我们使用入口(kubernetes_ingress.db_admin_ingress(在带有Terraform的Google Kubernetes Engine(GKE(中公开部署(kubernetes_deployment.db_admin(的服务(kubernetes_service.db_admin(。
当Terraform创建入口时,会自动创建一个带有默认健康检查的7级负载均衡器:
- 端口:80
- 路径:
/ - 协议:HTTP(S(
我们的部署(kubernetes_deployment.db_admin(没有用200响应路径/,因此运行状况检查失败。
如何更改健康检查配置中的路径?
resource "google_compute_managed_ssl_certificate" "db_admin_ssl_certificate" {
provider = google-beta
name = "db-admin-ssl-certificate"
managed {
domains = ["db.${var.domain}."]
}
}
resource "kubernetes_deployment" "db_admin" {
metadata {
name = "db-admin"
labels = {
App = "db-admin"
}
}
spec {
replicas = 1
selector {
match_labels = {
App = "db-admin"
}
}
template {
metadata {
labels = {
App = "db-admin"
}
}
spec {
container {
image = "dpage/pgadmin4:2022-01-10-1"
name = "db-admin"
env {
name = "PGADMIN_DEFAULT_EMAIL"
value = "test@test.com"
}
env {
name = "PGADMIN_DEFAULT_PASSWORD"
value = "test"
}
port {
container_port = 80
}
resources {}
}
}
}
}
}
resource "kubernetes_service" "db_admin" {
metadata {
name = "db-admin"
}
spec {
selector = {
App = kubernetes_deployment.db_admin.spec.0.template.0.metadata[0].labels.App
}
port {
protocol = "TCP"
port = 80
target_port = 80
}
type = "NodePort"
}
}
resource "kubernetes_ingress" "db_admin_ingress" {
wait_for_load_balancer = true
metadata {
name = "db-admin-ingress"
annotations = {
"ingress.gcp.kubernetes.io/pre-shared-cert" = google_compute_managed_ssl_certificate.db_admin_ssl_certificate.name
}
}
spec {
rule {
http {
path {
backend {
service_name = "db-admin"
service_port = 80
}
path = "/*"
}
}
}
}
}
根据此处的Google Kubernetes Engine(GKE(官方文档,您可以通过以下任一方式自定义ingress/Level 7负载均衡器的健康检查:
-
pod内container的readinessProbe您的ingress正在为提供流量警告:此方法在此处附带警告
-
backendconfig资源
我强烈建议创建backendconfig资源。
不幸的是,kubernetesTerraform提供程序似乎不支持基于此GitHub问题的backendconfig资源。这意味着您可以:
- 使用
kubernetes-alpha提供程序(在此处找到(将YAMLbackendconfig清单转录到HCL,并使用唯一kubernetes-alpha资源的manifest参数:kubernetes-manifest(在此处了解更多信息( - 使用非官方提供程序(如此处的
banzaicloud/k8s( - 将
backendconfig清单(作为JSON或YAML(检查到SCM中
样本backendconfigYAML清单:
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
name: db-admin
namespace: default
spec:
healthCheck:
checkIntervalSec: 30
timeoutSec: 5
healthyThreshold: 1
unhealthyThreshold: 2
type: HTTP
requestPath: /v1/some/path
port: 80
注意:需要service将backendconfig与ingress/级别7负载均衡器关联
apiVersion: v1
kind: Service
metadata:
name: db-admin-ingress-backend-config
labels:
app: db-admin
annotations:
cloud.google.com/backend-config: '{"ports": {"80":"db-admin"}}'
cloud.google.com/neg: '{"ingress": true}'
spec:
type: NodePort
selector:
app: db-admin
ports:
- port: 80
protocol: TCP
targetPort: 80
您可以在此处了解有关backendconfig资源及其所需service的更多信息。