我可能会在这里提出一个错误的问题,但我正在尝试创建一个像这样的内部负载均衡器
我有一个可由<?php
$id = $_GET['id'];
session_start();
include("Web_Framework/database_connect.php");
$file = $_FILES['image']['tmp_name'];
if(!isset($file))
{
echo 'Please select an Image';
}
else
{
$image_check = getimagesize($_FILES['image']['tmp_name']);
if($image_check==false)
{
echo 'Not a Valid Image';
}
else
{
$image = file_get_contents($_FILES['image']['tmp_name']);
$image_name = $_FILES['image']['name'];
$image_query = mysqli_query($connect, "INSERT INTO pictures (image, name, item_id) VALUES ('{$image}', '{$_FILES['image']['tmp_name']}', '{$id}')");
header('location:Web_Framework/index.php');
}
}
?>
访问的API服务和一个简单的nginx网关服务,即proxy_pass http://[api_service_name]:3000到http://[gateway_service_name]:80
我的API服务service.yaml文件是
http://[api_service_name]:3000我的API服务deployment.yaml文件是
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
service: api-service-name
name: api-service-name
spec:
ports:
- name: "3000"
port: 3000
targetPort: 3000
selector:
service: api-service-name
status:
loadBalancer: {}
而我的nginx service.yaml是
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
name: api-service-name
spec:
replicas: 1
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
service: api-service-name
spec:
containers:
- env:
...
image: ...
name: api-service-name
ports:
- containerPort: 3000
resources: {}
restartPolicy: Always
status: {}
和deployment.yaml是
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
service: gateway-service-name
name: gateway-service-name
spec:
ports:
- name: "80"
port: 80
protocol: TCP
targetPort: 80
selector:
service: gateway-service-name
type: LoadBalancer
externalName: gateway-service-name
status:
loadBalancer: {}
这些设置适用于外部负载均衡器/网关。当我apiVersion: extensions/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
name: gateway-service-name
spec:
replicas: 1
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
service: gateway-service-name
spec:
containers:
- image: ...
name: gateway-service-name
ports:
- containerPort: 80
resources: {}
restartPolicy: Always
status: {}
打印
kubectl get svc我可以浏览NAME CLUSTER-IP EXTERNAL-IP
gateway-service-name gateway.int.ip.add.ress gateway.ext.ip.add.ress
api-service-name api.int.ip.add.ress <none>
就好了
我想知道我是否可以实现相同的功能而无需为我的网关设置外部IP地址,而是使用http://gateway.ext.ip.add.ress/any_available_endpoints代替
我尝试使用默认的http://gateway.int.ip.add.ress/any_available_endpoints ClusterIp,但它无效
注意:我将通过vpn访问网络,而另一个群集上的另一个服务将在内部访问
更新:我最终将我的客户端(网络)放在同一个集群中,这样我的网关就不必拥有外部IP地址,我不确定这是否是正确的方法,但会保留它现在就像这样
答案 0 :(得分:1)
只能从同一群集中的其他服务访问ClusterIP Service,因此,如果您的服务位于ClusterA中且您的VPN位于ClusterB中,则VPN无法访问它作为ClusterIP Service。
一种选择是继续使用LoadBalancer Service的公共IP,并配置防火墙,使用loadBalancerSourceRanges设置将流量限制为仅来自您的VPN 1}}(https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/)
如果ClusterA和ClusterB都在同一网络上(这是新群集的默认设置),则您拥有的另一个选项是Service用于type: NodePort。这将在ClusterA中的每个节点的静态端口上公开服务,而无需在默认防火墙中打开任何端口。
如果ClusterA的节点具有IP地址10.128.0.2,10.128.0.3和10.128.0.4,并且您可以像这样配置Service
Service然后您应该可以通过apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
service: gateway-service-name
name: gateway-service-name
spec:
ports:
- name: "80"
port: 80
nodePort: 80
protocol: TCP
targetPort: 80
selector:
service: gateway-service-name
type: NodePort
externalName: gateway-service-name
或http://10.128.0.2/any_available_endpoints或http://10.128.0.3/any_available_endpoints