GCP Cloud Run:无法创建服务 [英] GCP Cloud Run: Failed to create a service

问题描述

我正在尝试将Cloud与私有GKE集群一起使用. 我使用以下命令创建了集群:

I am trying to use Cloud run with private GKE cluster. I created the cluster using the below command:

gcloud beta container clusters create cluster-name \
    --create-subnetwork name=cloud-run-subnet \
    --enable-master-authorized-networks \
    --enable-ip-alias \
    --enable-private-nodes \
    --enable-private-endpoint \
    --master-ipv4-cidr 172.16.0.32/28 \
    --no-enable-basic-auth \
    --no-issue-client-certificate \
    --addons=HorizontalPodAutoscaling,HttpLoadBalancing,Istio,CloudRun \
    --machine-type=n1-standard-1 \
    --enable-stackdriver-kubernetes \
    --scopes cloud-platform \
    --zone us-central1-a

我在同一VPC和子网中创建了一个堡垒主机，可以使用以下命令与该群集联系:

I created a bastion host in the same VPC and subnet that can contact this cluster using the below command:

gcloud compute instances create bastion \
 --zone us-central1-a \
 --subnet cloud-run-subnet \
 --machine-type=g1-small \
 --scopes cloud-platform

我在堡垒主机上安装了kubectl，并使用gcloud container clusters get-credentials命令将上下文切换到该集群.

I installed kubectl on the bastion host and switched the context to this cluster using gcloud container clusters get-credentials command.

我使用以下命令确保在默认名称空间上启用了Istio:

I made sure Istio is enabled on default namespace using the below command:

kubectl label namespace default istio-injection=enabled

现在，当我尝试使用以下命令部署服务时，出现错误:

Now when I try to deploy a service using the below command I get an error:

gcloud beta run deploy hello \
    --image=gcr.io/projectname/hello-world \
    --platform=gke \
    --cluster=cluster-name \
    --cluster-location=us-central1-a \
    --connectivity=internal

错误:

ERROR: (gcloud.beta.run.deploy) Error:                                                                                                                                                                             
failed calling webhook "webhook.serving.knative.dev": Post https://webhook.knative-serving.svc:443/?timeout=30s: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting he
aders)

我尝试同时使用--connectivity=internal和--connectivity=external时遇到相同的错误.

I tried with both --connectivity=internal and --connectivity=external I get the same error.

当我尝试使用控制台创建服务时，出现以下错误:

When I try to create the service using the console, I get the following error:

Failed to create a service

Tracking number: d123456789

我确保为容器注册表( gcr.io )和GKE群集保留相同的项目.

I have made sure to keep the same project for the container registry (gcr.io) and GKE cluster.

确切的事情可以在公共集群上正常工作. 我无法找到特定的文档来使它们与私有GKE集群一起使用.有什么我想念的吗? 我有做错什么吗?

Exact things work fine with public clusters. I am not able to find specific documentation to get it all working with private GKE cluster. Is there anything that I am missing? Is there anything that I am doing wrong?

推荐答案

在此GitHub线程中已解决了类似的问题:

A similar issue was fixed doing that in this GitHub thread:

https://github.com/knative/serving/issues/4868

主要原因是，在私有GKE群集中，默认情况下，只有GKE主服务器才能访问端口443或80上的服务.

The main cause is that in a private GKE cluster, by default only the GKE master have access to the services at port 443 or 80.

您是否可以尝试使用端口8443代替443，并将端口8443列入白名单.

Could you try to use the port 8443 instead of the 443, and white-list the port 8443.

https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules

这篇关于GCP Cloud Run:无法创建服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！