Google cloud CDN, storage and container engine issue with backend-service
Question
I have a specific use case that I can not seem to solve.
A typical gcloud setup:
A K8S cluster
A gcloud storage bucket
A gcloud loadbalancer
I managed to get my domain https://cdn.foobar.com/uploads/ to points to a google storage backend without any issue: I can access files. Its the backend service one that fails.
I would like the CDN to act as a cache, when a HTTP request hits it such as https://cdn.foobar.com/assets/x.jpg , if it does not have a copy of the asset it should query an other domain https://foobar.com/assets/x.jpg .
I understood that this what was load balancers backend-service were for. (Right?)
The backend-service is pointing to the instance group of the k8s cluster and requires a port. I guessed that I needed to allow the firewall to expose the Nodeport of my web application service for the loadbalancer to be able to query it.
Cloud CDN
Load balancing
Failing health-checks.
The backend service is pointing to the instance group of the k8s cluster and requires some ports (default 80?) 80 failed. I guessed that I needed to allow the firewall to expose the 32231 Nodeport of my web application service for the loadbalancer to be able to query it. That still failed with a 502.
?> kubectl describe svc Name: backoffice-service Namespace: default Labels: app=backoffice Selector: app=backoffice Type: NodePort IP: 10.7.xxx.xxx Port: http 80/TCP NodePort: http 32231/TCP Endpoints: 10.4.xx:8500,10.4.xx:8500 Session Affinity: None No events.
I ran out of ideas at this point. Any hints int the right direction would be much appreciated.
1 answers
solution1
2 ACCPTED 2017-05-01 19:13:26
When deploying your service as type ' NodePort ', you are exposing the service on each Node's IP, but the service is not reachable to the exterior, so you need to expose your service as 'LoadBalancer'
Since you're looking to use an HTTP(s) Load Balancer, I'll recommend using a Kubernetes Ingress resource . This resource will be in charge of configuring the HTTP(s) load balancer and the required ports that your service is using, as well as the health checks on the specified port.
Since you're securing your application, you will need to configure a secret object for securing the Ingress .
This example will help you getting started on an Ingress with TLS termination.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.