GKE上的独立网络端点组(NEG)无法正常工作 [英] standalone network endpoint group (NEG) on GKE not working
问题描述
我正在GKE上运行最小状态数据库服务.单节点集群.到目前为止,我已经将数据库设置为一个有状态集.数据库已经在特定端口上公开了管理控制台以及必需的数据库端口.我正在尝试做两件事.
i am running a minimal stateful database service on GKE. single node cluster. i've setup a database as a stateful set on a single pod as of now. the database has exposed a management console on a particular port along with the mandatory database port. i am attempting to do two things.
- 通过全局HTTP(S)负载均衡器公开管理端口
- 将数据库端口暴露在GKE之外,以供Cloud Functions或App Engine应用程序使用.
我的有状态集运行良好,并且从容器日志中可以看到数据库已正确启动并且正在侦听所需的端口.
My stateful set is running fine and i can see from the container logs that the database is properly booted up and is listening on required ports.
我正在尝试设置独立的NEG(参考:使用简单的ClusterIP服务https://cloud.google.com/kubernetes-engine/docs/how-to/standalone-neg ).
i am attempting to setup a standalone NEG (ref: https://cloud.google.com/kubernetes-engine/docs/how-to/standalone-neg) using a simple ClusterIP service.
群集服务正常运行,我可以使用
the cluster service comes up fine and i can see it using
kubectl get service service-name
但是我看不到NEG设置...下面的命令什么都不返回
but i dont see the NEG setup as such... the following command returns nothing
$ gcloud compute network-endpoint-groups list
Listed 0 items.
我的pod暴露了8080端口,我的服务将51000映射到8080,并且我提供了neg注释
my pod exposes the port 8080 my service maps 51000 to 8080 and i have provided the neg annotation
cloud.google.com/neg: '{"exposed_ports": {"51000":{}}'
我没有看到任何此类错误,但也没有看到NEG已创建/列出.
I dont see any errors as such but neither do i see a NEG created/listed.
关于我将如何调试此问题的任何建议.
Any suggestions on how i would go about debugging this.
作为后续问题...
-
当在全局负载平衡器上暴露NEG时,我如何执行authn? 可以使用服务帐户角色或oauth/openid.
when exposing NEG over global load balancer, how do i enforce authn? im ok with either of service account roles or oauth/openid.
我是否可以使用单个NEG公开多个端口?为了 例如如果我想向我的全局负载均衡器公开一个端口,并且 另一个本地服务,是否可以通过单个NEG或 我应该使用专用的ClusterIP服务公开每个端口吗?
would i be able to expose multiple ports using a single NEG? for e.g. if i wanted to expose one port to my global load balancer and another to local services, is this possible with a single NEG or should i expose each port using a dedicated ClusterIP service?
在哪里可以找到Google kubernetes的文档/规范 注释.我试图使用 遵循注释语法.甚至支持/有意义吗?
where can i find documentation/specification for google kubernetes annotations. i tried to expose two ports on the neg using the following annotation syntax. is that even supported/meaningful?
cloud.google.com/neg:'{"exposed_ports":{"51000":{},"51010":{}}'
cloud.google.com/neg: '{"exposed_ports": {"51000":{},"51010":{}}'
提前谢谢!
推荐答案
为了创建由网络端点组支持的服务,您需要在VPC本机的GKE群集上进行工作:
In order to create the service that is backed by a network endpoint group, you need to be working on a GKE Cluster that is VPC Native:
在创建新集群时,默认情况下禁用此选项,并且必须在创建时启用它.您可以转到GKE中的群集详细信息",确认您的群集是否为VPC本机.它应该看起来像这样:
When you create a new cluster, this option is disabled by default and you must enable it upon creation. You can confirm if your cluster is VPC Native going to your Cluster details in GKE. It should appear like this:
VPC-native (alias IP) Enabled
如果群集不是VPC本机,则将无法按照其限制说明使用此功能:
If the cluster is not VPC Native, you won’t be able to use this feature as described on their restrictions:
如果您启用了VPC本机,请确保这些窗格具有相同的标签"purpose:"和"topic:",以确保它们是该服务的成员:
In case you have VPC Native enabled, make sure as well that the pods have the same labels "purpose:" and "topic:" to make sure they are members of the service:
kubectl get pods --show-labels
您还可以按照Kubernetes文档中的描述创建多端口服务:
You can also create multi-port services as it is described on Kubernetes documentation:
这篇关于GKE上的独立网络端点组(NEG)无法正常工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
