rub*_*bik 1 google-cloud-platform kubernetes google-kubernetes-engine
I have created a deployment and a service on Google Kubernetes Engine. These are running on Cloud Compute instances.
I need to make my k8s application reachable from other Compute instances, but not from the outside world. That is because there are some legacy instances running outside the cluster and those cannot be migrated (yet, at least).
My understanding is that a Service makes the pod reachable from other cluster nodes, whereas an Ingress exposes the pod to the external traffic with an external IP.
我需要的是中间的东西:我需要将我的 pod 暴露在集群之外,但只能暴露给其他本地 Compute 实例(在同一区域中)。我不明白我该怎么做。
在 Google Kubernetes Engine 中,这是通过LoadBalancer注释为内部负载均衡器的类型服务来实现的。它的文档位于https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing。
假设您有一个带有标签的 Deploymentapp: echo-pod侦听端口 080,并且您想将其作为端口 80 公开给 GCE 实例,该服务将如下所示:
apiVersion: v1
kind: Service
metadata:
name: echo-internal
annotations:
cloud.google.com/load-balancer-type: "Internal"
labels:
app: echo-pod
spec:
type: LoadBalancer
selector:
app: echo-pod
ports:
- port: 80
targetPort: 8080
protocol: TCP
创建服务和内部负载平衡器需要一些时间。一旦创建,它将有一个外部 IP:
$ kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
echo-internal LoadBalancer 10.4.11.165 10.128.0.35 80:31706/TCP 2m33s
kubernetes ClusterIP 10.4.0.1 <none> 443/TCP 20m
该10.128.0.35IP实际上是一个内部只有你VPC内部访问的IP地址。从另一个 GCE 实例,您可以在公开的端口上访问它:
$ curl http://10.128.0.35
Hostname: echo-deployment-5f55bb9855-hxl7b
注意:您需要在配置集群时启用“负载平衡”附加组件。但它默认启用并且应该可以工作,除非您在集群创建时明确禁用“启用 HTTP 负载平衡”选项。
| 归档时间: |
|
| 查看次数: |
61 次 |
| 最近记录: |