用于无头服务的GKE内部入口

Question

我正在尝试创建一个内部入口，用于与gke的集群间通信。我试图公开的服务是无头的，它指向集群上的kafka-broker。

但是，当我尝试加载入口时，它说找不到服务？

Warning  Sync    3m22s (x17 over 7m57s)  loadbalancer-controller  Error syncing to GCP: error running load balancer syncing routine: loadbalancer coilwp7v-redpanda-test-abc123-redpanda-japm3lph does not exist: googleapi: Error 400: Invalid value for field 'resource.target': 'https://www.googleapis.com/compute/v1/projects/abc-123/regions/europe-west2/targetHttpProxies/k8s2-tp-coilwp7v-redpanda-test-abc123-redpanda-japm3lph'. A reserved and active subnetwork is required in the same region and VPC as the forwarding rule., invalid

入口：

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: abc-redpanda
  namespace: redpanda-test
  annotations:
    kubernetes.io/ingress.class: "gce-internal"
spec:
  defaultBackend:
    service:
      name: redpanda-service
      port:
        number: 9092

服务：

apiVersion: v1
kind: Service
metadata:
  name: redpanda-service
  namespace: redpanda-test
  annotations:
    io.cilium/global-service: "true"
    cloud.google.com/neg: '{"ingress": true}'
  labels:
    app: abc-panda
spec:
  type: ExternalName
  externalName: redpanda-cluster-0.redpanda-cluster.redpanda-test.svc.cluster.local
  ports:
    - port: 9092
      targetPort: 9092

Answer 1

设置内部负载均衡的入口需要在您的GKE集群使用的同一VPC上配置一个仅代理子网。此子网将用于负载平衡器代理。您还需要创建一个fw规则来允许通信。

先查看入口的prereqs，然后查看here，了解如何为您的私有网络设置仅代理子网。