Kubernetes 如何将K8s服务同步到K8s和xFF1F之外的Consor群集;
从领事-k8s: 领事服务器集群可以在Kubernetes集群内运行,也可以在Kubernetes集群外运行。 领事服务器群集不需要与同步进程在同一台机器或同一平台上运行。 同步过程需要配置领事群集的地址以及任何其他访问信息,如ACL令牌。 我尝试同步的领事群集位于k8s群集之外,根据文档,我必须将地址传递给领事群集以进行同步处理。但是,用于安装同步处理的掌舵图不包含任何配置领事群集ip地址的值Kubernetes 如何将K8s服务同步到K8s和xFF1F之外的Consor群集;,kubernetes,kubernetes-helm,consul,Kubernetes,Kubernetes Helm,Consul,从领事-k8s: 领事服务器集群可以在Kubernetes集群内运行,也可以在Kubernetes集群外运行。 领事服务器群集不需要与同步进程在同一台机器或同一平台上运行。 同步过程需要配置领事群集的地址以及任何其他访问信息,如ACL令牌。 我尝试同步的领事群集位于k8s群集之外,根据文档,我必须将地址传递给领事群集以进行同步处理。但是,用于安装同步处理的掌舵图不包含任何配置领事群集ip地址的值 syncCatalog: # True if you want to enable the
syncCatalog:
# True if you want to enable the catalog sync. "-" for default.
enabled: false
image: null
default: true # true will sync by default, otherwise requires annotation
# toConsul and toK8S control whether syncing is enabled to Consul or K8S
# as a destination. If both of these are disabled, the sync will do nothing.
toConsul: true
toK8S: true
# k8sPrefix is the service prefix to prepend to services before registering
# with Kubernetes. For example "consul-" will register all services
# prepended with "consul-". (Consul -> Kubernetes sync)
k8sPrefix: null
# consulPrefix is the service prefix which preprends itself
# to Kubernetes services registered within Consul
# For example, "k8s-" will register all services peprended with "k8s-".
# (Kubernetes -> Consul sync)
consulPrefix: null
# k8sTag is an optional tag that is applied to all of the Kubernetes services
# that are synced into Consul. If nothing is set, defaults to "k8s".
# (Kubernetes -> Consul sync)
k8sTag: null
# syncClusterIPServices syncs services of the ClusterIP type, which may
# or may not be broadly accessible depending on your Kubernetes cluster.
# Set this to false to skip syncing ClusterIP services.
syncClusterIPServices: true
# nodePortSyncType configures the type of syncing that happens for NodePort
# services. The valid options are: ExternalOnly, InternalOnly, ExternalFirst.
# - ExternalOnly will only use a node's ExternalIP address for the sync
# - InternalOnly use's the node's InternalIP address
# - ExternalFirst will preferentially use the node's ExternalIP address, but
# if it doesn't exist, it will use the node's InternalIP address instead.
nodePortSyncType: ExternalFirst
# aclSyncToken refers to a Kubernetes secret that you have created that contains
# an ACL token for your Consul cluster which allows the sync process the correct
# permissions. This is only needed if ACLs are enabled on the Consul cluster.
aclSyncToken:
secretName: null
secretKey: null
# nodeSelector labels for syncCatalog pod assignment, formatted as a muli-line string.
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
# Example:
# nodeSelector: |
# beta.kubernetes.io/arch: amd64
nodeSelector: null
那么如何设置同步进程的领事群集ip地址呢?它看起来像是k8s主机上的同步服务
env:
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
无法直接配置,但helm可以通过()配置代理/客户端:
如果该值为null(默认值),则客户端将尝试自动加入Kubernetes中运行的服务器集群。这意味着当server.enabled设置为true时,客户端将自动加入该集群。如果server.enabled不是true,则必须指定一个值,以便客户端可以加入有效群集
此值作为选项传递给领事代理
我已经尝试过你的解决方案。安装helm chart后,k8s的服务被同步,领事代理注册到k8s外部的领事群集,但是使用的ip代理在k8s内部,因此领事服务器(k8s外部)和领事客户端(k8s内部)之间的健康检查失败,这一切怎么可能是正常的呢?客户端守护程序正在侦听,但我认为问题在于客户端播发了。我认为,如果要连接到集群外的服务器以公布主机ip,则需要使用一些逻辑更新helm图表。
status.hostIP
针对守护程序公开
command:
- consul-k8s sync-catalog \
-http-addr=${HOST_IP}:8500
client:
enabled: true
join:
- consul1
- consul2
- consul3
syncCatalog:
enabled: true