使用带有 Kubernetes 服务的谷歌云中的外部 IP 将其公开到互联网
[英]Use External IP in Google cloud with Kubernetes service to expose it to the internet
问题描述
I have a phpmyadmin service running on kubernetes cluster.
我有一个 phpmyadmin 服务在 kubernetes 集群上运行。 I want to reserve an External IP (static) on google cloud to use with this service so that it could be reachable from the internet.我想在谷歌云上保留一个外部 IP(静态)以与此服务一起使用,以便可以从 Internet 访问它。 I have tried reserving an IP address on GCP and used it in the kubernetes service file as below:我尝试在 GCP 上保留 IP 地址并在 kubernetes 服务文件中使用它,如下所示:
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: /snap/kompose/19/kompose-linux-amd64 convert
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: phpmyadmin
name: phpmyadmin
spec:
externalIPs: [xx.xxx.xxx.xxx] #the external IP from Google cloud
ports:
- name: "8080"
port: 8080
targetPort: 80
selector:
io.kompose.service: phpmyadmin
status:
loadBalancer: {}
When I specify the spec.type: LoadBalancer then the service is accessible from the internet with the default IP address that is generated from the type: LoadBalancer .当我指定spec.type: LoadBalancer ,可以使用从type: LoadBalancer生成的默认 IP 地址从 Internet 访问该服务type: LoadBalancer 。
I tried to change firewall rules for the External IP address by allowing Ingress on port 8080, but that did not work.我试图通过允许端口 8080 上的 Ingress 来更改外部 IP 地址的防火墙规则,但这不起作用。
2 个解决方案
解决方案1
1 2021-10-25 16:15:28
Instead of setting the exteranlIPs , you should set the spec.loadBalancerIP with the spec.type being of LoadBalancer value:而不是设置exteranlIPs ,您应该设置spec.loadBalancerIP ,其中spec.type为LoadBalancer值:
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: /snap/kompose/19/kompose-linux-amd64 convert
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: phpmyadmin
name: phpmyadmin
spec:
ports:
- name: "8080"
port: 8080
targetPort: 80
selector:
io.kompose.service: phpmyadmin
type: LoadBalancer
loadBalancerIP: "YOUR_IP_ADDRESS"
status:
loadBalancer: {}
Note that exposing your Pods through an external static IP only supports regional load balanced traffic hence your reserved static IP address needs to be regional. 请注意,通过外部静态 IP 公开您的 Pod 仅支持区域负载平衡流量,因此您保留的静态 IP 地址需要是区域性的。
For a global IP address, you need to expose a HTTP(s) Load Balancer through an Ingress object.对于全局 IP 地址,您需要通过Ingress对象公开HTTP(s) 负载均衡器。
解决方案2
0 2021-10-25 14:29:55
Firewall rules are applied at the Instance level.防火墙规则在实例级别应用。 they cannot prevent traffic from reaching the Load Balancer itself.它们无法阻止流量到达负载均衡器本身。
Reference : https://cloud.google.com/load-balancing/docs/https/#firewall_rules参考: https : //cloud.google.com/load-balancing/docs/https/#firewall_rules
Your GKE LB service might be crating the HTTP Load balancer by default maybe you can checkout the NLB Load balancer : https://cloud.google.com/load-balancing/docs/choosing-load-balancer#summary-of-google-cloud-load-balancers默认情况下,您的 GKE LB 服务可能正在创建HTTP负载均衡器,也许您可以查看NLB 负载均衡器: https : //cloud.google.com/load-balancing/docs/choosing-load-balancer#summary-of-google-云负载均衡器
All port : https://cloud.google.com/kubernetes-engine/docs/how-to/service-parameters#all_ports所有端口: https : //cloud.google.com/kubernetes-engine/docs/how-to/service-parameters#all_ports
apiVersion: v1
kind: Service
metadata:
name: helloworld
labels:
app: helloworld
annotations:
cloud.google.com/neg: '{"exposed_ports": {"8080":{}}}'
spec:
ports:
- name: 8080-8080
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: helloworld
# Use LoadBalancer type instead of ClusterIP
type: LoadBalancer
Example : https://spring-gcp.saturnism.me/deployment/kubernetes/load-balancing/external-load-balancing示例: https : //spring-gcp.saturnism.me/deployment/kubernetes/load-balancing/external-load-balancing
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.