个人中心
gpt4 book ai didi

amazon-web-services - 在 self 管理的Kubernetes上为Istio网关获取External-IP

转载 作者:行者123 更新时间:2023-12-02 12:28:04 25 4
gpt4 key购买 nike

抱歉,如果我的术语不够完善,我现在正在学习Kubernetes。

我在一系列AWS实例上有一个自我管理的Kubernetes集群,其中有一个主节点和五个工作节点。所有节点都在运行Ubuntu 18.04。这些节点都在VPC上,我使用堡垒主机将其插入。暂时,我还为所有节点提供了外部IP,以简化测试。我还有一个域,我们称它为xxx.example.org,它指向主节点的当前外部IP。

我使用Kubespray设置了Kubernetes,然后继续安装Istio(使用istioctl),并根据官方文档herehere设置了Ingress Gateway

当我运行kubectl get svc -n istio-system istio-ingressgateway时,群集的外部IP始终为:

NAME                   TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)                                                                                                                                      AGE
istio-ingressgateway   LoadBalancer   10.233.3.209   <pending>     15020:30051/TCP,80:32231/TCP,443:30399/TCP,15029:31406/TCP,15030:32078/TCP,15031:30050/TCP,15032:30204/TCP,31400:31912/TCP,15443:31071/TCP   3m1s

我可以使用 IP:32231/headersxxx.example.org:32231/headers在浏览器中访问服务

我使用以下命令为Istio文档中引用的httpbin和Bookinfo项目配置了Gateway和VirtualService: 
kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: httpbin-gateway
spec:
  selector:
    istio: ingressgateway # use Istio default gateway implementation
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: httpbin
spec:
  hosts:
  - "*"
  gateways:
  - httpbin-gateway
  http:
  - match:
    - uri:
        prefix: /status
    - uri:
        prefix: /delay
    - uri:
        prefix: /headers
    route:
    - destination:
        port:
          number: 8000
        host: httpbin
  - match:
    - uri:
        exact: /productpage
    - uri:
        prefix: /static
    - uri:
        exact: /login
    - uri:
        exact: /logout
    - uri:
        prefix: /api/v1/products
    route:
    - destination:
        host: productpage
        port:
          number: 9080
EOF

既然这是一个自我管理的群集,是否有任何方法可以获取该群集的外部IP?如果不是,我将如何修改当前配置,以便可以从 xxx.example.org而不是 xxx.example.org:32231访问页面?

编辑#1

我确实尝试通过遵循 this documentationthis guide在AWS上设置NLB。不幸的是,这没有任何改变, EXTERNAL-IP仍然是 <pending>。之后,我部署了一个新的入口网关,如下所示: 
apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
  labels:
    app: istio-ingressgateway-2
    istio: ingressgateway-2
    operator.istio.io/component: IngressGateways
    operator.istio.io/managed: Reconcile
    operator.istio.io/version: 1.5.2
    release: istio
  name: istio-ingressgateway-2
  namespace: istio-system
spec:
  ports:
  - name: status-port
    nodePort: 30625
    port: 15020
    protocol: TCP
    targetPort: 15020
  - name: http2
    nodePort: 32491
    port: 80
    protocol: TCP
    targetPort: 80
  - name: https
    nodePort: 30466
    port: 443
    protocol: TCP
    targetPort: 443
  - name: kiali
    nodePort: 32034
    port: 15029
    protocol: TCP
    targetPort: 15029
  - name: prometheus
    nodePort: 30463
    port: 15030
    protocol: TCP
    targetPort: 15030
  - name: grafana
    nodePort: 31176
    port: 15031
    protocol: TCP
    targetPort: 15031
  - name: tracing
    nodePort: 32040
    port: 15032
    protocol: TCP
    targetPort: 15032
  - name: tcp
    nodePort: 32412
    port: 31400
    protocol: TCP
    targetPort: 31400
  - name: tls
    nodePort: 30411
    port: 15443
    protocol: TCP
    targetPort: 15443
  selector:
    app: istio-ingressgateway-2
    istio: ingressgateway-2
  type: LoadBalancer

我也将 httpbin-gateway更改为使用 ingressgateway-2。这样即使在端口32231上也无法加载任何内容。

最佳答案

可以通过在LoadBalancer服务 list 中添加注释来解决此问题。
根据Amazon文档:

Amazon EKS supports the Network Load Balancer and the Classic Load Balancer for pods running on Amazon EC2 instance worker nodes through the Kubernetes service of type LoadBalancer. Classic Load Balancers and Network Load Balancers are not supported for pods running on AWS Fargate (Fargate). For Fargate ingress, we recommend that you use the ALB Ingress Controller on Amazon EKS (minimum version v1.1.4).

The configuration of your load balancer is controlled by annotations that are added to the manifest for your service. By default, Classic Load Balancers are used for LoadBalancer type services. To use the Network Load Balancer instead, apply the following annotation to your service:

service.beta.kubernetes.io/aws-load-balancer-type: nlb

For an example service manifest that specifies a load balancer, see Type LoadBalancer in the Kubernetes documentation. For more information about using Network Load Balancer with Kubernetes, see Network Load Balancer support on AWS in the Kubernetes documentation.

By default, services of type LoadBalancer create public-facing load balancers. To use an internal load balancer, apply the following annotation to your service:

service.beta.kubernetes.io/aws-load-balancer-internal: "true"

For internal load balancers, your Amazon EKS cluster must be configured to use at least one private subnet in your VPC. Kubernetes examines the route table for your subnets to identify whether they are public or private. Public subnets have a route directly to the internet using an internet gateway, but private subnets do not.


要将类似的一个或多个注释添加到istio入口配置中,您可以按照 this文章中的示例进行操作。
希望能帮助到你。

关于amazon-web-services - 在 self 管理的Kubernetes上为Istio网关获取External-IP,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61722808/

25 4 0
文章推荐: python - 将文件复制到Kubernetes Pod
文章推荐: java - 如何在java中以无符号方式将字节数组转换为Base 64字符串?
文章推荐: java - 十六进制转换为 EBCDIC
文章推荐: amazon-web-services - EksCtl:通过群集配置文件更新节点定义不起作用
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com