-
Notifications
You must be signed in to change notification settings - Fork 369
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
使用higress网关访问后端协议为grpc,无法访问。 #906
Comments
|
好的。我本地验证一下。 |
path: / @ldl-home 精确匹配/肯定不行了,你看下日志里的path是/ping.Ping/Ping |
@ldl-home 改成新配置后,对应的日志发一下,也是501 NR? |
我本地试了一下,是可以的。 syntax = "proto3";
option java_multiple_files = true;
option java_package = "com.realch3cho.grpctest.grpc";
option go_package = ".;common";
message HelloRequestType {
string name = 1;
}
message HelloResponseType {
string message = 1;
}
service HelloService {
rpc SayHello(HelloRequestType) returns (HelloResponseType) {}
} apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
higress.io/backend-protocol: GRPC
higress.io/destination: grpc.static
higress.io/ignore-path-case: "false"
creationTimestamp: "2024-03-22T02:08:05Z"
generation: 2
labels:
higress.io/resource-definer: higress
name: test
namespace: higress-system
resourceVersion: "571475"
uid: 241ae809-8df4-43c1-a94e-edbd65bc0a9a
spec:
ingressClassName: higress
rules:
- http:
paths:
- backend:
resource:
apiGroup: networking.higress.io
kind: McpBridge
name: default
path: /
pathType: Prefix |
另外看上去是console界面上配置的,ingress yaml也提供下吧,在higress-system命名空间下 |
我有一个问题,8080端口是gRPC的吗? |
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: go-ping
namespace: higress-system
uid: 32fda53a-b2b8-4485-8514-c9bbfad45edc
resourceVersion: '10440242'
generation: 1
creationTimestamp: '2024-04-08T07:07:11Z'
labels:
higress.io/domain_grpc.iotbull.com: 'true'
higress.io/resource-definer: higress
annotations:
higress.io/destination: go-ping-s.default.svc.cluster.local:8080
higress.io/ignore-path-case: 'false'
nginx.ingress.kubernetes.io/backend-protocol: GRPC
managedFields:
- manager: Kubernetes Java Client
operation: Update
apiVersion: networking.k8s.io/v1
time: '2024-04-08T07:07:11Z'
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:higress.io/destination: {}
f:higress.io/ignore-path-case: {}
f:labels:
.: {}
f:higress.io/domain_grpc.iotbull.com: {}
f:higress.io/resource-definer: {}
f:spec:
f:ingressClassName: {}
f:rules: {}
f:tls: {}
- manager: node-fetch
operation: Update
apiVersion: networking.k8s.io/v1
time: '2024-04-08T07:08:21Z'
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
f:nginx.ingress.kubernetes.io/backend-protocol: {}
selfLink: /apis/networking.k8s.io/v1/namespaces/higress-system/ingresses/go-ping
status:
loadBalancer: {}
spec:
ingressClassName: higress
tls:
- hosts:
- grpc.iotbull.com
secretName: iotbull
rules:
- host: grpc.test.com
http:
paths:
- path: /
pathType: Prefix
backend:
resource:
apiGroup: networking.higress.io
kind: McpBridge
name: default |
这个我也试过 : higress.io/backend-protocol: GRPC |
就是自己测试启动的一个grpc服务。 |
ingress 修改成 prefix 之后的 access log 能发一下吗?还是之前的报错吗? 你可以试试 exec 到 higress-gateway 那个 pod 里,执行 |
这样连接被拒绝了
|
这就对应了我前面的问题,你的gRPC服务监听的什么端口,是8080吗? |
嗯,那你要查查kubeproxy什么的了。看一下Service和Endpoints呢,里面有Pod吗? |
目前测试下来正常了,通过higress还是访问不到
{"authority":"web.test.com","bytes_received":"0","bytes_sent":"15","downstream_local_address":"192.168.201.50:443","downstream_remote_address":"192.168.201.103:54807","duration":"9054","istio_policy_status":"-","method":"GET","path":"/ping?target=grpc.iotbull.com:443","protocol":"HTTP/1.1","request_id":"043d4be7-5aa9-474f-9bda-c5d58bda32ec","requested_server_name":"web.test.com","response_code":"503","response_flags":"URX","route_name":"web-test","start_time":"2024-04-08T10:29:24.954Z","trace_id":"f6c8e00c3196ec8cf5a37bfe645a6fa7","upstream_cluster":"outbound|80||go-web.default.svc.cluster.local","upstream_host":"172.20.135.157:8888","upstream_local_address":"172.20.85.192:52034","upstream_service_time":"9054","upstream_transport_failure_reason":"-","user_agent":"PostmanRuntime/7.37.0","x_forwarded_for":"192.168.201.103"} |
目测是连不上。上面命令是在Gateway的Pod里做的吗?我看host变了。新的ingress发一下呢? |
|
建议你 exec 到 higress-gateway 的 pod 里再 curl 一下 |
@CH3CHO 执行结果如下 |
你这个是在node上执行吧?能kubectl exec到pod里面吗? |
这个就是在higress-gateway的pod内执行的 |
那这个前面的机器名有点迷惑性啊 |
{"authority":"web.test.com","bytes_received":"0","bytes_sent":"15","downstream_local_address":"192.168.201.50:443","downstream_remote_address":"192.168.201.103:54807","duration":"9054","istio_policy_status":"-","method":"GET","path":"/ping?target=grpc.iotbull.com:443","protocol":"HTTP/1.1","request_id":"043d4be7-5aa9-474f-9bda-c5d58bda32ec","requested_server_name":"web.test.com","response_code":"503","response_flags":"URX","route_name":"web-test","start_time":"2024-04-08T10:29:24.954Z","trace_id":"f6c8e00c3196ec8cf5a37bfe645a6fa7","upstream_cluster":"outbound|80||go-web.default.svc.cluster.local","upstream_host":"172.20.135.157:8888","upstream_local_address":"172.20.85.192:52034","upstream_service_time":"9054","upstream_transport_failure_reason":"-","user_agent":"PostmanRuntime/7.37.0","x_forwarded_for":"192.168.201.103"} 看日志是HTTP/1.1呀,不是gRPC请求,而且upstream host字段是172.20.135.157:8888,没有请求8080 |
@ldl-home 有调试通吗,看你上面发的日志不是gRPC请求 |
If you are reporting any crash or any potential security issue, do not
open an issue in this repo. Please report the issue via ASRC(Alibaba Security Response Center) where the issue will be triaged appropriately.
Ⅰ. Issue Description
基于k8s环境使用如下配置创建了一个higress访问的域名,后端服务提供grpc
Ⅱ. Describe what happened
通过 postman的grpc协议调用grpc.test.com其中的一个ping方法。无法到后端服务
日志如下
{"authority":"grpc.test.com:80","bytes_received":"0","bytes_sent":"0","downstream_local_address":"192.168.201.50:80","downstream_remote_address":"192.168.201.103:56441","duration":"0","istio_policy_status":"-","method":"POST","path":"/ping.Ping/Ping","protocol":"HTTP/2","request_id":"dd357754-f453-40aa-be3a-eb5171ee649f","requested_server_name":"-","response_code":"501","response_flags":"NR","route_name":"-","start_time":"2024-04-08T05:47:46.917Z","trace_id":"-","upstream_cluster":"-","upstream_host":"-","upstream_local_address":"-","upstream_service_time":"-","upstream_transport_failure_reason":"-","user_agent":"grpc-node-js/1.8.10","x_forwarded_for":"192.168.201.103"}
Ⅲ. Describe what you expected to happen
Ⅳ. How to reproduce it (as minimally and precisely as possible)
Ⅴ. Anything else we need to know?
Ⅵ. Environment:
The text was updated successfully, but these errors were encountered: