我正在使用ingress为GKE上的consul ui创建一个负载平衡器,配置如下
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: public-apis
spec:
rules:
- host: consul.example.com
http:
paths:
- path: /ui/
pathType: Prefix
backend:
serviceName: hashicorp-consul-ui
servicePort: http
服务hashicorp-consul-ui为clusterIP类型的服务。
同时,我正在创建以下backendConfig
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
name: consul-ui-backendconfig
spec:
healthCheck:
type: HTTP
requestPath: /v1/health/state/failed
port: 80
我正在向clusterIP服务hashicorp-consul-ui添加以下注释
'cloud.google.com/backend-config': '{"ports": {"80":"consul-ui-backendconfig"}}'
此backendConfig为ingress创建的后端服务创建健康检查,此端点返回200。但健康检查失败,入口状态为"不健康">
我在healthCheck上启用了日志,我在NEG上得到了以下日志
healthCheckProbeResult: {
detailedHealthState: "TIMEOUT"
healthCheckProtocol: "HTTP"
healthState: "UNHEALTHY"
ipAddress: "10.24.1.30"
previousDetailedHealthState: "UNKNOWN"
previousHealthState: "UNHEALTHY"
probeCompletionTimestamp: "2021-02-14T03:31:43.337063261Z"
probeRequest: "/v1/health/state/failed"
probeResultText: "HTTP response: , Error: Connection refused"
probeSourceIp: "35.191.9.211"
responseLatency: "0.001265s"
targetIp: "10.24.1.30"
targetPort: 80
}
而且,不确定为什么我只得到一次日志,我不应该定期得到这些日志吗?
还有,谁能指导我如何解决这个healthCheck问题?
默认情况下,Consul API/UI监听端口8500,如果在集群中启用TLS,则监听端口8501。
改变你的入口servicePort使用端口8500。这应该可以解决连接问题。
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: public-apis
spec:
rules:
- host: consul.example.com
http:
paths:
- path: /ui/
pathType: Prefix
backend:
serviceName: hashicorp-consul-ui
servicePort: 8500