Kubernetes服务与集群和Google Compute Engine对象之间是什么关系? [英] What are the relationships between Kubernetes services and clusters and Google Compute Engine objects?
问题描述
我正在设置几个在Google Container Engine上运行的服务,流量使用路径映射通过Google HTTP Load Balancer进入.
I am setting a couple of services running on Google Container Engine, with traffic coming in through a Google HTTP Load Balancer, using path mapping.
关于设置基于内容的负载平衡此处,但这全都是简单的Google Compute对象,例如实例组和后端服务.但是,我有Kubernetes服务,pod和集群.
There is a good Google tutorial on setting up content-based load-balancing here, but it is all in terms of plain Google Compute objects like instance groups and backend services. I, however, have Kubernetes services, pods and clusters.
Kubernetes对象与Google Compute资源之间是什么关系?如何以编程方式在两者之间进行映射?
What is the relationship between the Kubernetes objects and the Google Compute resources? How do I map between the two programmatically?
(我知道我可能正在使用Kubernetes Web入口对象进行平衡,如
(I am aware that I could be using a Kubernetes web ingress object to do the balancing, as explained here, but it looks like Kubernetes Ingress does not yet support HTTPS, which need.)
推荐答案
Kubernetes对象与Google Compute资源之间是什么关系?如何以编程方式在两者之间进行映射?
What is the relationship between the Kubernetes objects and the Google Compute resources? How do I map between the two programmatically?
https://github.com/kubernetes/contrib/树/主服务器/入口/控制器/gce#overview
(我知道我可以使用Kubernetes Web入口对象进行平衡,如此处所述,但看起来Kubernetes Ingress尚不支持HTTPS,这是必需的.)
(I am aware that I could be using a Kubernetes web ingress object to do the balancing, as explained here, but it looks like Kubernetes Ingress does not yet support HTTPS, which need.)
Ingress将在1.2中支持HTTPS.这就是资源的样子: https://github.com/kubernetes/kubernetes/issues/19497#issuecomment-174112834 .同时,您可以使用Ingress设置HTTP负载平衡,并手动对其进行修改以支持https.抱歉,这很麻烦,很快就会好起来.
Ingress will support HTTPS in 1.2. This is what the resource will look like: https://github.com/kubernetes/kubernetes/issues/19497#issuecomment-174112834. In the meanwhile you can setup HTTP loadbalancing with the Ingress and hand modify it to support https. Apologies beforehand that this is convoluted, it will get better soon.
首先创建一个HTTP入口:
First create an HTTP Ingress:
- 创建类型的服务= NodePort
- 确保您具有 BackendService配额
- 创建 HTTP入口
- 在防火墙中公开服务的节点端口(也如 https://cloud.google.com/container-engine/docs/tutorials/http-balancer )
- 等到kubect描述显示对于您后端.
- Create Services of Type=NodePort
- Make sure you have BackendService quota
- Create a HTTP Ingress
- Expose the node port (s) of the service in the Firewall (also as mentioned in https://cloud.google.com/container-engine/docs/tutorials/http-balancer)
- Wait till kubect describe ing shows HEALTHY for you backends.
这时,您应该可以卷曲Ingress负载平衡器IP并使用nginx服务(或您在步骤1中创建的任何服务).
At this point you should be able to curl your Ingress loadbalancer IP and hit the nginx service (or whatever service you created in step 1).
然后通过 GCE控制台手动执行以下操作:
Then do the following, manually through the GCE console:
- 将Ingress资源的IP从"Ephmermal"更改为"Static"(在外部IP地址"标签的
kubectl get ing中查找IP) - 创建您的ssl证书.如果您只想要自签名证书,则可以执行以下操作:
- Change the IP of the Ingress resource from "Ephmermal" to "Static" (look for the IP in
kubectl get ingin the "External IP addresses" tab) - Create your ssl cert. If you just want a self signed cert you can do:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout/tmp/nginx.key -out/tmp/nginx.crt -subj"/CN = nginxsvc/O = nginxsvc"
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/nginx.key -out /tmp/nginx.crt -subj "/CN=nginxsvc/O=nginxsvc"
- 为HTTPS负载平衡器创建新的目标HTTPS代理和转发规则,并将其分配给http负载平衡器的相同(静态)IP.
此时,您应该可以卷曲 https://loadbalancer-ip -k
At this point you should be able to curl https://loadbalancer-ip -k
这篇关于Kubernetes服务与集群和Google Compute Engine对象之间是什么关系?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
