Grpc 服务无法接收任何带有 linkerd 的请求

Grpc service cannot receive any request with linkerd

根据this article,我正在尝试将 Linkerd 与我在 kubernetes 上的 grpc 服务集成以解决负载平衡问题,但是在使用 Linkerd 和 grpc 客户端冻结时我的 grpc 服务无法接收任何请求,抛出 no例外。服务端和客户端都是.Net Core应用,使用不安全的凭证。

我做了一些测试。 grpc 服务器可以在没有 Linkerd 的情况下工作,Linkerd 可以与 ASP.NET Core web api.

一起工作

我遵循了官方说明:Getting Started and Adding Your Service。这是生成的 yaml:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: demogrpc
  name: demogrpc
spec:
  replicas: 3
  selector:
    matchLabels:
      app: demogrpc
  strategy: {}
  template:
    metadata:
      annotations:
        linkerd.io/created-by: linkerd/cli stable-2.1.0
        linkerd.io/proxy-version: stable-2.1.0
      creationTimestamp: null
      labels:
        app: demogrpc
        linkerd.io/control-plane-ns: linkerd
        linkerd.io/proxy-deployment: demogrpc
    spec:
      containers:
      - env:
        - name: GRPC_HOST
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        - name: SERVICE_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: GRPC_PORT
          value: "8000"
        image: 192.168.99.25:30000/demogrpchost:1.0.9
        imagePullPolicy: Always
        name: demogrpc
        resources: {}
      - env:
        - name: LINKERD2_PROXY_LOG
          value: warn,linkerd2_proxy=info
        - name: LINKERD2_PROXY_BIND_TIMEOUT
          value: 10s
        - name: LINKERD2_PROXY_CONTROL_URL
          value: tcp://linkerd-proxy-api.linkerd.svc.cluster.local:8086
        - name: LINKERD2_PROXY_CONTROL_LISTENER
          value: tcp://0.0.0.0:4190
        - name: LINKERD2_PROXY_METRICS_LISTENER
          value: tcp://0.0.0.0:4191
        - name: LINKERD2_PROXY_OUTBOUND_LISTENER
          value: tcp://127.0.0.1:4140
        - name: LINKERD2_PROXY_INBOUND_LISTENER
          value: tcp://0.0.0.0:4143
        - name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
          value: .
        - name: LINKERD2_PROXY_POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: gcr.io/linkerd-io/proxy:stable-2.1.0
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:
            path: /metrics
            port: 4191
          initialDelaySeconds: 10
        name: linkerd-proxy
        ports:
        - containerPort: 4143
          name: linkerd-proxy
        - containerPort: 4191
          name: linkerd-metrics
        readinessProbe:
          httpGet:
            path: /metrics
            port: 4191
          initialDelaySeconds: 10
        resources: {}
        securityContext:
          runAsUser: 2102
        terminationMessagePolicy: FallbackToLogsOnError
      imagePullSecrets:
      - name: kubernetes-registry
      initContainers:
      - args:
        - --incoming-proxy-port
        - "4143"
        - --outgoing-proxy-port
        - "4140"
        - --proxy-uid
        - "2102"
        - --inbound-ports-to-ignore
        - 4190,4191
        image: gcr.io/linkerd-io/proxy-init:stable-2.1.0
        imagePullPolicy: IfNotPresent
        name: linkerd-init
        resources: {}
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
          privileged: false
        terminationMessagePolicy: FallbackToLogsOnError
status: {}

这是来自其中一个 linkerd-proxy 的日志消息:

INFO linkerd2_proxy::app::main using controller at Some(Name(NameAddr { name: DnsName(DNSName("linkerd-proxy-api.linkerd.svc.cluster.local")), port: 8086 }))
INFO linkerd2_proxy::app::main routing on V4(127.0.0.1:4140)
INFO linkerd2_proxy::app::main proxying on V4(0.0.0.0:4143) to None
INFO linkerd2_proxy::app::main serving Prometheus metrics on V4(0.0.0.0:4191)
INFO linkerd2_proxy::app::main protocol detection disabled for inbound ports {25, 3306}
INFO linkerd2_proxy::app::main protocol detection disabled for outbound ports {25, 3306}
WARN 10.244.1.137:8000 linkerd2_proxy::proxy::reconnect connect error to Config { target: Target { addr: V4(10.244.1.137:8000), tls: None(InternalTraffic), _p: () }, settings: Http2, _p: () }: Connection refused (os error 111) (address: 127.0.0.1:8000)

如何让我的 grpc 服务与 Linkerd 一起工作?或者有没有更好的方案在kubernetes中负载均衡grpc服务?

通过指定GRPC_HOST到127.0.0.1允许Linkerd连接到grpc服务器。由于 linkerd 代理将使用环回地址连接到其他容器,在这种情况下为 grpc 服务。