我正在尝试在Azure Kubernetes群集的外部IP地址上使用type: LoadBalancer公开我的Python应用程序。但是,无论我做什么(据我所知),我都无法访问IP地址。我正在使用Terraform来配置群集。请在下面查看我的文件;
deployment.yml
apiVersion: v1
kind: Namespace
metadata:
name: identity
namespace: default
---
apiVersion: v1
kind: Service
metadata:
name: identity-svc
namespace: default
labels:
name: identity-svc
env: dev
app: identity-svc
annotations:
service.beta.kubernetes.io/azure-load-balancer-resource-group: MC_identity-k8s-rg_identity-k8s-aks_westeurope
spec:
type: LoadBalancer
ports:
- name: http
port: 80
targetPort: 8000
selector:
app: identity-svc
---
apiVersion: v1
data:
.dockerconfigjson: 50aXR5MngwIn19fQ...
kind: Secret
metadata:
creationTimestamp: null
name: acr-secret
namespace: default
type: kubernetes.io/dockerconfigjson
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: identity-deploy
namespace: default
labels:
name: identity-app
spec:
replicas: 1
selector:
matchLabels:
app: identity-svc
template:
metadata:
namespace: default
labels:
app: identity-svc
spec:
imagePullSecrets:
- name: acr-secret
containers:
- name: identityservice
image: identityservice.azurecr.io/identityservice:${{ github.run_id }}
env:
- name: SECRET_KEY
value: ${secrets.SECRET_KEY}
- name: ALLOWED_HOSTS
value: ${secrets.ALLOWED_HOSTS}
- name: DATABASE_HOST
value: ${secrets.DATABASE_HOST}
- name: DEBUG
value: true
resources:
requests:
cpu: 0.5
memory: "500Mi"
limits:
cpu: 2
memory: "1000Mi"
ports:
- containerPort: 8000
name: http
imagePullPolicy: Always
restartPolicy: Always
service.yml
apiVersion: v1
kind: Service
metadata:
name: identity-svc
namespace: default
labels:
name: identity-svc
env: dev
app: identity-svc
spec:
selector:
app: identity-svc
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 8000
aks-cluster.tf
resource "azurerm_kubernetes_cluster" "aks" {
name = "${var.name_prefix}-aks"
location = var.location
resource_group_name = var.resourcename
dns_prefix = "${var.name_prefix}-dns"
kubernetes_version = "1.19.0"
default_node_pool {
name = "identitynode"
node_count = 1
vm_size = "Standard_D2_v2"
os_disk_size_gb = 30
}
service_principal {
client_id = var.client_id
client_secret = var.client_secret
}
network_profile {
network_plugin = "kubenet"
load_balancer_sku = "Standard"
}
}
我还尝试使用以下方法实现nginx入口;
provider "helm" {
# install_tiller = true
kubernetes {
host = azurerm_kubernetes_cluster.aks.kube_config.0.host
client_certificate = base64decode(azurerm_kubernetes_cluster.aks.kube_config.0.client_certificate)
client_key = base64decode(azurerm_kubernetes_cluster.aks.kube_config.0.client_key)
cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.aks.kube_config.0.cluster_ca_certificate)
load_config_file = false
}
}
# Add Kubernetes Stable Helm charts repo
data "helm_repository" "stable" {
name = "stable"
url = "https://kubernetes-charts.storage.googleapis.com"
}
# Create Static Public IP Address to be used by Nginx Ingress
resource "azurerm_public_ip" "nginx_ingress" {
name = "nginx-ingress-pip"
location = azurerm_kubernetes_cluster.aks.location
resource_group_name = azurerm_kubernetes_cluster.aks.node_resource_group
sku = "Standard"
allocation_method = "Static"
domain_name_label = var.name_prefix
}
# Install Nginx Ingress using Helm Chart
resource "helm_release" "nginx" {
name = "nginx-ingress"
repository = data.helm_repository.stable.url
#repository = data.helm_repository.stable.metadata.0.name
chart = "nginx-ingress"
# namespace = "kube-system"
namespace = "default"
set {
name = "rbac.create"
value = "false"
}
set {
name = "controller.service.externalTrafficPolicy"
value = "Cluster"
}
set {
name = "controller.service.loadBalancerIP"
value = azurerm_public_ip.nginx_ingress.ip_address
}
使用最后一个nginx入口,在访问由此产生的外部IP时,我不断收到default backend - 404错误。
我的最终目标是使我的应用程序在外部IP上运行,无论使用哪种方法进行测试。
PS。 Dockerfile和docker-compose也公开了端口8000
任何帮助将不胜感激!