Google cloud platform 使用GCP网络端点组进行容器本机负载平衡的不健康后端
我们正在测试谷歌的新功能。我们成功地遵循了这一点,并试图将其推广到GKE上的三个服务中 就我所知,NEG特性和传统GCLB ingress对象之间的唯一区别是每个服务中的注释,因此URL映射应该是相同的 我们已经更新了所有服务以使用此注释,但三分之二的服务不健康,而一个被认为健康。服务YAML中唯一的区别是名称和选择器 所有的部署都有运行状况检查,当我们手动检查时都是正常的,但是LB说后端不健康 我们错过了什么Google cloud platform 使用GCP网络端点组进行容器本机负载平衡的不健康后端,google-cloud-platform,google-kubernetes-engine,gke-networking,Google Cloud Platform,Google Kubernetes Engine,Gke Networking,我们正在测试谷歌的新功能。我们成功地遵循了这一点,并试图将其推广到GKE上的三个服务中 就我所知,NEG特性和传统GCLB ingress对象之间的唯一区别是每个服务中的注释,因此URL映射应该是相同的 我们已经更新了所有服务以使用此注释,但三分之二的服务不健康,而一个被认为健康。服务YAML中唯一的区别是名称和选择器 所有的部署都有运行状况检查,当我们手动检查时都是正常的,但是LB说后端不健康 我们错过了什么 ingres.yaml apiVersion: extensions/v1beta1
ingres.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: fanout-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: "neg-ip"
spec:
backend:
serviceName: frontend-svc
servicePort: 8080
rules:
- host: testneg.test.com
http:
paths:
- path: /*
backend:
serviceName: frontend-svc # Healthy service
servicePort: 8080
- path: /backend/*
backend:
serviceName: backend-svc # Unhealthy service
servicePort: 8080
- path: /notifications/*
backend:
serviceName: notifications-svc # Unhealthy service
servicePort: 8080
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: backend
spec:
replicas: 1
minReadySeconds: 60
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
spec:
containers:
image: us.gcr.io/<OUR_DJANGO_IMAGE>
imagePullPolicy: Always
name: backend
ports:
- containerPort: 8080
protocol: TCP
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
readinessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 3
livenessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 3
terminationGracePeriodSeconds: 60
--
前端svc.yaml
-除了名称和选择器之外,后端/通知是相同的
apiVersion: v1
kind: Service
metadata:
name: frontend-svc
annotations:
cloud.google.com/neg: '{"ingress": true}' # Creates an NEG after an Ingress is created
spec:
selector:
app: frontend
ports:
- port: 8080
protocol: TCP
targetPort: 8080
--
后端部署.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: fanout-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: "neg-ip"
spec:
backend:
serviceName: frontend-svc
servicePort: 8080
rules:
- host: testneg.test.com
http:
paths:
- path: /*
backend:
serviceName: frontend-svc # Healthy service
servicePort: 8080
- path: /backend/*
backend:
serviceName: backend-svc # Unhealthy service
servicePort: 8080
- path: /notifications/*
backend:
serviceName: notifications-svc # Unhealthy service
servicePort: 8080
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: backend
spec:
replicas: 1
minReadySeconds: 60
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
spec:
containers:
image: us.gcr.io/<OUR_DJANGO_IMAGE>
imagePullPolicy: Always
name: backend
ports:
- containerPort: 8080
protocol: TCP
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
readinessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 3
livenessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 3
terminationGracePeriodSeconds: 60
apiVersion:extensions/v1beta1
种类:部署
元数据:
名称:后端
规格:
副本:1份
分钟秒:60
战略:
滚动更新:
最大涌浪:1
马克斯:1
类型:RollingUpdate
模板:
规格:
容器:
图片:us.gcr.io/
imagePullPolicy:始终
名称:后端
端口:
-集装箱港口:8080
协议:TCP
terminationMessagePath:/dev/终止日志
terminationMessagePolicy:文件
readinessProbe:
tcpSocket:
端口:8080
初始延迟秒数:60
秒:30
timeoutSeconds:3
livenessProbe:
tcpSocket:
端口:8080
初始延迟秒数:60
秒:30
timeoutSeconds:3
终止时间:60秒
您的入口yaml文件显示不同的服务
- path: /*
backend:
serviceName: frontend-svc # Healthy service
servicePort: 8080
- path: /backend/*
backend:
serviceName: backend-svc # Unhealthy service
servicePort: 8080
- path: /notifications/*
backend:
serviceName: notifications-svc # Unhealthy service
servicePort: 8080
您的frontend-svc.yaml有一个不同的服务名称“li frontend svc”,它不在您的入口中
入口中的Spec.Backend.serviceName应与服务名称匹配,不健康的后端服务是必需的
上次编辑:
在您的入口中,您指定了两次服务前端svc,您应该使用入口规范,如下规范所示:
spec:
rules:
- http:
paths:
- backend:
serviceName: first-service # Name of the Service targeted by the Ingress
servicePort: 8080 # Should match the port used by the Service
path: <first-service-path>/*
- backend:
serviceName: second-service # Name of the Service targeted by the Ingress
servicePort: 8080 # Should match the port used by the Service
path: <second-service-path>/*
- backend:
serviceName: third-service # Name of the Service targeted by the Ingress
servicePort: 8080 # Should match the port used by the Service
path: <third-service-path>/*
-- -- --
谢谢你指出这一点——只是stackoverflow上的一个错误,我已经纠正了。它们确实匹配,因为前端服务是唯一返回健康状态的服务。您可以检查我的答案。我已相应地修改了答案,请确保至少留出15分钟时间创建入口。我第一次指定前端svc时,将声明默认后端。如果没有它,LB将创建一个新的后端,该后端不会路由到任何服务。尽管如此,我还是厌倦了你的建议,等了20分钟,同样的两项服务被认为是不健康的,尽管GKE准备就绪和活力调查显示并非如此。我应该注意到,如果没有NEG特性,原始的ingres.yaml文件工作得非常好。我认为这很可能是GCE loadbalancer和NEG的一个bug。你好,Mike@,我成功创建了一个NEG集群,其中2个服务运行在ingress上。我可以修改我的答案,添加我使用的yaml文件,让我知道谢谢@alioua-不过,我们的yaml之间几乎没有区别。唯一的区别是,我的部署指定了containerPort上的就绪性和活动性检查。否则,服务+入口是相同的,仍然存在相同的问题。
apiVersion: v1
kind: Service
metadata:
name: neg-hello-1 # Name of Service
annotations:
cloud.google.com/neg: '{"ingress": true}' # Creates an NEG after an Ingress is created
spec: # Service's specification
selector:
run: neg-hello-1 # Selects Pods labelled run: neg-hello-1
ports:
- port: 80 # Service's port
protocol: TCP
targetPort: 8080
apiVersion: v1
kind: Service
metadata:
name: neg-hello-2 # Name of Service
annotations:
cloud.google.com/neg: '{"ingress": true}' # Creates an NEG after an Ingress is created
spec: # Service's specification
selector:
run: neg-hello-2 # Selects Pods labelled run: neg-hello-2
ports:
- port: 80 # Service's port
protocol: TCP
targetPort: 8080
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: neg-ingress
spec:
rules:
- http:
paths:
- backend:
serviceName: neg-hello-1 # Name of the Service targeted by the Ingress
servicePort: 80 # Should match the port used by the Service
path: /*
- backend:
serviceName: neg-hello-2 # Name of the Service targeted by the Ingress
servicePort: 80 # Should match the port used by the Service
path: /v2/*