我已经为 nginx 和 php-fpm laravel 容器创建了 2 个 Kubernetes 部署。但由于某种原因,来自 nginx 的流量似乎无法成功到达 php-fpm 容器,并产生以下错误
172.18.0.1 - - [18/Jul/2022:16:51:10 +0000] "GET / HTTP/1.1" 404 555 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36"
这是我的部署文件
apiVersion: v1 kind: ConfigMap metadata: name: web-server-config namespace: dev-api data: nginx.conf: | server { li sten 80; index index.php index.html; error_log /var/log/nginx/error.log; access_log /var/log/nginx/access.log; root /var/www/html/public; location ~ .php$ { try_files $uri =404; fastcgi_split_path_info ^(.+.php)(/.+)$; fastcgi_pass api-web-svc:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; } location / { try_files $uri $uri/ /index.php?$query_string; gzip_static on; } } --- apiVersion: v1 kind: ConfigMap metadata: name: php-config namespace: dev-api data: laravel.ini: | upload_max_filesize: 80M post_max_size: 80M --- apiVersion: v1 kind: Secret metadata: name: api-web-secret namespace: dev-api type: Opaque data: ... --- apiVersion: apps/v1 kind: Deployment metadata: name: api-web namespace: dev-api spec: selector: matchLabels: app: api-web replicas: 1 template: metadata: labels: app: api-web spec: containers: - name: api-web image: XXX.dkr.ecr.us-east-1.amazonaws.com/api-web:0.9.4-alpha volumeMounts: - name: php-config mountPath: /usr/local/etc/php/conf.d/laravel.ini - name: env-config mountPath: /var/www/html/.env ports: - containerPort: 9000 volumes: - name: php-config configMap: name: php-config - name: env-config secret: secretName: api-web-secret imagePullSecrets: - name: regcred --- apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment namespace: dev-api spec: selector: matchLabels: app: nginx replicas: 1 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:alpine volumeMounts: - name: web-server-config mountPath: /etc/nginx/conf.d/ ports: - containerPort: 80 volumes: - name: web-server-config configMap: name: web-server-config --- apiVersion: v1 kind: Service metadata: name: web-server-svc namespace: dev-api spec: type: NodePort selector: app: nginx ports: - protocol: TCP port: 80 targetPort: 80 nodePort: 32420 --- apiVersion: v1 kind: Service metadata: name: api-web-svc namespace: dev-api labels: app: api-web spec: type: ClusterIP selector: app: api-web ports: - protocol: TCP port: 9000
namespace
是单独声明的。每个部署中的两个容器都成功运行。
k logs deployment/nginx-deployment -n dev-api /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-list en-on-ipv6-by-default.sh 10-lis ten-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf is not a file or does not exist /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh /docker-entrypoint.sh: Configuration complete; ready for start up 2022/07/18 16:18:50 [notice] 1#1: using the "epoll" event method 2022/07/18 16:18:50 [notice] 1#1: nginx/1.21.6 2022/07/18 16:18:50 [notice] 1#1: built by gcc 10.3.1 20211027 (Alpine 10.3.1_git20211027) 2022/07/18 16:18:50 [notice] 1#1: OS: Linux 5.4.0-109-generic 2022/07/18 16:18:50 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576 2022/07/18 16:18:50 [notice] 1#1: start worker processes 2022/07/18 16:18:50 [notice] 1#1: start worker process 21 2022/07/18 16:18:50 [notice] 1#1: start worker process 22 2022/07/18 16:18:50 [notice] 1#1: start worker process 23 2022/07/18 16:18:50 [notice] 1#1: start worker process 24 2022/07/18 16:18:50 [notice] 1#1: start worker process 25 2022/07/18 16:18:50 [notice] 1#1: start worker process 26 2022/07/18 16:18:50 [notice] 1#1: start worker process 27 2022/07/18 16:18:50 [notice] 1#1: start worker process 28
k logs deployment/api-web -n dev-api [18-Jul-2022 16:18:51] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root [18-Jul-2022 16:18:51] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root [18-Jul-2022 16:18:51] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root [18-Jul-2022 16:18:51] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root [18-Jul-2022 16:18:51] NOTICE: fpm is running, pid 1 [18-Jul-2022 16:18:51] NOTICE: ready to handle connections
而api-web
部署中用于生成镜像api-web:0.9.4-alpha
的Dockerfile如下所示
FROM php:7.2-fpm # Copy composer.lock and composer.json COPY composer.lock composer.json /var/www/html/ # Set working directory WORKDIR /var/www/html # Install dependencies RUN apt-get update && apt-get install -y build-essential libpng-dev libjpeg62-turbo-dev libfreetype6-dev locales zip jpegoptim optipng pngquant gifsicle vim unzip git curl nodejs npm # Clear cache RUN apt-get cle an && rm -rf /var/lib/apt/lists/* # Install extensions RUN docker-php-ext-install pdo_mysql mbstring zip exif pcntl RUN docker-php-ext-configure gd --with-gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ --with-png-dir=/usr/include/ RUN docker-php-ext-install gd # Install composer RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer # Add user for laravel application RUN groupadd -g 1000 www RUN useradd -u 1000 -ms /bin/bash -g www www # Copy existing application directory contents COPY . /var/www/html/ # Copy existing application directory permissions COPY --chown=www:www . /var/www/html/ # Change current user to www USER www ## Run composer dependencies RUN composer update RUN composer install # Expose port 9000 and start php-fpm server EXPOSE 9000 CMD ["php-fpm"]
这个 Dockerfile 也运行良好,没有任何问题。使用此图像的 docker-compose
文件也可以正常工作。
任何想法为什么来自 nginx-deployment
容器的流量无法到达 api-web
php-fpm 容器并出现错误
172.18.0.1 - - [18/Jul/2022:16:51:10 +0000] "GET / HTTP/1.1" 404 555 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36"
据我所知,两个 Pod 或至少容器需要相同的源文件。如果nginx不知道这个php文件存在,它就无法将请求转发到php-fpm容器。
我说的是容器,但我不建议将 nginx 和 php-fpm 拆分到单独的 pod 中。我更有可能将这些容器作为一个单元启动,在一个 Pod 中具有相同的源。除非你有某种 Cron 作业或批处理作业。