我刚刚将GKE从1.24升级到1.25,NEG Health Checks开始显示RED -不健康
我用的是NEG。for Ingress controller:
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx-controller-neg
namespace: ingress-nginx
annotations:
cloud.google.com/neg: '{"exposed_ports": {"80":{}}}'
spec: # Service's specification
type: NodePort
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
健康检查是非常基本的TCP健康检查端口80:
{
"checkIntervalSec": 1,
"description": "",
"healthyThreshold": 2,
"kind": "compute#healthCheck",
"logConfig": {
"enable": true
},
"name": "neg-tcp-health-check",
"tcpHealthCheck": {
"portSpecification": "USE_SERVING_PORT",
"proxyHeader": "NONE"
},
"timeoutSec": 1,
"type": "TCP",
"unhealthyThreshold": 2
}
复制你可以使用Nginx入口https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.5.1/deploy/static/provider/cloud/deploy.yaml
我在某个地方错过了一些弃用或api的变化,有人能给我指出正确的方向吗?谢谢你!
随着升级,一些网络标签被改变了,我确实错过了,总是检查你的防火墙规则的NEG!
Gcloud命令示例:gcloud compute firewall-rules create fw-allow-health-check-and-proxy
--network=default
--action=allow
--direction=ingress
--target-tags={NEWTWORK_TAG}
--source-ranges=130.211.0.0/22,35.191.0.0/16
--rules=tcp:{ALLOW_PORT}