是否可以使用 1 个 Kubernetes 入口对象将流量路由到不同集群中的 k8s 服务? [英] Is it possible to use 1 Kubernetes ingress object to route traffic to k8s services in different clusters?

问题描述

我有以下设置:k8s集群A，包含服务SAk8s 集群 B，包含服务 SB，以及一个将流量路由到 SB 的 HTTP 入口

I have the following setup: k8s cluster A, containing service SA k8s cluster B, containing service SB, and an HTTP ingress that routes traffic to SB

是否可以添加服务 SA 作为入口路径之一的后端服务?如果是这样，我如何在入口配置文件中引用它?(以通常的方式使用选择器不起作用，大概是因为我们在不同的集群中)

Is it possible to add service SA as the backend service for one of the path of the ingress? If so, how do I refer to it in the ingress configuration file? (using selectors in the usual way doesn't work, presumably because we are in different clusters)

推荐答案

Ingress 对象有助于为单个集群配置 HTTP(S) 负载平衡.他们没有多集群的概念，所以他们不会有你想要完成的配置语言(也许他们会用 Ubernetes，但他们今天肯定不会).

Ingress objects help configure HTTP(S) load balancing for a single cluster. They don't have a concept of multiple clusters, so they aren't going to have a configuration language for what you are trying to accomplish (maybe they will with Ubernetes, but they certainly don't today).

结果是您可以绕过 Ingress 配置并手动配置路由(毕竟，Ingress 实际上只是典型 L7 配置的一个易于使用的快捷方式).您可以在 GCP 中创建自己的 L7 配置，并设置基于路径的转发以路由到不同的后端组.然后，您可以将后端组分配给您在每个集群中配置的 NodePort 服务.

The upshot is that you can bypass the Ingress configuration and configure the routing manually (after all, Ingress is really just an ease-of-use shortcut for a typical L7 configuration). You can create your own L7 configuration in GCP and set up the path based forwarding to route to different backend groups. You can then assign the backend groups to a NodePort service that you configure in each of your clusters.

粗略的步骤是:

1. 在每个集群中创建一个NodePort服务
2. 为每个服务创建 HTTP 健康检查
3. 添加防火墙规则以允许 http 运行状况检查命中您的后端
4. 向集群的实例组添加服务(例如 gcloud compute instance-groups managed set-named-ports ...)
5. 为负载均衡器添加后端服务(例如 gcloud compute backend-services create ...)
6. 将集群的后端添加到此后端服务(例如 gcloud compute backend-services add-backend ...)
7. 将该 URL 映射到您的后端服务(例如 gcloud compute url-maps create ...)
8. 为该后端服务创建负载平衡代理(例如 gcloud compute target-http-proxies create ...)
9. 为该代理创建转发规则(例如 gcloud compute forwarding-rules create ...)

1. Create a NodePort service in each cluster
2. Create an HTTP health check for each service
3. Add a firewall rule to allow http health checks to hit your backends
4. Add a service to the instance group for your cluster (e.g. gcloud compute instance-groups managed set-named-ports ...)
5. Add backend services for the load balancer (e.g. gcloud compute backend-services create ...)
6. Add a backend for your cluster to this backend service (e.g. gcloud compute backend-services add-backend ...)
7. Map that URL to your backend service (e.g. gcloud compute url-maps create ...)
8. Create a load balancing proxy for that backend service (e.g. gcloud compute target-http-proxies create ...)
9. Create a forwarding rule for that proxy (e.g. gcloud compute forwarding-rules create ...)

这篇关于是否可以使用 1 个 Kubernetes 入口对象将流量路由到不同集群中的 k8s 服务?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！