堆栈内存溢出
  简体   繁体   English

Kubernetes本地Ingress流量策略本地

[英]Kubernetes on-premise Ingress traffic policy local

 原文  2019-08-17 21:40:54       networking/ service/ kubernetes/ nginx-ingress

问题描述

Kubernetes installed on premise, nginx-ingress 安装在本地的Kubernetes,nginx入口

a service with multiple pods on multiple nodes All this nodes are working as an nginx ingress. 在多个节点上具有多个pod的服务所有这些节点都作为nginx入口工作。

The problem is when a request come from a load balancer can jump to another worker that have a pod, this cause unecesary trafic inside the workers network, I want to force when a request come from outside to the ingress, the ingress always choice pods on the same node, in case no pods then can forward to other nodes. 问题是,当来自负载均衡器的请求可以跳到另一个具有pod的工作程序时,这会导致在工作程序网络内部产生不必要的流量,我想强制当请求来自外部到入口时,入口始终选择Pod同一节点,以防没有Pod可以转发到其他节点。

More or less this image represent my case. 这个图像或多或少代表了我的情况。 example

I have the problem in the blue case, what I expect is the red case. 我在蓝色情况下有问题,我期望是红色情况。

I saw exist the "externalTrafficPolicy: Local" but this only work for serviceType nodePort/loadBalancer, nginx ingress try to connect using the "clusterIP" so it skips this functionality. 我看到存在“ externalTrafficPolicy:本地”,但这仅适用于serviceType nodePort / loadBalancer,nginx入口尝试使用“ clusterIP”进行连接,因此跳过了此功能。 There are a way to have this feature working for clusterIP or something similar? 有一种方法可以使此功能适用于clusterIP或类似的东西? I started to read about istio and linkerd, they seem so powerful but I don't see any parameter to configure this workflow. 我开始阅读有关istio和linkerd的文章,它们看起来是如此强大,但是我看不到任何参数可以配置此工作流程。

1 个解决方案

解决方案1
 1  2019-08-18 19:45:56

You have to deploy an Ingress Controller using a NodeSelector to deploy it to specific nodes, named ingress or whatever you want: so you can proceed to create an LB on these node IPs using simple health-checking on port 80 and 443 (just to update the zone in case of node failure) or, even better, with a custom health-check endpoint. 您必须使用NodeSelector部署Ingress Controller才能将其部署到名为ingress或所需的特定节点的特定节点:因此,您可以使用端口80和443上的简单运行状况检查在这些节点IP上继续创建LB(仅用于更新)区域,以防出现节点故障),或者更好的是使用自定义的运行状况检查端点。

As you said, the externalTrafficPolicy=Local works only for Load-Balancer services: dealing with on-prem clusters is tough :) 如您所说, externalTrafficPolicy=Local仅适用于负载均衡服务:处理externalTrafficPolicy=Local群集很困难:)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如果使用本地流量策略,Kubernetes负载均衡器将停止提供流量 - Kubernetes loadbalancer stops serving traffic if using local traffic policy Kubernetes 网络策略停止所有到 Pod 的流量 - Kubernetes Network Policy stops all traffic to Pod 将 EKS(AWS kubernetes)上 JHub 的入口流量列入白名单的好方法? - Good way to whitelist ingress traffic for JHub on EKS (AWS kubernetes)? 使用 Traefik Ingress Controller 将流量路由到外部 Kubernetes - Routing traffic to outside Kubernetes using Traefik Ingress Controller 将本地 BeyondTrust 路由到 Azure 云 - Routing on-premise BeyondTrust to Azure cloud 从本地访问 Azure 私有端点 - Access Azure Private Endpoint from on-premise 您如何同步本地和 AWS 云中的 DNS 服务器? - How did you sync DNS servers in on-premise and AWS Cloud? 从 Azure 分支 vnet 访问本地网络 - Access on-premise network from Azure spoke vnet 尝试使用本地代理类型连接到 SSH 服务器? - Trying to connect to an SSH server with on-premise proxy type? 为什么 pod 无法连接到 on-premise.network - Why a pod can't connect to on-premise network
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM