问题描述

我配置了一个群集，其中所有服务(及其关联的Pod/容器)都部署到了专用子网中.这些Pod之一代表了应用程序的UI，我定义了带有公共ip的负载均衡器，以提供对UI的访问.至少那是我的意图.当我在浏览器中输入带有负载均衡器IP的URL时，请求没有到达UI容器.我认为我的配置不正确，请教一些建议.UI服务的定义如下所示:

I have a cluster configured where the services (and their assoicated pods/containers) are all deployed into a private subnet. One of these pods represents the UI for the application and I've defined a load balancer with a public ip to proivde access to the UI. At least that's my intent. When I enter a URL in my browser with the IP of the load balancer, requests are not making it to the UI container. I assume I have something configured incorrectly and some advice would be appreciated. The definition for the UI service looks like this:

    apiVersion: apps/v1beta1
    kind: Deployment
    metadata: {name: myui, namespace: gem}
    spec:
      replicas: 1
      template:
        metadata:
          labels: {app: myui}
        spec:
          containers:
            image: myblobstore.azurecr.io/myui:latest
            imagePullPolicy: Always
            name: myui
            ports:
            - {containerPort: 80}
    ---
    apiVersion: v1
    kind: Service
    metadata: {name: myapp, namespace: gem}
    spec:
      loadBalancerIP: 40.123.124.125
      ports:
      - {name: '80', port: 80}
      selector: {app: myui}
      type: LoadBalancer

我还在网络安全组中定义了一个规则，该规则旨在允许来自负载均衡器的流量到达目标容器:

I've also defined a rule in my network security group that I had intended to allow traffic from a load balancer to reach the target container:

    65001    AzureLoadBalancerInBound   Any  Any  AzureLoadBalancer  Any  Allow

Traffic不会进入UI容器.我需要什么其他配置才能使其正常工作?

Traffic does not make it to the UI container though. What additional configuration do I need to get this to work?

更新:这是我的群集的端点:

Update: Here are the endpoints for my cluster:

$ kubectl get endpoints -n gem
NAME                ENDPOINTS                       AGE
...
myui                10.0.2.22:80                    176m
...

为完成图片，下面是一些其他信息:

And to complete the picture, here's some additional info:

$ kubectl get pods -n gem -o wide
NAME                                 READY   STATUS             RESTARTS   AGE    IP          NODE                  NOMINATED NODE
...
myui-99c55f8d4-2thzv                 1/1     Running            0          ...

$ kubectl get svc -n gem -o wide
NAME                TYPE           CLUSTER-IP   EXTERNAL-IP     PORT(S)             AGE    SELECTOR
...
myui                LoadBalancer   10.1.0.94    40.123.124.125  80:32246/TCP        3h1m   app=myui
...

$ kubectl describe svc/myui -n gem
Name:                     myui
Namespace:                gem
Labels:                   <none>
Annotations:              kubectl.kubernetes.io/last-applied-configuration:
                            {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"myui","namespace":"gem"},"spec":{"loadBalancerIP":"40.123.124,125"...
Selector:                 app=myui
Type:                     LoadBalancer
IP:                       10.1.0.94
IP:                       40.123.124.125
LoadBalancer Ingress:     40.123.124.125
Port:                     80  80/TCP
TargetPort:               80/TCP
NodePort:                 80  32246/TCP
Endpoints:                10.0.2.22:80
Session Affinity:         None
External Traffic Policy:  Cluster

彼得

推荐答案

最后，解决方案只是确保所使用的网络安全组具有开放的端口80和443，以允许Internet流量通过.我有两个不同的安全组，并认为我的负载均衡器将使用我指定为公共"安全组的那个组，该组的端口80和443确实处于打开状态.相反，它使用了我的其他安全组，并且我不得不向该组添加适当的规则.

In the end the solution was simply to make sure that the network security group being used has ports 80 and 443 open to allow internet traffic to flow. I had two different security groups and thought my load balancer would use the one I designated as my "public" security group, which did have ports 80 and 443 open. It instead used my other security group, and I had to add the appropriate rules to that group.

这篇关于通过AKS集群中的负载均衡器访问服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！