为什么在使用ClusterIP时Google Cloud会显示错误 [英] Why does Google Cloud show an error when using ClusterIP

问题描述

在我的gcloud控制台中，它为定义的入口显示了以下错误:

In my gcloud console it shows the following error for my defined ingresses:

同步期间出错:评估入口规范:服务时出错 "monitoring/kube-prometheus"的类型为"ClusterIP"，预期为"NodePort" 或"LoadBalancer"

Error during sync: error while evaluating the ingress spec: service "monitoring/kube-prometheus" is type "ClusterIP", expected "NodePort" or "LoadBalancer"

我将traefik用作反向代理(而不是nginx)，因此我使用ClusterIP定义了一个入口.据我了解的过程，所有流量都通过traefik服务(定义了Loadbalancer入口)进行代理，因此我所有其他入口实际上应该具有ClusterIP而不是NodePort或Loadbalancer?

I am using traefik as reverse proxy (instead of nginx) and therefore I define an ingress using a ClusterIP. As far as I understand the process all traffic is proxied through the traefik service (which has a Loadbalancer ingress defined) and therefore all my other ingresses SHOULD actually have a ClusterIP instead of NodePort or Loadbalancer?

问题:

那么为什么Google Cloud会警告我期望使用NodePort或LoadBalancer?

So why does Google Cloud warn me that it expected a NodePort or LoadBalancer?

推荐答案

我不知道为什么会发生此错误，因为(在我看来)这是一个有效的配置.但是要清除错误，您可以将服务切换到命名的NodePort.然后，将您的入口切换为使用端口名称而不是端口号.例如:

I don't know why that error happens, because it seems (to me) to be a valid configuration. But to clear the error, you can switch your service to a named NodePort. Then switch your ingress to use the port name instead of the number. For example:

服务:

apiVersion: v1
kind: Service
metadata:
  name: testapp
spec:
  ports:
  - name: testapp-http # ADD THIS
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: testapp
  type: NodePort

入口:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: testapp
spec:
  rules:
  - host: hostname.goes.here
    http:
      paths:
      - backend:
          serviceName: testapp
          # USE THE PORT NAME FROM THE SERVICE INSTEAD OF THE PORT NUMBER
          servicePort: testapp-http
        path: /

更新:

这是我从Google收到的说明.

This is the explanation I received from Google.

因为默认情况下服务是ClusterIP [1]，所以可以从群集内部访问这种服务.使用kube-proxy时，可以从外部访问它，并不意味着可以通过入口直接访问.

Since services by default are ClusterIP [1] and this type of service is meant to be accessible from inside the cluster. It can be accessed from outside when kube-proxy is used, not meant to be directly accessed with an ingress.

作为建议，我个人认为这篇文章[2]有助于理解这些类型的服务之间的区别.

As a suggestion, I personally find this article [2] good for understanding the difference between these types of services.

[1] https://kubernetes. io/docs/concepts/services-networking/service/#publishing-services-service-types

[2] 查看全文