英文:
GKE Ingress Using Internal IP
问题
我有一个使用golang的GKE服务应用程序。我希望该应用程序只能通过相同的VPC访问(因为它将使用Kong公开到公共域)。但是,每次我在GKE内部创建ALB Ingress时,都会返回如下错误:
Error syncing to GCP: error running load balancer syncing routine: loadbalancer ad8b7iw3-gke-app-event-ingress-n1p8mv91 does not exist: googleapi: Error 400: Invalid value for field 'resource.target': 'https://www.googleapis.com/compute/v1/projects/gke-project/regions/asia-southeast2/targetHttpProxies/k8s2-tp-ad8b7iw3-gke-app-event-ingress-n1p8mv91'. An active proxy-only subnetwork is required in the same region and VPC as the forwarding rule.
编辑后,错误信息如下:
Missing one or more resources. If resource creation takes longer than expected, you might have an invalid configuration.
我已经创建了svc和ingress的YAML文件来处理这个问题:
ingress.yaml
apiVersion: networking.k8s.io/v1kind: Ingressmetadata:labels:app: gke-appname: event-ingressnamespace: gke-appspec:ingressClassName: "gce-internal"defaultBackend:service:name: gke-svcport:number: 8003rules:- host: event.staginggke.my.idhttp:paths:- path: "/"pathType: Prefixbackend:service:name: gke-svcport:number: 8003
svc.yaml
apiVersion: v1kind: Servicemetadata:name: gke-svcnamespace: gke-appannotations:cloud.google.com/neg: '{"ingress": true}'networking.gke.io/load-balancer-type: "Internal"labels:app: gke-appspec:sessionAffinity: ClientIPselector:app: gke-appports:- port: 8003 # Port outputtargetPort: 8000 # Container portprotocol: TCPname: httpnodePort: 30473 # Node Port Statictype: LoadBalancerloadBalancerIP: 10.184.0.12externalTrafficPolicy: Cluster
谢谢你的帮助! 
英文:
I have a GKE service app using golang. I want to make the app only accessible with same vpc (because it will exposed using kong to public domain). But everytime i make the internal alb ingress inside GKE, it returns an error like this
Error syncing to GCP: error running load balancer syncing routine: loadbalancer ad8b7iw3-gke-app-event-ingress-n1p8mv91 does not exist: googleapi: Error 400: Invalid value for field 'resource.target': 'https://www.googleapis.com/compute/v1/projects/gke-project/regions/asia-southeast2/targetHttpProxies/k8s2-tp-ad8b7iw3-gke-app-event-ingress-n1p8mv91'. An active proxy-only subnetwork is required in the same region and VPC as the forwarding rule.
EDITED
For now the error return like this
Missing one or more resources. If resource creation takes longer than expected, you might have an invalid configuration.
i have make svc and ingress yaml file to handle this:
ingress.yaml
apiVersion: networking.k8s.io/v1kind: Ingressmetadata:labels:app: gke-appname: event-ingressnamespace: gke-appspec:ingressClassName: "gce-internal"defaultBackend:service:name: gke-svcport:number: 8003rules:- host: event.staginggke.my.idhttp:paths:- path: "/"pathType: Prefixbackend:service:name: gke-svcport:number: 8003
svc.yaml
apiVersion: v1kind: Servicemetadata:name: gke-svcnamespace: gke-appannotations:cloud.google.com/neg: '{"ingress": true}'networking.gke.io/load-balancer-type: "Internal"labels:app: gke-appspec:sessionAffinity: ClientIPselector:app: gke-appports:- port: 8003 # Port outputtargetPort: 8000 # Container portprotocol: TCPname: httpnodePort: 30473 # Node Port Statictype: LoadBalancerloadBalancerIP: 10.184.0.12externalTrafficPolicy: Cluster
Thank you for helping!!!
答案1
得分: 0
您缺少一个仅代理的子网。您需要在与您的GKE集群相同的VPC/Subnet中创建一个子网。
https://cloud.google.com/load-balancing/docs/l7-internal/setting-up-l7-internal#configure-a-network
英文:
You are missing a proxy-only subnet. You need to create one in the same VPC/Subnet your GKE cluster is on
https://cloud.google.com/load-balancing/docs/l7-internal/setting-up-l7-internal#configure-a-network
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论