如何发布Kubernetes服务而不使用类型LoadBalancer(在GCP上) [英] How can you publish a Kubernetes Service without using the type LoadBalancer (on GCP)
问题描述
我想避免对某个Kubernetes服务使用类型:LoadBalancer
,但仍然能够在Internet上发布它。我使用Google云端平台(GCP)运行当前在单个节点上运行的Kubernetes群集。
我尝试使用 以上都没有帮助我使用Kubernetes服务以及 externalIPs code>服务配置,并轮流给出IP地址:
kubernetes描述节点
)
LoadBalancer
的Kubernetes服务的公共/外部IP
$ b externalIPs $因此,如何在Internet上发布服务而不使用
LoadBalancer
-
如果您不想使用 LoadBalancer
服务,则公开公开您服务的其他选项包括:
类型 NodePort
使用 type
设置为 NodePort
,Kubernetes将在您的服务将暴露的所有节点虚拟机上分配一个端口( docs )。例如。如果您有2个节点,并且公共IP 12.34.56.78
和 23.45.67.89
,并且Kubernetes将您的服务端口31234,那么该服务将在 12.34.56.78:31234
& 23.45.67.89:31234
指定 externalIPs
如果您有能力将公共IP路由到您的节点,您可以在服务中指定 externalIPs
来告诉Kubernetes如果您发现某个IP地址带有我的服务端口,请将其发送给我。 (文档)
群集端点不适用于此,因为这只是您的Kubernetes主机的IP。另一个 LoadBalancer
服务的公共IP将不起作用,因为LoadBalancer仅配置为路由该原始服务的端口。我希望节点IP能够工作,但是如果你的服务端口是一个特权端口,它可能会发生冲突。
使用 / proxy /
端点
Kubernetes API包含一个 / proxy /
端点,允许您访问服务在集群端点IP上。例如。如果你的集群端点是 1.2.3.4
,你可以在命名空间中获得
通过访问 my-service
-ns https://1.2.3.4/api/v1/proxy/namespaces/my-ns/services/my-service
与您的群集凭据。这应该只用于测试/调试,因为它会通过您的Kubernetes主服务器到达服务的路径(额外跳跃,SPOF等)。
I would like to avoid using type: "LoadBalancer"
for a certain Kubernetes Service, but still to be able to publish it on the Internet. I am using Google Cloud Platform (GCP) to run a Kubernetes cluster currently running on a single node.
I tried to us the externalIPs
Service configuration and to give at turns, the IPs of:
- the instance hosting the Kubernetes cluster (External IP; which also conincides with the IP address of the Kubernetes node as reported by
kubernetes describe node
) - the Kubernetes cluster endpoint (as reported by the Google Cloud Console in the details of the cluster)
- the public/external IP of another Kubernetes Service of type
LoadBalancer
running on the same node.
None of the above helped me reach my application using the Kubernetes Service with an externalIPs
configuration.
So, how can I publish a service on the Internet without using a LoadBalancer
-type Kubernetes Service.
If you don't want to use a LoadBalancer
service, other options for exposing your service publicly are:
Type NodePort
Create your service with type
set to NodePort
, and Kubernetes will allocate a port on all of your node VMs on which your service will be exposed (docs). E.g. if you have 2 nodes, w/ public IPs 12.34.56.78
and 23.45.67.89
, and Kubernetes assigns your service port 31234, then the service will be available publicly on both 12.34.56.78:31234
& 23.45.67.89:31234
Specify externalIPs
If you have the ability to route public IPs to your nodes, you can specify externalIPs
in your service to tell Kubernetes "If you see something come in destined for that IP w/ my service port, route it to me." (docs)
The cluster endpoint won't work for this because that is only the IP of your Kubernetes master. The public IP of another LoadBalancer
service won't work because the LoadBalancer is only configured to route the port of that original service. I'd expect the node IP to work, but it may conflict if your service port is a privileged port.
Use the /proxy/
endpoint
The Kubernetes API includes a /proxy/
endpoint that allows you to access services on the cluster endpoint IP. E.g. if your cluster endpoint is 1.2.3.4
, you could reach my-service
in namespace my-ns
by accessing https://1.2.3.4/api/v1/proxy/namespaces/my-ns/services/my-service
with your cluster credentials. This should really only be used for testing/debugging, as it takes all traffic through your Kubernetes master on the way to the service (extra hops, SPOF, etc.).
这篇关于如何发布Kubernetes服务而不使用类型LoadBalancer(在GCP上)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!