负载平衡 pods
Load balancing pods
我有一个 rancher 集群,其中 1 个节点有本地 ip:10.39.93.180
我用 ExternalIp: 10.39.93.180
启动了一个带有 3 个复制和负载均衡器的 pod
可以访问 Pod 端口,但无法访问负载均衡器。
广告连播描述。
Name: development-review-inventory-api-66b6ccfc44-jm59c
Namespace: development-review-inventory
Priority: 0
Node: 10.39.93.185/10.39.93.185
Start Time: Wed, 16 Oct 2019 01:27:59 -0400
Labels: pod-template-hash=66b6ccfc44
run=development-review-inventory-api
Annotations: cni.projectcalico.org/podIP: 10.42.0.13/32
Status: Running
IP: 10.42.0.13
IPs: <none>
Controlled By: ReplicaSet/development-review-inventory-api-66b6ccfc44
Containers:
development-review-inventory-api:
Container ID: docker://103d34497d590cdb391c5c4959b2f308fbacf9abf5e2042314be9583f9cf5dd1
Image: 10.39.93.29:5000/development-review-inventory-api
Image ID: docker-pullable://10.39.93.29:5000/development-review-inventory-api@sha256:b54f5c6e499fb1b9981c97fb00f20a38b75c87c493551d1833928b9e78a1260b
Port: 8510/TCP
Host Port: 0/TCP
State: Running
Started: Wed, 16 Oct 2019 01:28:00 -0400
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-8ptvb (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-8ptvb:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-8ptvb
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 9m43s default-scheduler Successfully assigned development-review-inventory/development-review-inventory-api-66b6ccfc44-jm59c to 10.39.93.185
Normal Pulling 9m42s kubelet, 10.39.93.185 Pulling image "10.39.93.29:5000/development-review-inventory-api"
Normal Pulled 9m42s kubelet, 10.39.93.185 Successfully pulled image "10.39.93.29:5000/development-review-inventory-api"
Normal Created 9m42s kubelet, 10.39.93.185 Created container development-review-inventory-api
Normal Started 9m42s kubelet, 10.39.93.185 Started container development-review-inventory-api
访问 pod 8510
[root@localhost inventory-api]# k exec -it -n development-review-inventory development-review-inventory-api-66b6ccfc44-n4wks -- curl 0.0.0.0:8510
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>
负载均衡器配置
[root@localhost inventory-api]# k get svc -n development-review-inventory development-review-inventory-api -o=yaml --export
Flag --export has been deprecated, This flag is deprecated and will be removed in future.
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
run: development-review-inventory-api
name: development-review-inventory-api
selfLink: /api/v1/namespaces/development-review-inventory/services/development-review-inventory-api
spec:
externalIPs:
- 10.39.93.180
externalTrafficPolicy: Cluster
ports:
- nodePort: 31717
port: 8510
protocol: TCP
targetPort: 8510
selector:
run: development-review-inventory-api
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer: {}
路径 SVC 外部 IP
kubectl patch svc -n development-review-inventory development-review-inventory-api -p '{"spec":{"externalIPs":["10.39.93.180"]}}'
获取 SVC
[root@localhost inventory-api]# k get svc -n development-review-inventory
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
development-review-inventory-api LoadBalancer 10.43.52.1 10.39.93.180 8510:31717/TCP 15m
无法通过平衡器访问
[root@localhost inventory-api]# curl 10.39.93.180:31717
curl: (7) Failed connect to 10.39.93.180:31717; Connection refused
你应该通过暴露的端口访问它,尝试打开
10.39.93.180:8501
如果您可以在此应用程序中添加一个 public URI(如果它需要任何身份验证令牌),然后您可以点击它的路由来验证响应,那就太好了
10.39.93.180:8501/publicURI
我的应用程序确实喜欢这个,而且效果很好
我在裸机上安装了 k8s rancher 集群,它不支持 SVC 类型:像云提供商(AWS、GCL...)的 LoadBalancer。需要安装 https://metallb.universe.tf/ 才能在不更改任何配置的情况下完成工作。
Kubernetes does not offer an implementation of network load-balancers (Services of type LoadBalancer) for bare metal clusters. The implementations of Network LB that Kubernetes does ship with are all glue code that calls out to various IaaS platforms (GCP, AWS, Azure…). If you’re not running on a supported IaaS platform (GCP, AWS, Azure…), LoadBalancers will remain in the “pending” state indefinitely when created.
我有一个 rancher 集群,其中 1 个节点有本地 ip:10.39.93.180
我用 ExternalIp: 10.39.93.180
启动了一个带有 3 个复制和负载均衡器的 pod
可以访问 Pod 端口,但无法访问负载均衡器。
广告连播描述。
Name: development-review-inventory-api-66b6ccfc44-jm59c
Namespace: development-review-inventory
Priority: 0
Node: 10.39.93.185/10.39.93.185
Start Time: Wed, 16 Oct 2019 01:27:59 -0400
Labels: pod-template-hash=66b6ccfc44
run=development-review-inventory-api
Annotations: cni.projectcalico.org/podIP: 10.42.0.13/32
Status: Running
IP: 10.42.0.13
IPs: <none>
Controlled By: ReplicaSet/development-review-inventory-api-66b6ccfc44
Containers:
development-review-inventory-api:
Container ID: docker://103d34497d590cdb391c5c4959b2f308fbacf9abf5e2042314be9583f9cf5dd1
Image: 10.39.93.29:5000/development-review-inventory-api
Image ID: docker-pullable://10.39.93.29:5000/development-review-inventory-api@sha256:b54f5c6e499fb1b9981c97fb00f20a38b75c87c493551d1833928b9e78a1260b
Port: 8510/TCP
Host Port: 0/TCP
State: Running
Started: Wed, 16 Oct 2019 01:28:00 -0400
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-8ptvb (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-8ptvb:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-8ptvb
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 9m43s default-scheduler Successfully assigned development-review-inventory/development-review-inventory-api-66b6ccfc44-jm59c to 10.39.93.185
Normal Pulling 9m42s kubelet, 10.39.93.185 Pulling image "10.39.93.29:5000/development-review-inventory-api"
Normal Pulled 9m42s kubelet, 10.39.93.185 Successfully pulled image "10.39.93.29:5000/development-review-inventory-api"
Normal Created 9m42s kubelet, 10.39.93.185 Created container development-review-inventory-api
Normal Started 9m42s kubelet, 10.39.93.185 Started container development-review-inventory-api
访问 pod 8510
[root@localhost inventory-api]# k exec -it -n development-review-inventory development-review-inventory-api-66b6ccfc44-n4wks -- curl 0.0.0.0:8510
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>
负载均衡器配置
[root@localhost inventory-api]# k get svc -n development-review-inventory development-review-inventory-api -o=yaml --export
Flag --export has been deprecated, This flag is deprecated and will be removed in future.
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
run: development-review-inventory-api
name: development-review-inventory-api
selfLink: /api/v1/namespaces/development-review-inventory/services/development-review-inventory-api
spec:
externalIPs:
- 10.39.93.180
externalTrafficPolicy: Cluster
ports:
- nodePort: 31717
port: 8510
protocol: TCP
targetPort: 8510
selector:
run: development-review-inventory-api
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer: {}
路径 SVC 外部 IP
kubectl patch svc -n development-review-inventory development-review-inventory-api -p '{"spec":{"externalIPs":["10.39.93.180"]}}'
获取 SVC
[root@localhost inventory-api]# k get svc -n development-review-inventory
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
development-review-inventory-api LoadBalancer 10.43.52.1 10.39.93.180 8510:31717/TCP 15m
无法通过平衡器访问
[root@localhost inventory-api]# curl 10.39.93.180:31717
curl: (7) Failed connect to 10.39.93.180:31717; Connection refused
你应该通过暴露的端口访问它,尝试打开
10.39.93.180:8501
如果您可以在此应用程序中添加一个 public URI(如果它需要任何身份验证令牌),然后您可以点击它的路由来验证响应,那就太好了
10.39.93.180:8501/publicURI
我的应用程序确实喜欢这个,而且效果很好
我在裸机上安装了 k8s rancher 集群,它不支持 SVC 类型:像云提供商(AWS、GCL...)的 LoadBalancer。需要安装 https://metallb.universe.tf/ 才能在不更改任何配置的情况下完成工作。
Kubernetes does not offer an implementation of network load-balancers (Services of type LoadBalancer) for bare metal clusters. The implementations of Network LB that Kubernetes does ship with are all glue code that calls out to various IaaS platforms (GCP, AWS, Azure…). If you’re not running on a supported IaaS platform (GCP, AWS, Azure…), LoadBalancers will remain in the “pending” state indefinitely when created.