我正在尝试使用GKE在Google Cloud上部署完整的Web应用程序(后端为nodejs,前端为angular).然后为它启用SSL.
I am trying to deploy a complete web application using GKE on Google Cloud (backend as nodejs, and frontend angular). Then enable SSL for it afterward.
我创建了一个全局IP地址(然后在列表中看到了它): gcloud计算地址创建mathbux-static-ip --global
I created a global IP address (And saw it in the list afterward): gcloud compute addresses create mathbux-static-ip --global
之后,我同时部署了后端和前端-容器和yaml文件.
After that I have deployed both my backend and frontend - containers and yaml files.
这里的问题是,反映在入口控制器上的IP地址来自任何地方,并且与我设置的IP地址不同(我刚才在上面设置的静态IP地址).
The problem here is that the IP address reflected on the ingress controller comes from nowhere, and is different from what I set it to (the static IP address I just made above).
我遵循以下有关在GKE上安装Nginx-ingress设置的准则: kubernetes.github.io/ingress-nginx/deploy/#gce-gke
I have followed the guidelines of how to install Nginx-ingress setup on GKE by following this: kubernetes.github.io/ingress-nginx/deploy/#gce-gke
kubectl create clusterrolebinding cluster-admin-binding \ --clusterrole cluster-admin \ --user $(gcloud config get-value account) kubectl apply -f raw.githubusercontent/kubernetes/ingress-nginx/controller-v0.34.1/deploy/static/provider/cloud/deploy.yaml这是我的ingress.yaml中的一个代码段:
Here is a snippet part of my ingress.yaml:
.... truncated . . . apiVersion: extensions/v1beta1 kind: Ingress metadata: name: mathbux-ingress-frontend namespace: default annotations: kubernetes.io/ingress.class: nginx kubernetes.io/ingress.global-static-ip-name: "mathbux-static-ip" networking.gke.io/managed-certificates: mathbux-ssl nginx.ingress.kubernetes.io/rewrite-target: /这是我的托管证书文件的摘录,如Google文档中所述:
And here's a snippet of my managed certificate file as in Google Documentation:
apiVersion: networking.gke.io/v1beta2 kind: ManagedCertificate metadata: name: mathbux-ssl spec: domains: - mathbux - www.mathbux当我转到生成的IP地址时,整个应用程序运行完美,并且仅按预期工作:
The whole application works perfectly when I go to the generated IP address, and works as intended only that:
1.)IP地址不是我在ingress.yaml中创建并假定设置的特定静态全局IP地址
2.)分别,SSL也失败. (请注意,我已经将我的域名指向我手动设置的静态IP地址)
推荐答案您正在使用的注释-kubernetes.io/ingress.global-static-ip-name-可用于默认的GKE入口,它实际上是google负载均衡器-请参见此处的文档- cloud.google/kubernetes-engine/docs/tutorials/http -balancer .
The annotation that you are using - kubernetes.io/ingress.global-static-ip-name - is available for default GKE ingress, which is essentially a google load balancer - see documentation here - cloud.google/kubernetes-engine/docs/tutorials/http-balancer.
但是,您要做的是部署了ingress-nginx(这是一个不同的入口提供程序),并通过kubernetes.io/ingress.class: nginx将入口资源分配给了它,这实际上使您的静态ip注释毫无意义.
However, what you did instead is you deployed ingress-nginx (which is a different ingress provider) and assigned your ingress resource to it via kubernetes.io/ingress.class: nginx which essentially makes your static ip annotation meaningless.
因此,您需要确定要使用哪个入口.如果要使用GKE的负载均衡器,请删除入口nginx并遵循我上面链接的默认GKE入口的文档.
So, you need to decide which ingress you want to use. If you want to use GKE's load balancer, remove ingress nginx and follow documentation for default GKE ingress that I linked above.
如果您想使用Ingress Nginx,则可以在此处找到其文档,包括ssl配置- kubernetes.github.io/ingress-nginx/.
If instead you want to use ingress nginx, you can find its documentation, including ssl configuration, here - kubernetes.github.io/ingress-nginx/.
更多推荐
Google Cloud Kubernetes入口静态IP地址未反映并且与设置不同
发布评论