 
    curl 
    nodejs 
    npm

# Clear cache
RUN apt-get cle an && rm -rf /var/lib/apt/lists/*

# Install extensions
RUN docker-php-ext-install pdo_mysql mbstring zip exif pcntl
RUN docker-php-ext-configure gd --with-gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ --with-png-dir=/usr/include/
RUN docker-php-ext-install gd

# Install composer
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer

# Add user for laravel application
RUN groupadd -g 1000 www
RUN useradd -u 1000 -ms /bin/bash -g www www

# Copy existing application directory contents
COPY . /var/www/html/

# Copy existing application directory permissions
COPY --chown=www:www . /var/www/html/

# Change current user to www
USER www

## Run composer dependencies
RUN composer update
RUN composer install

# Expose port 9000 and start php-fpm server
EXPOSE 9000
CMD ["php-fpm"]

Ce Dockerfile fonctionne également correctement sans aucun problème. docker-compose les fichiers utilisant cette image fonctionneront également très bien.

Une idée de pourquoi cela vient du nginx-deployment 容器的流量无法到达 api-web conteneur php-fpm et j'obtiens une erreur

172.18.0.1 - - [18/Jul/2022:16:51:10 +0000] "GET / HTTP/1.1" 404 555 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36"

Answer 1

Pour autant que je sache, les deux Pods ou au moins les conteneurs ont besoin des mêmes fichiers sources. Si nginx ne sait pas que ce fichier php existe, il ne peut pas transmettre la requête au conteneur php-fpm.

Je parle de conteneurs, mais je ne recommande pas de diviser nginx et php-fpm en pods séparés. Je suis plus susceptible de lancer ces conteneurs comme une unité, dans un Pod avec la même source. Sauf si vous avez une sorte de tâche cron ou de tâche par lots.