为了在GKE上公开我们的应用,我们一直在使用利用谷歌L7负载均衡器的“gce”进站 . 由于各种原因,我们希望切换到TCP负载 balancer 器公开的Nginx控制器 . 设置正常,但有一些奇怪的工件 .
$ kubectl get service ingress-nginx-static -n ingress-nginx -o yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: 2018-03-23T15:08:39Z
labels:
app: ingress-nginx
name: ingress-nginx-static
namespace: ingress-nginx
resourceVersion: "101258"
selfLink: /api/v1/namespaces/ingress-nginx/services/ingress-nginx-static
uid: 110cf622-2eac-11e8-a8e3-42010a84011f
spec:
clusterIP: 10.51.247.47
externalTrafficPolicy: Local
healthCheckNodePort: 32689
loadBalancerIP: 99.99.99.99
ports:
- name: http
nodePort: 32296
port: 80
protocol: TCP
targetPort: http
- name: https
nodePort: 31228
port: 443
protocol: TCP
targetPort: https
selector:
app: ingress-nginx
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
- ip: 99.99.99.99
我们在群集上配置了许多入口,这些入口都可以从上面描述的99.99.99.99 ip地址获得 .
$ kubectl get ing -n staging-application -o yaml
apiVersion: v1
items:
- apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
creationTimestamp: 2018-03-23T15:15:56Z
generation: 1
name: staging-ingress
namespace: staging-platform
resourceVersion: "101788"
selfLink: /apis/extensions/v1beta1/namespaces/staging-platform/ingresses/staging-ingress
uid: 15b0f0f5-2ead-11e8-a8e3-42010a84011f
spec:
rules:
- host: staging-application.foo.com
http:
paths:
- backend:
serviceName: staging-application
servicePort: 80
path: /
tls:
- hosts:
- staging-application.foo.com
secretName: wildcard-certificate
status:
loadBalancer:
ingress:
- ip: 35.189.220.150
- ip: 35.195.151.243
- ip: 35.195.156.166
kind: List
metadata:
resourceVersion: ""
selfLink: ""
虽然设置工作正常但令我困惑的是spec.status.loadBalancer.ingress ips在那里 . 这些是群集的外部IP地址 . 我在这里错误配置了什么吗?似乎已创建TCP负载均衡器以响应yaml中描述的此loadBalancer对象 . 我担心在谷歌 Cloud 中形成“负载均衡器”的对象会让我感到困惑 . 这是一些似乎相关的输出 .
$ gcloud compute forwarding-rules describe bertram-cluster --region europe-west1
IPAddress: 35.195.104.202
IPProtocol: TCP
creationTimestamp: '2018-03-22T14:01:09.768-07:00'
description: ''
id: '2098255211810891642'
kind: compute#forwardingRule
loadBalancingScheme: EXTERNAL
name: bertram-cluster
portRange: 80-443
region: https://www.googleapis.com/compute/v1/projects/sonorous-cacao-185213/regions/europe-west1
selfLink: https://www.googleapis.com/compute/v1/projects/sonorous-cacao-185213/regions/europe-west1/forwardingRules/bertram-cluster
target: https://www.googleapis.com/compute/v1/projects/sonorous-cacao-185213/regions/europe-west1/targetPools/a91e005bd2e1311e8a8e342010a84011
$ gcloud compute firewall-rules describe k8s-a91e005bd2e1311e8a8e342010a84011-http-hc
allowed:
- IPProtocol: tcp
ports:
- '30008'
creationTimestamp: '2018-03-22T13:57:18.452-07:00'
description: '{"kubernetes.io/service-name":"ingress-nginx/ingress-nginx", "kubernetes.io/service-ip":"104.199.14.53"}'
direction: INGRESS
id: '7902205773442819649'
kind: compute#firewall
name: k8s-a91e005bd2e1311e8a8e342010a84011-http-hc
network: https://www.googleapis.com/compute/v1/projects/sonorous-cacao-185213/global/networks/default
priority: 1000
selfLink: https://www.googleapis.com/compute/v1/projects/sonorous-cacao-185213/global/firewalls/k8s-a91e005bd2e1311e8a8e342010a84011-http-hc
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
- 209.85.152.0/22
- 209.85.204.0/22
targetTags:
- gke-cluster-bertram-2fdf26f5-node
这对我来说似乎很奇怪 . 这是预期的行为吗?难道我做错了什么?
1 回答
看起来您可能需要将--publish-service标志添加到入口控制器 . 在nginx-ingress控制器部署中,添加一个参数以将入口控制器的pod名称空间和pod名称传递给它 .
例如:
这将将入口控制器服务的IP发布到入口数据 .
有关详细信息,请参阅:https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/static-ip/README.md#acquiring-an-ip