Google cloud platform 在GKE上使用NGINX入口控制器的陌生度
为了在GKE上公开我们的应用程序,我们一直在使用“gce”入口,它利用谷歌L7负载平衡器。出于各种原因,我们希望切换到TCP负载平衡器公开的Nginx控制器。设置正在运行,但存在一些奇怪的瑕疵Google cloud platform 在GKE上使用NGINX入口控制器的陌生度,google-cloud-platform,google-kubernetes-engine,kubernetes-ingress,kubernetes,Google Cloud Platform,Google Kubernetes Engine,Kubernetes Ingress,Kubernetes,为了在GKE上公开我们的应用程序,我们一直在使用“gce”入口,它利用谷歌L7负载平衡器。出于各种原因,我们希望切换到TCP负载平衡器公开的Nginx控制器。设置正在运行,但存在一些奇怪的瑕疵 $ kubectl get service ingress-nginx-static -n ingress-nginx -o yaml apiVersion: v1 kind: Service metadata: creationTimestamp: 2018-03-23T15:08:39Z la
$ kubectl get service ingress-nginx-static -n ingress-nginx -o yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: 2018-03-23T15:08:39Z
labels:
app: ingress-nginx
name: ingress-nginx-static
namespace: ingress-nginx
resourceVersion: "101258"
selfLink: /api/v1/namespaces/ingress-nginx/services/ingress-nginx-static
uid: 110cf622-2eac-11e8-a8e3-42010a84011f
spec:
clusterIP: 10.51.247.47
externalTrafficPolicy: Local
healthCheckNodePort: 32689
loadBalancerIP: 99.99.99.99
ports:
- name: http
nodePort: 32296
port: 80
protocol: TCP
targetPort: http
- name: https
nodePort: 31228
port: 443
protocol: TCP
targetPort: https
selector:
app: ingress-nginx
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer:
ingress:
- ip: 99.99.99.99
$ kubectl get ing -n staging-application -o yaml
apiVersion: v1
items:
- apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
creationTimestamp: 2018-03-23T15:15:56Z
generation: 1
name: staging-ingress
namespace: staging-platform
resourceVersion: "101788"
selfLink: /apis/extensions/v1beta1/namespaces/staging-platform/ingresses/staging-ingress
uid: 15b0f0f5-2ead-11e8-a8e3-42010a84011f
spec:
rules:
- host: staging-application.foo.com
http:
paths:
- backend:
serviceName: staging-application
servicePort: 80
path: /
tls:
- hosts:
- staging-application.foo.com
secretName: wildcard-certificate
status:
loadBalancer:
ingress:
- ip: 35.189.220.150
- ip: 35.195.151.243
- ip: 35.195.156.166
kind: List
metadata:
resourceVersion: ""
selfLink: ""
$ gcloud compute forwarding-rules describe bertram-cluster --region europe-west1
IPAddress: 35.195.104.202
IPProtocol: TCP
creationTimestamp: '2018-03-22T14:01:09.768-07:00'
description: ''
id: '2098255211810891642'
kind: compute#forwardingRule
loadBalancingScheme: EXTERNAL
name: bertram-cluster
portRange: 80-443
region: https://www.googleapis.com/compute/v1/projects/sonorous-cacao-185213/regions/europe-west1
selfLink: https://www.googleapis.com/compute/v1/projects/sonorous-cacao-185213/regions/europe-west1/forwardingRules/bertram-cluster
target: https://www.googleapis.com/compute/v1/projects/sonorous-cacao-185213/regions/europe-west1/targetPools/a91e005bd2e1311e8a8e342010a84011
$ gcloud compute firewall-rules describe k8s-a91e005bd2e1311e8a8e342010a84011-http-hc
allowed:
- IPProtocol: tcp
ports:
- '30008'
creationTimestamp: '2018-03-22T13:57:18.452-07:00'
description: '{"kubernetes.io/service-name":"ingress-nginx/ingress-nginx", "kubernetes.io/service-ip":"104.199.14.53"}'
direction: INGRESS
id: '7902205773442819649'
kind: compute#firewall
name: k8s-a91e005bd2e1311e8a8e342010a84011-http-hc
network: https://www.googleapis.com/compute/v1/projects/sonorous-cacao-185213/global/networks/default
priority: 1000
selfLink: https://www.googleapis.com/compute/v1/projects/sonorous-cacao-185213/global/firewalls/k8s-a91e005bd2e1311e8a8e342010a84011-http-hc
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
- 209.85.152.0/22
- 209.85.204.0/22
targetTags:
- gke-cluster-bertram-2fdf26f5-node
我觉得这很奇怪。这是预期的行为吗?我做错什么了吗 看起来您可能需要向入口控制器添加--publish服务标志。在nginx入口控制器部署中,添加一个参数,将入口控制器的pod名称空间和pod名称传递给该参数 例如:
args:
- --publish-service=ingress-nginx/ingress-nginx