我配置了一个集群,其中的服务(及其相关的 Pod/容器)全部部署到私有子网中。其中一个 Pod 代表应用程序的 UI,我定义了一个具有公共 IP 的负载均衡器来提供对 UI 的访问。至少这是我的意图。当我在浏览器中输入包含负载均衡器 IP 的 URL 时,请求不会发送到 UI 容器。我认为我的某些配置不正确,并且我们将不胜感激。 UI 服务的定义如下所示:
apiVersion: apps/v1beta1
kind: Deployment
metadata: {name: myui, namespace: gem}
spec:
replicas: 1
template:
metadata:
labels: {app: myui}
spec:
containers:
image: myblobstore.azurecr.io/myui:latest
imagePullPolicy: Always
name: myui
ports:
- {containerPort: 80}
---
apiVersion: v1
kind: Service
metadata: {name: myapp, namespace: gem}
spec:
loadBalancerIP: 40.123.124.125
ports:
- {name: '80', port: 80}
selector: {app: myui}
type: LoadBalancer
我还在网络安全组中定义了一条规则,我打算允许来自负载均衡器的流量到达目标容器:
65001 AzureLoadBalancerInBound Any Any AzureLoadBalancer Any Allow
但流量不会到达 UI 容器。我需要什么额外配置才能使其正常工作?
更新:以下是我的集群的端点:
$ kubectl get endpoints -n gem
NAME ENDPOINTS AGE
...
myui 10.0.2.22:80 176m
...
为了使图片更完整,这里有一些附加信息:
$ kubectl get pods -n gem -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
...
myui-99c55f8d4-2thzv 1/1 Running 0 ...
$ kubectl get svc -n gem -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
...
myui LoadBalancer 10.1.0.94 40.123.124.125 80:32246/TCP 3h1m app=myui
...
$ kubectl describe svc/myui -n gem
Name: myui
Namespace: gem
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"myui","namespace":"gem"},"spec":{"loadBalancerIP":"40.123.124,125"...
Selector: app=myui
Type: LoadBalancer
IP: 10.1.0.94
IP: 40.123.124.125
LoadBalancer Ingress: 40.123.124.125
Port: 80 80/TCP
TargetPort: 80/TCP
NodePort: 80 32246/TCP
Endpoints: 10.0.2.22:80
Session Affinity: None
External Traffic Policy: Cluster
Peter