csh995426531 opened a new issue #2070: URL: https://github.com/apache/apisix/issues/2070
### Issue description  不知道要怎么去排查问题,麻烦大佬指点,感谢。下面是我的部署文件: ~~~ apiVersion: apps/v1 kind: DaemonSet # DaemonSet保证在每个Node上都运行一个Pod,如果 新增一个Node,这个Pod也会运行在新增的Node上,如果删除这个DadmonSet,就会清除它所创建的Pod。 metadata: labels: app: apisix-gw name: apisix-gw-deployment namespace: liaotian spec: selector: matchLabels: app: apisix-gw template: metadata: labels: app: apisix-gw spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - apisix-gw topologyKey: kubernetes.io/hostname weight: 100 initContainers: - command: - /bin/sh - -c - | sysctl -w net.core.somaxconn=65535 sysctl -w net.ipv4.ip_local_port_range="1024 65535" sysctl -w net.ipv4.tcp_max_syn_backlog=8192 sysctl -w fs.file-max=1048576 sysctl -w fs.inotify.max_user_instances=16384 sysctl -w fs.inotify.max_user_watches=524288 sysctl -w fs.inotify.max_queued_events=16384 image: busybox:latest name: init-sysctl resources: {} securityContext: privileged: true procMount: Default restartPolicy: Always containers: - env: - name: TZ value: "Asia/Shanghai" - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: 'apache/apisix:latest' imagePullPolicy: IfNotPresent name: apisix-gw-deployment ports: - containerPort: 9080 name: http protocol: TCP - containerPort: 9443 name: https protocol: TCP readinessProbe: failureThreshold: 6 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 tcpSocket: port: 9080 timeoutSeconds: 1 volumeMounts: - mountPath: /usr/local/apisix/conf/config.yaml name: apisix-config-yaml-configmap subPath: config.yaml - mountPath: /etc/localtime name: localtime readOnly: true volumes: - configMap: name: apisix-gw-config.yaml name: apisix-config-yaml-configmap - hostPath: path: /etc/localtime type: File name: localtime --- apiVersion: apps/v1 kind: Deployment metadata: name: etcd-cluster-client namespace: liaotian spec: replicas: 2 selector: matchLabels: app: apisix-gw strategy: type: Recreate template: metadata: labels: app: apisix-gw spec: containers: - name: etcd-cluster-client image: bitnami/etcd:3.4.9 imagePullPolicy: Always securityContext: runAsUser: 0 env: - name: ETCD_DATA_DIR value: "/etcd_data" - name: ETCD_ENABLE_V2 value: "true" - name: ALLOW_NONE_AUTHENTICATION value: "yes" ports: - name: http containerPort: 2379 #容器对外暴露的端口 - name: peer containerPort: 2380 volumeMounts: - mountPath: /etcd_data/:rw name: data volumes: - name: data hostPath: path: /mnt/hgfs/work_code/go_work/liaotian/data/etcd/ #宿主机挂载点 --- apiVersion: v1 kind: Service metadata: name: etcd-cluster-client namespace: liaotian spec: ports: - name: http port: 2379 targetPort: 2379 ports: - name: http port: 2379 targetPort: 2379 selector: app: apisix-gw --- apiVersion: v1 data: config.yaml: |- apisix: node_listen: 9082 # APISIX listening port enable_admin: true enable_admin_cors: true # Admin API support CORS response headers. enable_debug: false enable_dev_mode: false # Sets nginx worker_processes to 1 if set to true enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set to true. enable_ipv6: true config_center: etcd # etcd: use etcd to store the config value # yaml: fetch the config value from local yaml file `/your_path/conf/apisix.yaml` #proxy_protocol: # Proxy Protocol configuration # listen_http_port: 9181 # The port with proxy protocol for http, it differs from node_listen and port_admin. # This port can only receive http request with proxy protocol, but node_listen & port_admin # can only receive http request. If you enable proxy protocol, you must use this port to # receive http request with proxy protocol # listen_https_port: 9182 # The port with proxy protocol for https # enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option # enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server proxy_cache: # Proxy Caching configuration cache_ttl: 10s # The default caching time if the upstream does not specify the cache time zones: # The parameters of a cache - name: disk_cache_one # The name of the cache, administrator can be specify # which cache to use by name in the admin api memory_size: 50m # The size of shared memory, it's used to store the cache index disk_size: 1G # The size of disk, it's used to store the cache data disk_path: "/tmp/disk_cache_one" # The path to store the cache data cache_levels: "1:2" # The hierarchy levels of a cache # - name: disk_cache_two # memory_size: 50m # disk_size: 1G # disk_path: "/tmp/disk_cache_two" # cache_levels: "1:2" # - "::/64" # port_admin: 9180 # use a separate port # https_admin: true # enable HTTPS when use a separate port for Admin API. # Admin API will use conf/apisix_admin_api.crt and conf/apisix_admin_api.key as certificate. admin_api_mtls: # Depends on `port_admin` and `https_admin`. admin_ssl_cert: "" # Path of your self-signed server side cert. admin_ssl_cert_key: "" # Path of your self-signed server side key. admin_ssl_ca_cert: "" # Path of your self-signed ca cert.The CA is used to sign all admin api callers' certificates. # Default token when use API to call for Admin API. # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API. # Disabling this configuration item means that the Admin API does not # require any authentication. admin_key: - name: "admin" key: edd1c9f034335f136f87ad84b625c8f1 role: admin # admin: manage all configuration data # viewer: only can view configuration data - name: "viewer" key: 4054f7cf07e344346cd3f287985e76a2 role: viewer delete_uri_tail_slash: false # delete the '/' at the end of the URI router: http: 'radixtree_uri' # radixtree_uri: match route by uri(base on radixtree) # radixtree_host_uri: match route by host + uri(base on radixtree) ssl: 'radixtree_sni' # radixtree_sni: match route by SNI(base on radixtree) # stream_proxy: # TCP/UDP proxy # tcp: # TCP proxy port list # - 9100 # - 9101 # udp: # UDP proxy port list # - 9200 # - 9211 dns_resolver: # If not set, read from `/etc/resolv.conf` - 10.96.0.10 - 114.114.114.114 - 8.8.8.8 dns_resolver_valid: 30 # valid time for dns result 30 seconds resolver_timeout: 5 # resolver timeout ssl: enable: true enable_http2: true listen_port: 9443 ssl_protocols: "TLSv1.2 TLSv1.3" ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" key_encrypt_salt: "edd1c9f0985e76a2" # If not set, will save origin ssl key into etcd. # If set this, must be a string of length 16. And it will encrypt ssl key with AES-128-CBC # !!! So do not change it after saving your ssl, it can't decrypt the ssl keys have be saved if you change !! # discovery: eureka # service discovery center nginx_config: # config for render the template to genarate nginx.conf error_log: "logs/error.log" error_log_level: "warn" # warn,error worker_processes: auto worker_rlimit_nofile: 20480 # the number of files a worker process can open, should be larger than worker_connections worker_shutdown_timeout: 240s # timeout for a graceful shutdown of worker processes event: worker_connections: 10620 http: access_log: "logs/access.log" keepalive_timeout: 60s # timeout during which a keep-alive client connection will stay open on the server side. client_header_timeout: 60s # timeout for reading client request header, then 408 (Request Time-out) error is returned to the client client_body_timeout: 60s # timeout for reading client request body, then 408 (Request Time-out) error is returned to the client send_timeout: 10s # timeout for transmitting a response to the client.then the connection is closed underscores_in_headers: "on" # default enables the use of underscores in client request header fields real_ip_header: "X-Real-IP" # http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header real_ip_from: # http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from - 127.0.0.1 - 'unix:' #lua_shared_dicts: # add custom shared cache to nginx.conf # ipc_shared_dict: 100m # custom shared cache, format: `cache-key: cache-size` etcd: host: # it's possible to define multiple etcd hosts addresses of the same etcd cluster. - "http://etcd-cluster-client.liaotian.svc.cluster.local:2379"; # multiple etcd address prefix: "/apisix" # apisix configurations prefix timeout: 30 # 30 seconds # user: root # root username for etcd # password: 5tHkHhYkjr6cQY # root password for etcd #eureka: # host: # it's possible to define multiple eureka hosts addresses of the same eureka cluster. # - "http://127.0.0.1:8761"; # prefix: "/eureka/" # fetch_interval: 30 # default 30s # weight: 100 # default weight for node # timeout: # connect: 2000 # default 2000ms # send: 2000 # default 2000ms # read: 5000 # default 5000ms plugins: # plugin list - example-plugin - limit-req - limit-count - limit-conn - key-auth - basic-auth - prometheus - node-status - jwt-auth - zipkin - ip-restriction - grpc-transcode - serverless-pre-function - serverless-post-function - openid-connect - proxy-rewrite - redirect - response-rewrite - fault-injection - udp-logger - wolf-rbac - tcp-logger - kafka-logger - cors - consumer-restriction - syslog - batch-requests - http-logger - skywalking - echo - authz-keycloak - uri-blocker - request-validation - proxy-cache - proxy-mirror - request-id stream_plugins: - mqtt-proxy kind: ConfigMap metadata: name: apisix-gw-config.yaml namespace: liaotian --- apiVersion: v1 kind: Service metadata: name: apisix-gw-lb namespace: liaotian labels: app: apisix-gw # useful for service discovery, for example, prometheus-operator. spec: ports: - name: http port: 9080 protocol: TCP targetPort: 9080 nodePort: 9080 - name: https port: 9443 protocol: TCP targetPort: 9443 nodePort: 9443 # - name: admin-port # port: 9180 # protocol: TCP # targetPort: 9180 selector: app: apisix-gw type: NodePort externalTrafficPolicy: Local # sessionAffinity: None ~~~ ### Environment * apisix version (cmd: `apisix version`): apache/apisix:latest * OS: ubuntu18.04 Kubernetes v1.17.3 ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
