是否可以使用1个Kubernetes入口对象将流量路由到不同集群中的k8s服务? [英] Is it possible to use 1 Kubernetes ingress object to route traffic to k8s services in different clusters?

问题描述

我有以下设置: k8s集群A，包含服务SA k8s集群B，包含服务SB和HTTP入口，该入口将流量路由到SB

I have the following setup: k8s cluster A, containing service SA k8s cluster B, containing service SB, and an HTTP ingress that routes traffic to SB

是否可以将服务SA添加为入口路径之一的后端服务?如果是这样，如何在入口配置文件中引用它? (以通常的方式使用选择器不起作用，大概是因为我们位于不同的集群中)

Is it possible to add service SA as the backend service for one of the path of the ingress? If so, how do I refer to it in the ingress configuration file? (using selectors in the usual way doesn't work, presumably because we are in different clusters)

推荐答案

入口对象有助于为单个群集配置HTTP(S)负载平衡.他们没有多个集群的概念，因此不会为您要完成的工作提供配置语言(也许他们会使用

Ingress objects help configure HTTP(S) load balancing for a single cluster. They don't have a concept of multiple clusters, so they aren't going to have a configuration language for what you are trying to accomplish (maybe they will with Ubernetes, but they certainly don't today).

结果是您可以绕过Ingress配置并手动配置路由(毕竟，Ingress实际上只是典型L7配置的易于使用的快捷方式).您可以在GCP中创建自己的L7配置，并设置基于路径的转发以路由到不同的后端组.然后，您可以将后端组分配给在每个群集中配置的NodePort服务.

The upshot is that you can bypass the Ingress configuration and configure the routing manually (after all, Ingress is really just an ease-of-use shortcut for a typical L7 configuration). You can create your own L7 configuration in GCP and set up the path based forwarding to route to different backend groups. You can then assign the backend groups to a NodePort service that you configure in each of your clusters.

粗略的步骤是:

1. 在每个群集中创建一个NodePort服务
2. 为每个服务创建HTTP运行状况检查
3. 添加防火墙规则，以允许http运行状况检查攻击您的后端
4. 将服务添加到群集的实例组(例如gcloud compute instance-groups managed set-named-ports ...)
5. 为负载均衡器添加后端服务(例如gcloud compute backend-services create ...)
6. 将群集的后端添加到此后端服务(例如gcloud compute backend-services add-backend ...)
7. 将该URL映射到您的后端服务(例如gcloud compute url-maps create ...)
8. 为该后端服务(例如gcloud compute target-http-proxies create ...)创建负载平衡代理
9. 为该代理创建转发规则(例如gcloud compute forwarding-rules create ...)

1. Create a NodePort service in each cluster
2. Create an HTTP health check for each service
3. Add a firewall rule to allow http health checks to hit your backends
4. Add a service to the instance group for your cluster (e.g. gcloud compute instance-groups managed set-named-ports ...)
5. Add backend services for the load balancer (e.g. gcloud compute backend-services create ...)
6. Add a backend for your cluster to this backend service (e.g. gcloud compute backend-services add-backend ...)
7. Map that URL to your backend service (e.g. gcloud compute url-maps create ...)
8. Create a load balancing proxy for that backend service (e.g. gcloud compute target-http-proxies create ...)
9. Create a forwarding rule for that proxy (e.g. gcloud compute forwarding-rules create ...)

这篇关于是否可以使用1个Kubernetes入口对象将流量路由到不同集群中的k8s服务?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！