我正在尝试在包含入口详细信息的 GKE 中部署应用程序
values.yaml
# Default values for test-frontend.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
namespace: isp
replicaCount: 2
image:
repository: test.code.com/test/test-frontend
pullPolicy: Always
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets:
- name: docker-cfg
nameOverride: ""
fullnameOverride: "test-frontend"
serviceAccount:
# Specifies whether a service account should be created
create: false
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: "cloudsql-sa"
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
name: isp-stabsuite-frontend-service
annotations:
cloud.google.com/neg: '{"ingress": true}'
type: NodePort
port: 80
resources:
limits:
cpu: 350m
memory: 1000Mi
requests:
cpu: 250m
memory: 750Mi
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 350m
# memory: 1000Mi
# requests:
# cpu: 250m
# memory: 750Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
#########Required Modifications###############
configmap:
name: test-frontend-configmap
env:
GET_HOSTS_FROM: "dns"
REACT_APP_BACKEND_API: "/api/v1"
REACT_APP_GOOGLE_CLIENT_ID: ""
APP_DB_CONNECTION_STRING: ""
NODE_ENV: "production"
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "gce-internal"
kubernetes.io/ingress.regional-static-ip-name : "ingress-internal-static-ip"
kubernetes.io/ingress.allow-http: "false"
hosts:
- host: test-sandbox.test.com
paths:
- path: "/"
servicename: test-frontend-service
serviceport: 80
- path: "/api/"
servicename: test-backend-service
serviceport: 80
tls:
- hosts:
- test-sandbox.test.com
secretName: ingress-tls-credential-file
type: kubernetes.io/tls
#########Required Subchart Modifications###
isp-stabsuite-backend:
cloudsqlConnection: ""
cloudsqlproxySa: ""
service:
name: test-backend-service
bigquerysecret:
name: gcp-bigquery-credential-file
type: Opaque
content:
credentials: test
入口模板文件
{{- if .Values.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Values.global.namespace }}-ingress
namespace: {{ .Values.global.namespace }}
labels:
{{- include "test-frontend.labels" . | nindent 4 }}
annotations:
kubernetes.io/ingress.class: "gce-internal"
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.global-static-ip-name : "ingress-internal-static-ip"
cloud.google.com/neg: '{"ingress": true}'
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
pathType: Prefix
backend:
service:
name: {{ .servicename }}
port:
number: {{ .serviceport }}
{{- end }}
{{- end }}
{{- end }}
当它尝试创建入口时,会出现以下错误
同步到 GCP 时出错:运行负载均衡器同步例程时出错: 负载均衡器 z30rnomw-isp-isp-ingress-pjgwvt2i 不存在:无效 配置:HTTP 和 HTTPS 均已禁用 (kubernetes.io/ingress.allow-http 为 false,并且没有有效的 TLS 配置);您的 Ingress 将无法提供任何流量
即使我清理入口并尝试安装新的入口,它也会使用相同的 LoadBalancer ID 抛出相同的错误(loadbalancer z30rnomw-isp-isp-ingress-pjgwvt2i)
kubectl describe ingress test-ingress -n test
Name: test-ingress
Labels: app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=test-frontend
app.kubernetes.io/type=frontend
app.kubernetes.io/version=1.16.0
helm/chart=test-frontend-0.1.0
Namespace: isp
Address:
Ingress Class: <none>
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
test-sandbox.test.com
/ test-frontend-service:80 (xxx.xx.xxx.xx:80,xxx.xx.xxx.xx:80)
/api/ test-backend-service:80 (xxx.xx.xxx.xx:80,xxx.xx.xxx.xx:80,xxx.xx.xxx.xx:80)
Annotations: cloud.google.com/neg: {"ingress": true}
kubernetes.io/ingress.allow-http: false
kubernetes.io/ingress.class: gce-internal
kubernetes.io/ingress.regional-static-ip-name: ingress-internal-static-ip
meta.helm.sh/release-name: test-frontend
meta.helm.sh/release-namespace: default
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 113s (x4 over 21m) loadbalancer-controller Scheduled for sync
Warning Sync 24s (x19 over 18m) loadbalancer-controller Error syncing to GCP: error running load balancer syncing routine: loadbalancer z30rnomw-isp-isp-ingress-pjgwvt2i does not exist: invalid configuration: both HTTP and HTTPS are disabled (kubernetes.io/ingress.allow-http is false and there is no valid TLS configuration); your Ingress will not be able to serve any traffic
Helm Chart 无法在 ingress.yaml 中添加 TLS 详细信息。我错过了什么吗?
我看到一个自定义的 k8s 命名空间
ispdefault