我配置了一个群集,其中所有服务(及其关联的Pod/容器)都部署到了专用子网中.这些Pod之一代表了应用程序的UI,我定义了带有公共ip的负载均衡器,以提供对UI的访问.至少那是我的意图.当我在浏览器中输入带有负载均衡器IP的URL时,请求没有到达UI容器.我认为我的配置不正确,请教一些建议.UI服务的定义如下所示:
I have a cluster configured where the services (and their assoicated pods/containers) are all deployed into a private subnet. One of these pods represents the UI for the application and I've defined a load balancer with a public ip to proivde access to the UI. At least that's my intent. When I enter a URL in my browser with the IP of the load balancer, requests are not making it to the UI container. I assume I have something configured incorrectly and some advice would be appreciated. The definition for the UI service looks like this:
apiVersion: apps/v1beta1 kind: Deployment metadata: {name: myui, namespace: gem} spec: replicas: 1 template: metadata: labels: {app: myui} spec: containers: image: myblobstore.azurecr.io/myui:latest imagePullPolicy: Always name: myui ports: - {containerPort: 80} --- apiVersion: v1 kind: Service metadata: {name: myapp, namespace: gem} spec: loadBalancerIP: 40.123.124.125 ports: - {name: '80', port: 80} selector: {app: myui} type: LoadBalancer我还在网络安全组中定义了一个规则,该规则旨在允许来自负载均衡器的流量到达目标容器:
I've also defined a rule in my network security group that I had intended to allow traffic from a load balancer to reach the target container:
65001 AzureLoadBalancerInBound Any Any AzureLoadBalancer Any AllowTraffic不会进入UI容器.我需要什么其他配置才能使其正常工作?
Traffic does not make it to the UI container though. What additional configuration do I need to get this to work?
更新:这是我的群集的端点:
Update: Here are the endpoints for my cluster:
$ kubectl get endpoints -n gem NAME ENDPOINTS AGE ... myui 10.0.2.22:80 176m ...为完成图片,下面是一些其他信息:
And to complete the picture, here's some additional info:
$ kubectl get pods -n gem -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE ... myui-99c55f8d4-2thzv 1/1 Running 0 ... $ kubectl get svc -n gem -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR ... myui LoadBalancer 10.1.0.94 40.123.124.125 80:32246/TCP 3h1m app=myui ... $ kubectl describe svc/myui -n gem Name: myui Namespace: gem Labels: <none> Annotations: kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"myui","namespace":"gem"},"spec":{"loadBalancerIP":"40.123.124,125"... Selector: app=myui Type: LoadBalancer IP: 10.1.0.94 IP: 40.123.124.125 LoadBalancer Ingress: 40.123.124.125 Port: 80 80/TCP TargetPort: 80/TCP NodePort: 80 32246/TCP Endpoints: 10.0.2.22:80 Session Affinity: None External Traffic Policy: Cluster彼得
推荐答案最后,解决方案只是确保所使用的网络安全组具有开放的端口80和443,以允许Internet流量通过.我有两个不同的安全组,并认为我的负载均衡器将使用我指定为公共"安全组的那个组,该组的端口80和443确实处于打开状态.相反,它使用了我的其他安全组,并且我不得不向该组添加适当的规则.
In the end the solution was simply to make sure that the network security group being used has ports 80 and 443 open to allow internet traffic to flow. I had two different security groups and thought my load balancer would use the one I designated as my "public" security group, which did have ports 80 and 443 open. It instead used my other security group, and I had to add the appropriate rules to that group.
更多推荐
通过AKS集群中的负载均衡器访问服务
发布评论