[英]GKE Autopilot Ingress Timeout for Requests
我已经部署了一个简单的自动驾驶 gke 集群。 在其中创建了一个 httpbin 部署,如下所示;
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpbin
labels:
app: httpbin
spec:
selector:
matchLabels:
app: httpbin
replicas: 1
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: httpbin
spec:
containers:
- name: httpbin
image: kennethreitz/httpbin
ports:
- containerPort: 80
name: http
protocol: TCP
readinessProbe:
httpGet:
path: /status/200
port: 80
initialDelaySeconds: 25
periodSeconds: 5
为此部署创建了一个服务。
apiVersion: v1
kind: Service
metadata:
name: httpbin-service
spec:
type: ClusterIP
selector:
app: httpbin
ports:
- name: http
protocol: TCP
port: 80
targetPort: http
然后创建一个 Ingress 类型为 object。
apiVersion: "networking.k8s.io/v1"
kind: "Ingress"
metadata:
name: "ilb-httpbin"
namespace: "default"
annotations:
kubernetes.io/ingress.class: "gce-internal"
spec:
defaultBackend:
service:
name: "httpbin-service"
port:
name: http
当我尝试通过它的域名/IP 访问该服务时,我能够得到回复。 此请求从 POD .netshoot 发送)
bash-5.2# curl http://httpbin-service/status/200 -k -v
.....
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: gunicorn/19.9.0
....
如果我尝试通过 Ingress 访问相同的服务,它会生成一个内部负载均衡器等。再次从同一集群中的 .netshoot pod 访问它会超时。
bash-5.2# curl http://10.132.0.45/status/200 -k -v
* Trying 10.132.0.45:80...
* Connected to 10.132.0.45 (10.132.0.45) port 80 (#0)
> GET /status/200 HTTP/1.1
> Host: 10.132.0.45
> User-Agent: curl/7.86.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 504 Gateway Timeout
< content-length: 24
< content-type: text/plain
< date: Wed, 04 Jan 2023 15:24:16 GMT
< via: 1.1 google
<
我就是找不到为什么会这样。 这里能缺少什么。 我认为这与服务可访问性的负载均衡器有关。 因为,我可以看到最后一个curl可以连接到LB前端但是无法调用LB端的目标。
编辑:根据下面 Yvan 的评论,已部署服务 yaml(来自 GUI)
apiVersion: v1
kind: Service
metadata:
annotations:
cloud.google.com/neg: '{"ingress":true}'
cloud.google.com/neg-status: '{"network_endpoint_groups":{"80":"k8s1-c8f531c9-default-httpbin-service-80-748977ee"},"zones":["europe-west1-b","europe-west1-c","europe-west1-d"]}'
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"httpbin-service","namespace":"default"},"spec":{"ports":[{"name":"http","port":80,"protocol":"TCP","targetPort":"http"}],"selector":{"app":"httpbin"},"type":"ClusterIP"}}
creationTimestamp: "2023-01-04T10:48:04Z"
...
问题是,我的负载均衡器位于特定范围的负载均衡器特定网络中。 这否定了通用的 glb 到内部防火墙规则并导致访问失败。
怎么修;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.