Grpc 服务无法接收任何带有 linkerd 的请求
Grpc service cannot receive any request with linkerd
根据this article,我正在尝试将 Linkerd 与我在 kubernetes 上的 grpc 服务集成以解决负载平衡问题,但是在使用 Linkerd 和 grpc 客户端冻结时我的 grpc 服务无法接收任何请求,抛出 no例外。服务端和客户端都是.Net Core应用,使用不安全的凭证。
我做了一些测试。 grpc 服务器可以在没有 Linkerd 的情况下工作,Linkerd 可以与 ASP.NET Core web api.
一起工作
我遵循了官方说明:Getting Started and Adding Your Service。这是生成的 yaml:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: demogrpc
name: demogrpc
spec:
replicas: 3
selector:
matchLabels:
app: demogrpc
strategy: {}
template:
metadata:
annotations:
linkerd.io/created-by: linkerd/cli stable-2.1.0
linkerd.io/proxy-version: stable-2.1.0
creationTimestamp: null
labels:
app: demogrpc
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: demogrpc
spec:
containers:
- env:
- name: GRPC_HOST
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: SERVICE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: GRPC_PORT
value: "8000"
image: 192.168.99.25:30000/demogrpchost:1.0.9
imagePullPolicy: Always
name: demogrpc
resources: {}
- env:
- name: LINKERD2_PROXY_LOG
value: warn,linkerd2_proxy=info
- name: LINKERD2_PROXY_BIND_TIMEOUT
value: 10s
- name: LINKERD2_PROXY_CONTROL_URL
value: tcp://linkerd-proxy-api.linkerd.svc.cluster.local:8086
- name: LINKERD2_PROXY_CONTROL_LISTENER
value: tcp://0.0.0.0:4190
- name: LINKERD2_PROXY_METRICS_LISTENER
value: tcp://0.0.0.0:4191
- name: LINKERD2_PROXY_OUTBOUND_LISTENER
value: tcp://127.0.0.1:4140
- name: LINKERD2_PROXY_INBOUND_LISTENER
value: tcp://0.0.0.0:4143
- name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
value: .
- name: LINKERD2_PROXY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: gcr.io/linkerd-io/proxy:stable-2.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /metrics
port: 4191
initialDelaySeconds: 10
name: linkerd-proxy
ports:
- containerPort: 4143
name: linkerd-proxy
- containerPort: 4191
name: linkerd-metrics
readinessProbe:
httpGet:
path: /metrics
port: 4191
initialDelaySeconds: 10
resources: {}
securityContext:
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
imagePullSecrets:
- name: kubernetes-registry
initContainers:
- args:
- --incoming-proxy-port
- "4143"
- --outgoing-proxy-port
- "4140"
- --proxy-uid
- "2102"
- --inbound-ports-to-ignore
- 4190,4191
image: gcr.io/linkerd-io/proxy-init:stable-2.1.0
imagePullPolicy: IfNotPresent
name: linkerd-init
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: false
terminationMessagePolicy: FallbackToLogsOnError
status: {}
这是来自其中一个 linkerd-proxy 的日志消息:
INFO linkerd2_proxy::app::main using controller at Some(Name(NameAddr { name: DnsName(DNSName("linkerd-proxy-api.linkerd.svc.cluster.local")), port: 8086 }))
INFO linkerd2_proxy::app::main routing on V4(127.0.0.1:4140)
INFO linkerd2_proxy::app::main proxying on V4(0.0.0.0:4143) to None
INFO linkerd2_proxy::app::main serving Prometheus metrics on V4(0.0.0.0:4191)
INFO linkerd2_proxy::app::main protocol detection disabled for inbound ports {25, 3306}
INFO linkerd2_proxy::app::main protocol detection disabled for outbound ports {25, 3306}
WARN 10.244.1.137:8000 linkerd2_proxy::proxy::reconnect connect error to Config { target: Target { addr: V4(10.244.1.137:8000), tls: None(InternalTraffic), _p: () }, settings: Http2, _p: () }: Connection refused (os error 111) (address: 127.0.0.1:8000)
如何让我的 grpc 服务与 Linkerd 一起工作?或者有没有更好的方案在kubernetes中负载均衡grpc服务?
通过指定GRPC_HOST到127.0.0.1允许Linkerd连接到grpc服务器。由于 linkerd 代理将使用环回地址连接到其他容器,在这种情况下为 grpc 服务。
根据this article,我正在尝试将 Linkerd 与我在 kubernetes 上的 grpc 服务集成以解决负载平衡问题,但是在使用 Linkerd 和 grpc 客户端冻结时我的 grpc 服务无法接收任何请求,抛出 no例外。服务端和客户端都是.Net Core应用,使用不安全的凭证。
我做了一些测试。 grpc 服务器可以在没有 Linkerd 的情况下工作,Linkerd 可以与 ASP.NET Core web api.
一起工作我遵循了官方说明:Getting Started and Adding Your Service。这是生成的 yaml:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: demogrpc
name: demogrpc
spec:
replicas: 3
selector:
matchLabels:
app: demogrpc
strategy: {}
template:
metadata:
annotations:
linkerd.io/created-by: linkerd/cli stable-2.1.0
linkerd.io/proxy-version: stable-2.1.0
creationTimestamp: null
labels:
app: demogrpc
linkerd.io/control-plane-ns: linkerd
linkerd.io/proxy-deployment: demogrpc
spec:
containers:
- env:
- name: GRPC_HOST
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: SERVICE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: GRPC_PORT
value: "8000"
image: 192.168.99.25:30000/demogrpchost:1.0.9
imagePullPolicy: Always
name: demogrpc
resources: {}
- env:
- name: LINKERD2_PROXY_LOG
value: warn,linkerd2_proxy=info
- name: LINKERD2_PROXY_BIND_TIMEOUT
value: 10s
- name: LINKERD2_PROXY_CONTROL_URL
value: tcp://linkerd-proxy-api.linkerd.svc.cluster.local:8086
- name: LINKERD2_PROXY_CONTROL_LISTENER
value: tcp://0.0.0.0:4190
- name: LINKERD2_PROXY_METRICS_LISTENER
value: tcp://0.0.0.0:4191
- name: LINKERD2_PROXY_OUTBOUND_LISTENER
value: tcp://127.0.0.1:4140
- name: LINKERD2_PROXY_INBOUND_LISTENER
value: tcp://0.0.0.0:4143
- name: LINKERD2_PROXY_DESTINATION_PROFILE_SUFFIXES
value: .
- name: LINKERD2_PROXY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: gcr.io/linkerd-io/proxy:stable-2.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /metrics
port: 4191
initialDelaySeconds: 10
name: linkerd-proxy
ports:
- containerPort: 4143
name: linkerd-proxy
- containerPort: 4191
name: linkerd-metrics
readinessProbe:
httpGet:
path: /metrics
port: 4191
initialDelaySeconds: 10
resources: {}
securityContext:
runAsUser: 2102
terminationMessagePolicy: FallbackToLogsOnError
imagePullSecrets:
- name: kubernetes-registry
initContainers:
- args:
- --incoming-proxy-port
- "4143"
- --outgoing-proxy-port
- "4140"
- --proxy-uid
- "2102"
- --inbound-ports-to-ignore
- 4190,4191
image: gcr.io/linkerd-io/proxy-init:stable-2.1.0
imagePullPolicy: IfNotPresent
name: linkerd-init
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: false
terminationMessagePolicy: FallbackToLogsOnError
status: {}
这是来自其中一个 linkerd-proxy 的日志消息:
INFO linkerd2_proxy::app::main using controller at Some(Name(NameAddr { name: DnsName(DNSName("linkerd-proxy-api.linkerd.svc.cluster.local")), port: 8086 }))
INFO linkerd2_proxy::app::main routing on V4(127.0.0.1:4140)
INFO linkerd2_proxy::app::main proxying on V4(0.0.0.0:4143) to None
INFO linkerd2_proxy::app::main serving Prometheus metrics on V4(0.0.0.0:4191)
INFO linkerd2_proxy::app::main protocol detection disabled for inbound ports {25, 3306}
INFO linkerd2_proxy::app::main protocol detection disabled for outbound ports {25, 3306}
WARN 10.244.1.137:8000 linkerd2_proxy::proxy::reconnect connect error to Config { target: Target { addr: V4(10.244.1.137:8000), tls: None(InternalTraffic), _p: () }, settings: Http2, _p: () }: Connection refused (os error 111) (address: 127.0.0.1:8000)
如何让我的 grpc 服务与 Linkerd 一起工作?或者有没有更好的方案在kubernetes中负载均衡grpc服务?
通过指定GRPC_HOST到127.0.0.1允许Linkerd连接到grpc服务器。由于 linkerd 代理将使用环回地址连接到其他容器,在这种情况下为 grpc 服务。