服务容器化踩坑-蒲公英云

服务容器化踩坑

- 日理万妓 2023-01-23 14:52 254阅读 0赞

upstream connect error or disconnect/reset before headers. reset reason: connection failure
通过istio访问容器内服务:
https://test-practice.xiaohoucode.com/api/practice/platform/project/X1
503
upstream connect error or disconnect/reset before headers. reset reason: connection failure
说明：istio中vs对应的虚拟机服务ok，但是容器服务有问题
k8s中的practice对应svc 集群ip是 172.21.1.251,端口80
容器内curl 172.21.1.251:80的时候，也会有上面的提示：upstream connect error or disconnect/reset
原因与解决：
容器内服务实际使用端口和service的target端口不一致，报上面的错误。修改了k8s中service的targetPort和port之后解决该问题

upstream connect error or disconnect/reset before headers. reset reason: local reset
调用channel服务报错：
https://test.xiaohoucode.com/api/practice/platform/exercise/startCppJudge?exerciseId=017a325984d400163e0b68d600a40001
提示 500 error，估计是网络问题

错误内容：upstream connect error or disconnect/reset before headers. reset reason: local reset
解决：启动错误，设置的rpc服务ip错误，修改后解决该问题
http://172.16.1.155:8085/api/editor/judge/process/17aa8eb17f7036bae8af15030006f001?type=0

项目通过nginx直接访问：
404
原因：
https://test.xiaohoucode.com/api/practice/platform/project/getLabelInfo
没有在nginx中修改如下配置：
proxy_set_header Host $http_host; #这个含义是请求的host的多少，反向代理的时候host就是多少，
但是在test-practice.xiaohoucode.com对应的virtualService对应的host是test-practice.xiaohoucode.com，
所以如果继续使用test.xiaohoucode.com去匹配就会匹配不到对应的virtualService,如：

    location /api/practice/platform/ \{  
        proxy\_read\_timeout      3600;  
        proxy\_connect\_timeout   300;  
        proxy\_http\_version 1.1;  
        \#proxy\_set\_header Host $http\_host;  
        proxy\_set\_header Host "test-practice.xiaohoucode.com";  
        proxy\_set\_header X-Real-IP $remote\_addr;  
        proxy\_set\_header X-Forwarded-For $proxy\_add\_x\_forwarded\_for;  
        proxy\_set\_header X-Forwarded-Proto http;  
        proxy\_set\_header Upgrade $http\_upgrade;  
        proxy\_set\_header Connection "upgrade";  
        if ($AB\_TEST\_STARTED = "11") \{  
            return 307 https://test-practice.xiaohoucode.com$request\_uri;  
        \}  
        \#proxy\_pass http://10.158.224.130:8083/api/practice/platform/;  
        proxy\_pass https://test-practice.xiaohoucode.com/api/practice/platform/;  
    \}

nas读取问题
打到容器中的服务报错：
nas代码读取失败，请稍等再试，或联系相关管理员
解决：在details中添加云存储声明nas即可，完成

judge报错：
judge容器启动需要特权模式（—privileged）。

否则会出现评测出错：

{
“stdout”: “”,
“stderr”: “Q2Fubm90IHJ1biBwcm94eSwgY2xvbmUgZmFpbGVkOiBPcGVyYXRpb24gbm90IHBlcm1pdHRlZAo=”,
“compile_output”: null,
“time”: null,
“memory”: null,
“message”: “Cannot run proxy, clone failed: Operation not permitted”,
“status”: {
“id”: 13,
“description”: “沙箱内部错误”
},
“judgeId”: “17aa93e62bb036bae8af1503001bf001”,
“checkPointType”: 0,
“stdinPath”: “/nas/test/editor/chkpnt/python/cpp2940233206329852823/02.in”,
“expectedOutputPath”: “/nas/test/editor/chkpnt/python/cpp2940233206329852823/02.out”,
“isPreJudge”: null,
“index”: 3
}
k8s怎么对容器内项目设置特权模式
securityContext:
privileged: true
procMount: Default