Docker

配置 Kubernetes 入口

  • July 20, 2020

我正在嘗試將 Google Kubernetes Engine Ingress 正確配置為在埠 3000 上執行的負載平衡 Docker 應用程序。我顯然在某個地方犯了一個明顯的錯誤,但我不知道在哪裡。Ingress 總是說機器不健康,但我能夠驗證 Web 應用程序正在執行並在 0.0.0.0:3000 上偵聽。

除了所述問題之外,我的配置中的任何其他明確的陷阱也值得讚賞。

目前設置如下所示:

部署.yml

apiVersion: apps/v1
kind: Deployment
metadata:
 name: web
spec:
 replicas: 1
 selector:
   matchLabels:
     app: web
 strategy:
   rollingUpdate:
     maxSurge: 1
     maxUnavailable: 1
 minReadySeconds: 5
 template:
   metadata:
     labels:
       app: web
   spec:
     containers:
     - name: cloud-sql-proxy
       image: gcr.io/cloudsql-docker/gce-proxy:1.17
       command:
         - "/cloud_sql_proxy"
         - "-ip_address_types=PRIVATE"
         - "-instances=project:us-central1:postgres=tcp:5432"
       securityContext:
         runAsNonRoot: true
     - name: web
       image: gcr.io/PROJECT_ID/IMAGE:TAG
       ports:
       - containerPort: 3000
       env:
       - name: MASTER_KEY
         valueFrom:
           secretKeyRef:
             name: masterkey
             key: MASTER_KEY
       resources:
         requests:
           cpu: 100m
         limits:
           cpu: 100m

網路服務.yml

apiVersion: v1
kind: Service
metadata:
 name: web-service
spec:
 selector:
   app: web
 type: NodePort
 ports:
   - port: 3000
     targetPort: 443
     protocol: TCP
     name: https

網路入口.yml

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
 name: web-ingress
 annotations:
   kubernetes.io/ingress.global-static-ip-name: staging-cluster
   networking.gke.io/managed-certificates: cloudflare-origin
spec:
 rules:
 - host: staging.mydomain.com
   http:
     paths:
     - backend:
       serviceName: web-service
       servicePort: 443

cloudflare-origin.yml *

apiVersion: networking.gke.io/v1beta2
kind: ManagedCertificate
metadata:
 name: cloudflare-origin
spec:
 domains:
   - staging.mydomain.com

計算地址.yml

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
 name: staging-cluster
spec:
 location: global

定制化.yml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- gke/deployment.yml
- gke/config-connector.yml
- gke/compute-address.yml
- gke/cloudflare-origin.yml
- gke/web-service.yml
- gke/web-ingress.yml

在您的入口資源中,您使用的是服務埠:443,但在您的服務定義中,您有埠:3000。

您需要按以下方式修復您的服務:

apiVersion: v1
kind: Service
metadata:
 name: web-service
spec:
 selector:
   app: web
 type: NodePort
 ports:
   - port: 443
     targetPort: 3000
     protocol: TCP
     name: https

引用自:https://serverfault.com/questions/1026035