Kubernetes - Ingress / Service / LB.
[英]Kubernetes - Ingress / Service / LB
问题描述
I am new to K8s and this is my first time trying to get to grips with it. 
我是K8s的新手,这是我第一次尝试掌握它。 I am trying to set up a basic Nodejs Express API using this deployment.yml: 我正在尝试使用此deployment.yml设置基本的Nodejs Express API:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: api
spec:
replicas: 1
template:
metadata:
labels:
app: api
spec:
containers:
- image: registry.gitlab.com/<project>/<app>:<TAG>
imagePullPolicy: Always
name: api
env:
- name: PORT
value: "8080"
ports:
- containerPort: 8080
hostPort: 80
livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 30
timeoutSeconds: 1
readinessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 30
timeoutSeconds: 1
imagePullSecrets:
- name: registry.gitlab.com
Which is being deployed via gitlab-ci. 这是通过gitlab-ci部署的。 This is working and I have set up a service to expose it: 这是有效的,我已经设置了一个服务来公开它:
apiVersion: v1
kind: Service
metadata:
name: api-svc
labels:
app: api-svc
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
selector:
app: api
type: LoadBalancer
But I have been looking into ingress to have a single point of entry for possibly multiple services. 但我一直在寻找入口,可能有多个服务的单一入口点。 I have been reading through Kubernetes guides and I read through this Kubernetes Ingress Example and this is the ingress.yml I created: 我一直在阅读Kubernetes指南,我通读了这个Kubernetes Ingress示例 ,这是我创建的ingress.yml:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress
spec:
backend:
serviceName: api-svc
servicePort: 80
But this did not work, when I visited the external IP address that was generated from the ingress and I just 502 error pages. 但是当我访问从入口生成的外部IP地址时,这不起作用,我只有502个错误页面。
Could anyone point me in the right direction, what am I doing wrong or what am I missing? 任何人都可以指出我正确的方向,我做错了什么或我错过了什么? I see that in the example link above that there is an nginx-rc.yml which I deployed exactly like in the example and that was created but still got nothing from the endpoint. 我看到在上面的示例链接中有一个nginx-rc.yml,我在部署时完全像在示例中那样创建但是仍然没有从端点获得任何内容。 The API was accessible from the Service external IP though.. API可从服务外部IP访问,但..
Many Thanks 非常感谢
3 个解决方案
解决方案1
1 2017-01-13 12:11:42
I have looked into it again and think I figured it out. 我再次调查它,并认为我弄清楚了。
In order for Ingress to work on GCE you need to define your backend service das a NodePort not as ClusterIP or LoadBalancer. 为了使Ingress能够在GCE上工作,您需要将NodePort后端服务定义为ClusterIP或LoadBalancer。
Also you need to make sure the http health check to / works (you'll see the Google L7 Loadbalancer hitting your service quite a lot on that url) and then it's available. 此外,您需要确保http运行状况检查/工作(您将看到Google L7 Loadbalancer在该网址上大量点击您的服务)然后它可用。
解决方案2
1 已采纳 2017-01-13 12:35:08
Thought I would post my working deployment/service/ingress 以为我会发布我的工作部署/服务/入口
So after much effort in getting this working, here is what I used to get it working: 因此,经过努力才能实现这一目标,以下是我以前的工作方式:
Deployment 部署
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: backend-api-v2
spec:
replicas: 2
template:
metadata:
labels:
app: backend-api-v2
spec:
containers:
- image: registry.gitlab.com/<project>/<app>:<TAG>
imagePullPolicy: Always
name: backend-api-v2
env:
- name: PORT
value: "8080"
ports:
- containerPort: 8080
livenessProbe:
httpGet:
# Path to probe; should be cheap, but representative of typical behavior
path: /healthz
port: 8080
initialDelaySeconds: 30
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 30
timeoutSeconds: 5
imagePullSecrets:
- name: registry.gitlab.com
Service 服务
apiVersion: v1
kind: Service
metadata:
name: api-svc-v2
labels:
app: api-svc-v2
spec:
type: NodePort
ports:
- port: 80
targetPort: 8080
nodePort: 31810
protocol: TCP
name: http
selector:
app: backend-api-v2
Ingress 入口
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: app-ingress
spec:
rules:
- host: api.foo.com
http:
paths:
- path: /v1/*
backend:
serviceName: api-svc
servicePort: 80
- path: /v2/*
backend:
serviceName: api-svc-v2
servicePort: 80
The important bits to notice as @Tigraine pointed out is the service is using type: NodePort and not LoadBalancer , I have also defined a nodePort but I believe it will create one if you leave it out. 要注意的重要事项是@Tigraine指出的是服务使用type: NodePort而不是LoadBalancer ,我还定义了一个nodePort,但我相信如果你把它留出来它会创建一个。
It will use the default-http-backend for any routes that don't match the rules this is a default container that GKE runs in the kube-system namespace. 对于与规则不匹配的任何路由,它将使用default-http-backend这是GKE在kube-system命名空间中运行的默认容器。 So if I visited http://api.foo.com/bob I get the default response of default backend - 404 . 因此,如果我访问了http://api.foo.com/bob我会收到default backend - 404的默认响应default backend - 404 。
Hope this helps 希望这可以帮助
解决方案3
0 2017-01-11 02:35:51
Looks like you're exposing your service to port 80 but your container is exposing 8080 so any request to the service is going to fail. 看起来您将服务暴露给端口80但您的容器暴露8080因此对服务的任何请求都将失败。
Also, have a look at the sample ingress resource ( https://github.com/nginxinc/kubernetes-ingress/blob/master/examples/complete-example/cafe-ingress.yaml ), you need to also define which hosts / paths route when the ingress controller is hit. 另外,看一下示例入口资源( https://github.com/nginxinc/kubernetes-ingress/blob/master/examples/complete-example/cafe-ingress.yaml ),您还需要定义哪些主机/命中入口控制器时路径路由。 (ie example.foo.com --> api-svc) (即example.foo.com - > api-svc)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.