英文:
GKE Ingress Using Internal IP
问题
我有一个使用Golang的GKE服务应用程序。我想让这个应用程序只能在同一VPC中访问(因为它将使用Kong公开到公共域)。但是每次我在GKE内部创建ALB Ingress时,它都会返回如下错误:
同步到GCP时出错:运行负载均衡器同步例程时出错:负载均衡器ad8b7iw3-gke-app-event-ingress-n1p8mv91不存在:googleapi错误400:字段'resource.target'的值无效:'https://www.googleapis.com/compute/v1/projects/gke-project/regions/asia-southeast2/targetHttpProxies/k8s2-tp-ad8b7iw3-gke-app-event-ingress-n1p8mv91'。在与转发规则相同的区域和VPC中需要一个活跃的代理专用子网。
已编辑,现在错误信息如下:
缺少一个或多个资源。如果资源创建时间超过预期,可能存在配置错误。
我已经创建了用于处理此问题的Service和Ingress YAML文件:
ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app: gke-app
name: event-ingress
namespace: gke-app
spec:
ingressClassName: "gce-internal"
defaultBackend:
service:
name: gke-svc
port:
number: 8003
rules:
- host: event.staginggke.my.id
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: gke-svc
port:
number: 8003
svc.yaml
apiVersion: v1
kind: Service
metadata:
name: gke-svc
namespace: gke-app
annotations:
cloud.google.com/neg: '{"ingress": true}'
networking.gke.io/load-balancer-type: "Internal"
labels:
app: gke-app
spec:
sessionAffinity: ClientIP
selector:
app: gke-app
ports:
- port: 8003 # 输出端口
targetPort: 8000 # 容器端口
protocol: TCP
name: http
nodePort: 30473 # 节点端口静态分配
type: LoadBalancer
loadBalancerIP: 10.184.0.12
externalTrafficPolicy: Cluster
谢谢您的帮助! 
英文:
I have a GKE service app using golang. I want to make the app only accessible with same vpc (because it will exposed using kong to public domain). But everytime i make the internal alb ingress inside GKE, it returns an error like this
Error syncing to GCP: error running load balancer syncing routine: loadbalancer ad8b7iw3-gke-app-event-ingress-n1p8mv91 does not exist: googleapi: Error 400: Invalid value for field 'resource.target': 'https://www.googleapis.com/compute/v1/projects/gke-project/regions/asia-southeast2/targetHttpProxies/k8s2-tp-ad8b7iw3-gke-app-event-ingress-n1p8mv91'. An active proxy-only subnetwork is required in the same region and VPC as the forwarding rule.
EDITED
For now the error return like this
Missing one or more resources. If resource creation takes longer than expected, you might have an invalid configuration.
i have make svc and ingress yaml file to handle this:
ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app: gke-app
name: event-ingress
namespace: gke-app
spec:
ingressClassName: "gce-internal"
defaultBackend:
service:
name: gke-svc
port:
number: 8003
rules:
- host: event.staginggke.my.id
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: gke-svc
port:
number: 8003
svc.yaml
apiVersion: v1
kind: Service
metadata:
name: gke-svc
namespace: gke-app
annotations:
cloud.google.com/neg: '{"ingress": true}'
networking.gke.io/load-balancer-type: "Internal"
labels:
app: gke-app
spec:
sessionAffinity: ClientIP
selector:
app: gke-app
ports:
- port: 8003 # Port output
targetPort: 8000 # Container port
protocol: TCP
name: http
nodePort: 30473 # Node Port Static
type: LoadBalancer
loadBalancerIP: 10.184.0.12
externalTrafficPolicy: Cluster
Thank you for helping!!!
答案1
得分: 0
你需要创建一个仅代理子网,该子网位于与你的GKE集群相同的VPC/Subnet中。
https://cloud.google.com/load-balancing/docs/l7-internal/setting-up-l7-internal#configure-a-network
英文:
You are missing a proxy-only subnet. You need to create one in the same VPC/Subnet your GKE cluster is on
https://cloud.google.com/load-balancing/docs/l7-internal/setting-up-l7-internal#configure-a-network
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论