创建 GKE 集群后无法从 Google 云 Shell 访问 Load Banalcer IP

Cannot access Load Banalcer IP from Google Cloud Shell after creating GKE Cluster

我正在学习 GKE 服务并创建了一个 GKE cluster 包含以下信息

 $ gcloud container clusters list
   NAME       LOCATION    MASTER_VERSION  MASTER_IP       MACHINE_TYPE   NODE_VERSION    NUM_NODES  STATUS
   mycluster  us-east1-b  1.14.10-gke.27  35.X.X.X        n1-standard-1  1.14.10-gke.27  3          RUNNING

我创建了自己的 VPC subnet,其范围低于我分配给集群的范围。

   IP address range : 10.7.0.0/24

以下次要 IP 范围由 GKE 引擎分配

   Secondary IP range

  gke-mycluster-pods-765b8f97       10.44.0.0/14    
  gke-mycluster-services-765b8f97   10.237.0.0/20

创建集群后节点信息如下:

  $kubectl get nodes          

  NAME                                       STATUS   ROLES    AGE   VERSION
  gke-mycluster-default-pool-c2ddd83e-km5k   Ready    <none>   21m   v1.14.10-gke.27
  gke-mycluster-default-pool-c2ddd83e-trrl   Ready    <none>   21m   v1.14.10-gke.27
  gke-mycluster-default-pool-c2ddd83e-x4w3   Ready    <none>   21m   v1.14.10-gke.27

我的部署 YAML 如下,它创建了一个 nginx 容器:

  apiVersion: apps/v1
  kind: Deployment
  metadata:
     name: mywebapp-replicaset
     labels:
       app: mywebapp
       type: front-end
     spec:
       template:
         metadata:
         name: myngix-pod
           labels:
             app: mywebapp
             type: front-end
  spec:
    containers:
      - name: nginx
        image: nginx
        ports:
          - containerPort: 80
    replicas: 3
    selector:
    matchLabels:
       type: front-end

下面是我的服务定义

  apiVersion: v1
  kind: Service
  metadata:
     name: mywebapp-services
     labels:
       app: mywebapp
       type: front-end
  spec:
     type: LoadBalancer
     ports:
       - targetPort: 80
         port: 80
     selector:
       app: mywebapp
       type: front-end

使用 kubectl 命令创建服务后,它看起来像这样 

  $ kubectl get services
   NAME                TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
   kubernetes          ClusterIP      10.237.0.1      <none>        443/TCP        23h
   mywebapp-services   LoadBalancer   10.237.12.141   <pending>     80:31102/TCP   6s

现在,如果我尝试从 Gcloud shell 访问 LoadBalancer IP,它会超时,我是否遗漏了什么 

 $ curl http://10.237.12.141:80
 curl: (7) Failed to connect to 10.237.12.141 port 80: Connection timed out

地址 10.x.x.x 是您的 VPC 中的私有 IPv4 地址。 Cloud Shell 不在您的 VPC 中 运行。因此该地址不可到达。您必须使用外部 IP。

有关私有 IPv4 地址的更多信息:

Private IPv4 addresses

还有私有 IPv6 地址。 Google Cloud VPC 不支持 IPv6。某些 Google HTTP(S) 负载均衡器等云服务确实支持 IPv6,但这些资源不属于您项目的 VPC。

VPC networks only support IPv4 unicast traffic. They do not support broadcast, multicast, or IPv6 traffic within the network; VMs in the VPC network can only send to IPv4 destinations and only receive traffic from IPv4 sources. However, it is possible to create an IPv6 address for a global load balancer.

VPC network overview - Specifications