为什么在使用ClusterIP时Google Cloud会显示错误 [英] Why does Google Cloud show an error when using ClusterIP
问题描述
在我的gcloud控制台中,它为定义的入口显示了以下错误:
In my gcloud console it shows the following error for my defined ingresses:
同步期间出错:评估入口规范:服务时出错 "monitoring/kube-prometheus"的类型为"ClusterIP",预期为"NodePort" 或"LoadBalancer"
Error during sync: error while evaluating the ingress spec: service "monitoring/kube-prometheus" is type "ClusterIP", expected "NodePort" or "LoadBalancer"
我将traefik用作反向代理(而不是nginx),因此我使用ClusterIP定义了一个入口.据我了解的过程,所有流量都通过traefik服务(定义了Loadbalancer入口)进行代理,因此我所有其他入口实际上应该具有ClusterIP而不是NodePort或Loadbalancer?
I am using traefik as reverse proxy (instead of nginx) and therefore I define an ingress using a ClusterIP. As far as I understand the process all traffic is proxied through the traefik service (which has a Loadbalancer ingress defined) and therefore all my other ingresses SHOULD actually have a ClusterIP instead of NodePort or Loadbalancer?
问题:
那么为什么Google Cloud会警告我期望使用NodePort或LoadBalancer?
So why does Google Cloud warn me that it expected a NodePort or LoadBalancer?
推荐答案
我不知道为什么会发生此错误,因为(在我看来)这是一个有效的配置.但是要清除错误,您可以将服务切换到命名的NodePort.然后,将您的入口切换为使用端口名称而不是端口号.例如:
I don't know why that error happens, because it seems (to me) to be a valid configuration. But to clear the error, you can switch your service to a named NodePort. Then switch your ingress to use the port name instead of the number. For example:
服务:
apiVersion: v1
kind: Service
metadata:
name: testapp
spec:
ports:
- name: testapp-http # ADD THIS
port: 80
protocol: TCP
targetPort: 80
selector:
app: testapp
type: NodePort
入口:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: testapp
spec:
rules:
- host: hostname.goes.here
http:
paths:
- backend:
serviceName: testapp
# USE THE PORT NAME FROM THE SERVICE INSTEAD OF THE PORT NUMBER
servicePort: testapp-http
path: /
更新:
这是我从Google收到的说明.
This is the explanation I received from Google.
因为默认情况下服务是ClusterIP [1],所以可以从群集内部访问这种服务.使用kube-proxy时,可以从外部访问它,并不意味着可以通过入口直接访问.
Since services by default are ClusterIP [1] and this type of service is meant to be accessible from inside the cluster. It can be accessed from outside when kube-proxy is used, not meant to be directly accessed with an ingress.
作为建议,我个人认为这篇文章[2]有助于理解这些类型的服务之间的区别.
As a suggestion, I personally find this article [2] good for understanding the difference between these types of services.
[1] https://kubernetes. io/docs/concepts/services-networking/service/#publishing-services-service-types
[2] 查看全文