如何为GKE内部入口设置静态内部IP [英] How to set static internal IP to the GKE internal Ingress
问题描述
我想为我的GKE工作负载创建一个内部入口.我想知道可以使用什么注释,以便在入口中设置静态的 INTERNAL IP地址/名称.
I want to create a Internal Ingress for my GKE workloads. I want to know what is the annotation that I can use so that I set a static INTERNAL IP address/name in my ingress.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-https
namespace: istio-system
annotations:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: "gce-internal"
ingress.gcp.kubernetes.io/pre-shared-cert: my-cert
helm.sh/chart: {{ include "devtools.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
backend:
serviceName: istio-ingressgateway-backend
servicePort: 443
我知道它将创建一个具有内部IP的入口,但是我想设置一个我已经在区域/子网中创建的静态IP.是否可以这样做,如果是的话,是否有相同的注释
I understand that It will create a Ingress with Internal IP , BUt I want to set a static IP that I have already created in a region/subnet. Is it possible to do so, If yes is there any annotation for the same
推荐答案
TL; DR
当前无法在GKE中使用内部静态IP配置默认的Ingress资源.
Currently there is no possibility to configure default Ingress resource with internal static IP in GKE.
有一种解决方法,它需要将nginx-ingress控制器与内部LoadBalancer服务一起使用.
There is a workaround for it which entails using the nginx-ingress controller with internal LoadBalancer service.
请查看官方文档:
- Cloud.google.com:Kuberentes Engine:内部负载平衡-用于解决方法的文档
- Kubernetes.github.io:Ingress-nginx:部署-使用的文档解决方法
- Cloud.google.com:Kubernetes引擎:内部负载平衡入口
- Cloud.google.com: Kuberentes Engine: Internal Load Balancing - documentation used for workaround
- Kubernetes.github.io: Ingress-nginx: Deploy - documentation used for workaround
- Cloud.google.com: Kubernetes Engine: Internal Load Balance Ingress
下面,我提供了解决方法的示例,并说明了已采取的步骤.
Below I included an example of the workaround with explanation of taken steps.
- 可以使用静态IP创建内部
LoadBalancer -
Nginx-ingress使用LoadBalancer类型的服务作为入口点 - 您可以按照上面的要点所述,使用内部
LoadBalancer创建一个nginx-ingress
- It's possible to create an internal
LoadBalancerwith static IP Nginx-ingressis usingLoadBalancertype of service as an entrypoint- You can create an
nginx-ingresswith internalLoadBalanceras told in above bullet points
步骤:
- 下载并修改
nginx-ingress定义 - 运行并检查
nginx-ingress-controller服务是否具有所需的静态IP地址 - 部署示例应用并进行测试
- Download and modify
nginx-ingressdefinition - Run and check if
nginx-ingress-controllerservice has desired static IP address - Deploy example app and test
默认情况下,官方网站中的nginx-ingress定义将配置以下服务:键入LoadBalancer作为入口点.默认情况下,它将获得一个外部 IP地址.您可以修改/编辑服务定义以获得内部定义.
By default nginx-ingress definition from official site will have configured service of type LoadBalancer as an entrypoint. By default it will get an external IP address. You can modify/edit service definition to get an internal one.
请下载此 YAML并在下面编辑负责服务定义的部分:
Please download this YAML and edit the part responsible for service definition below:
提示!
nginx-ingress也可以与Helm!一起部署.
A tip!
nginx-ingressis also available to deploy with Helm!.
# Source: ingress-nginx/templates/controller-service.yaml
apiVersion: v1
kind: Service
metadata:
annotations: # ADD THIS LINE
cloud.google.com/load-balancer-type: "Internal" # ADD THIS LINE
labels:
helm.sh/chart: ingress-nginx-2.4.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.33.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
type: LoadBalancer
loadBalancerIP: 10.1.2.99 # ADD THIS LINE
externalTrafficPolicy: Local
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
请具体查看metadata部分中的部分:
Please take a specific look on part in metadata section:
annotations: # ADD THIS LINE
cloud.google.com/load-balancer-type: "Internal" # ADD THIS LINE
此部分将指示GCP设置内部 IP地址
as this part will instruct GCP to provision an internal IP address
还请看一下:
loadBalancerIP: 10.156.0.99 # ADD THIS LINE
,因为此行将告诉GCP分配提供的IP地址.
as this line will tell GCP to allocate the IP address provided.
请记住,此地址应与您在其中创建群集的VPC网络兼容.
应用nginx-ingress的整个定义后,您应该可以运行:
After applying whole definition of nginx-ingress you should be able to run the:
-
kubectl get svc ingress-nginx-controller -n ingress-nginx
以上命令的输出:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.60.6.97 10.156.0.99 80:31359/TCP,443:32413/TCP 2m59s
您可以看到EXTERNAL-IP实际上是内部,并设置为10.156.0.99.
As you can see the EXTERNAL-IP is in fact internal and set to 10.156.0.99.
您应该能够curl此地址并获得nginx-ingress-controller的default-backend.
You should be able to curl this address and get the default-backend of nginx-ingress-controller.
此步骤是可选的,仅显示使用提及的nginx-ingress 公开示例应用的过程.
This steps are optional and are only showing the process of exposing example app with mentioned nginx-ingress.
YAML定义:
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-app
spec:
selector:
matchLabels:
app: hello
replicas: 3
template:
metadata:
labels:
app: hello
spec:
containers:
- name: hello
image: "gcr.io/google-samples/hello-app:2.0"
---
apiVersion: v1
kind: Service
metadata:
name: hello-service
labels:
app: hello
spec:
type: NodePort
selector:
app: hello
ports:
- name: hello-port
port: 80
targetPort: 8080
protocol: TCP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: hello-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host:
http:
paths:
- path: /
backend:
serviceName: hello-service
servicePort: hello-port
应用这些资源后,您应该能够:
After applying this resources you should be able to:
-
$ curl 10.156.0.99
并受到欢迎:
Hello, world!
Version: 2.0.0
Hostname: hello-app-7f46745f74-27gzh
这篇关于如何为GKE内部入口设置静态内部IP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
