如何为 GKE 内部 Ingress 设置静态内部 IP [英] How to set static internal IP to the GKE internal Ingress
问题描述
我想为我的 GKE 工作负载创建一个内部入口.我想知道我可以使用什么注释,以便在入口中设置静态 INTERNAL IP 地址/名称.
I want to create a Internal Ingress for my GKE workloads. I want to know what is the annotation that I can use so that I set a static INTERNAL IP address/name in my ingress.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-https
namespace: istio-system
annotations:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: "gce-internal"
ingress.gcp.kubernetes.io/pre-shared-cert: my-cert
helm.sh/chart: {{ include "devtools.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
backend:
serviceName: istio-ingressgateway-backend
servicePort: 443
我知道它将创建一个带有内部 IP 的入口,但是我想设置一个我已经在区域/子网中创建的静态 IP.是否可以这样做,如果是,是否有相同的注释
I understand that It will create a Ingress with Internal IP , BUt I want to set a static IP that I have already created in a region/subnet. Is it possible to do so, If yes is there any annotation for the same
推荐答案
EDIT
现在,您可以按照以下文档使用内部 IP 和 GKE 创建 Ingress 资源:
EDIT
Now you can create an Ingress resource with Internal IP with GKE by following this documentation:
将下面的部分留给 nginx-ingress 解决方案,其中 Service 类型为 LoadBalancer,具有内部 IP 地址.
Leaving the below part for an nginx-ingress solution with Service of type LoadBalancer that has an internal IP address.
有一种解决方法,需要使用带有内部 LoadBalancer 服务的 nginx-ingress 控制器.
There is a workaround for it which entails using the nginx-ingress controller with internal LoadBalancer service.
请查看官方文档:
- Cloud.google.com:Kuberentes 引擎:内部负载平衡 - 用于解决方法的文档
- Kubernetes.github.io: Ingress-nginx: Deploy - 使用的文档解决方法
- Cloud.google.com: Kuberentes Engine: Internal Load Balancing - documentation used for workaround
- Kubernetes.github.io: Ingress-nginx: Deploy - documentation used for workaround
下面我包含了一个变通方法示例,并解释了所采取的步骤.
Below I included an example of the workaround with explanation of taken steps.
- 可以使用静态 IP 创建内部
LoadBalancer Nginx-ingress使用LoadBalancer类型的服务作为入口点- 您可以创建一个带有内部
LoadBalancer的nginx-ingress,如上述要点所述
- It's possible to create an internal
LoadBalancerwith static IP Nginx-ingressis usingLoadBalancertype of service as an entrypoint- You can create an
nginx-ingresswith internalLoadBalanceras told in above bullet points
步骤:
- 下载并修改
nginx-ingress定义 - 运行并检查
nginx-ingress-controller服务是否具有所需的静态 IP 地址 - 部署示例应用并进行测试
- Download and modify
nginx-ingressdefinition - Run and check if
nginx-ingress-controllerservice has desired static IP address - Deploy example app and test
默认nginx-ingress定义来自官方网站 将配置 LoadBalancer 类型的服务作为入口点.默认情况下,它将获得一个外部 IP 地址.您可以修改/编辑服务定义以获得内部.
By default nginx-ingress definition from official site will have configured service of type LoadBalancer as an entrypoint. By default it will get an external IP address. You can modify/edit service definition to get an internal one.
请下载这个 YAML 并编辑下面负责服务定义的部分:
Please download this YAML and edit the part responsible for service definition below:
nginx-ingress 也可以使用 Helm! 进行部署.
A tip!
nginx-ingressis also available to deploy with Helm!.
# Source: ingress-nginx/templates/controller-service.yaml
apiVersion: v1
kind: Service
metadata:
annotations: # ADD THIS LINE
cloud.google.com/load-balancer-type: "Internal" # ADD THIS LINE
labels:
helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
type: LoadBalancer
loadBalancerIP: 10.1.2.99 # ADD THIS LINE
externalTrafficPolicy: Local
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
请具体查看metadata部分:
annotations: # ADD THIS LINE
cloud.google.com/load-balancer-type: "Internal" # ADD THIS LINE
因为这部分将指示 GCP 提供一个内部 IP 地址
as this part will instruct GCP to provision an internal IP address
另外请看:
loadBalancerIP: 10.156.0.99 # ADD THIS LINE
因为这一行会告诉 GCP 分配提供的 IP 地址.
as this line will tell GCP to allocate the IP address provided.
请记住,此地址应与您在其中创建集群的 VPC 网络兼容.
应用 nginx-ingress 的完整定义后,您应该能够运行:
After applying whole definition of nginx-ingress you should be able to run the:
kubectl get svc ingress-nginx-controller -n ingress-nginx
以上命令的输出:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.60.6.97 10.156.0.99 80:31359/TCP,443:32413/TCP 2m59s
如您所见,EXTERNAL-IP 实际上是内部并设置为 10.156.0.99.
As you can see the EXTERNAL-IP is in fact internal and set to 10.156.0.99.
你应该能够curl这个地址并获得nginx-ingress-controller的default-backend.
You should be able to curl this address and get the default-backend of nginx-ingress-controller.
这些步骤是可选的,仅展示了使用提到的 nginx-ingress 公开示例应用程序的过程.
This steps are optional and are only showing the process of exposing example app with mentioned nginx-ingress.
YAML Deployment、Service 和 Ingress 的定义:
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-app
spec:
selector:
matchLabels:
app: hello
replicas: 3
template:
metadata:
labels:
app: hello
spec:
containers:
- name: hello
image: "gcr.io/google-samples/hello-app:2.0"
---
apiVersion: v1
kind: Service
metadata:
name: hello-service
labels:
app: hello
spec:
type: NodePort
selector:
app: hello
ports:
- name: hello-port
port: 80
targetPort: 8080
protocol: TCP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: hello-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host:
http:
paths:
- path: /
backend:
serviceName: hello-service
servicePort: hello-port
应用此资源后,您应该能够:
After applying this resources you should be able to:
$ curl 10.156.0.99
并受到欢迎:
Hello, world!
Version: 2.0.0
Hostname: hello-app-7f46745f74-27gzh
这篇关于如何为 GKE 内部 Ingress 设置静态内部 IP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
