kubernetes - 无法使用 istio 公开 gRPC 服务器
问题描述
我不擅长英语,所以如果我说一些奇怪的话,我很抱歉。
现在我正在使用 istio 在 GKE 上开发一个 gRPC 服务器,当我使用 DNS 从集群内的另一个 pod 调用时,我的服务器可以正常工作。但是,来自集群外部的调用总是返回“超出上下文期限”。
我实现了名为 ms-user 的部署,它具有运行我的 grpc 服务器的 pod,端口为 5000,并在命名空间“default”中跟踪资源。
apiVersion: v1
kind: Service
metadata:
name: ms-user
spec:
selector:
app: ms-user
ports:
- name: grpc
protocol: TCP
port: 5000
targetPort: 5000
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gateway-dev
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- '*'
port:
name: grpc
number: 5000
protocol: GRPC
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: ms-user-rule-dev
spec:
host: ms-user
trafficPolicy:
loadBalancer:
simple: ROUND_ROBIN
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: vs-dev
spec:
hosts:
- "*"
gateways:
- gateway-dev
grpc:
- match:
- port: 5000
route:
- destination:
host: ms-user
port:
number: 5000
我将以下清单部署到命名空间“istio-system”:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: gke-ingress
namespace: istio-system
annotations:
kubernetes.io/ingress.global-static-ip-name: "istio-endpoint-dev"
spec:
rules:
- http:
paths:
- backend:
serviceName: istio-ingressgateway
servicePort: 5000
---
apiVersion: v1
kind: Service
metadata:
name: istio-ingressgateway
namespace: istio-system
...
spec:
...
ports:
...
- name: grpc
nodePort: 30001
port: 5000
protocol: TCP
targetPort: 5000
selector:
app: istio-ingressgateway
istio: ingressgateway
release: istio
sessionAffinity: None
type: LoadBalancer
...
然后,我正在使用 grpcurl 进行测试。
$ grpcurl -plaintext -proto=PATH_TO_PROTO MY_gke_ingress_STATIC_IP:5000 foo.FooService.Foo
Failed to dial target host "IPADRESS:5000": context deadline exceeded
我可以从一些 pod 调用它。
$ kubectl exec -it foo-pod -- bash
> grpcurl -plaintext -proto=PATH_TO_PROTO ms-user:5000 foo.FooService.Foo
{"result": "OK"}
我该如何解决它..?谢谢,
附言
$ kubectl describe -n istio-system svc istio-ingressgateway
Name: istio-ingressgateway
Namespace: istio-system
Labels: addonmanager.kubernetes.io/mode=Reconcile
app=istio-ingressgateway
chart=gateways
heritage=Tiller
istio=ingressgateway
k8s-app=istio
kubernetes.io/cluster-service=true
release=istio
Annotations: <none>
Selector: app=istio-ingressgateway,istio=ingressgateway,release=istio
Type: LoadBalancer
IP Families: <none>
IP: 10.99.253.103
IPs: <none>
IP: 34.84.8.68
LoadBalancer Ingress: 34.84.8.68
Port: grpc 5000/TCP
TargetPort: 5000/TCP
NodePort: grpc 30002/TCP
Endpoints: 10.96.2.46:5000
Port: status-port 15020/TCP
TargetPort: 15020/TCP
NodePort: status-port 31198/TCP
Endpoints: 10.96.2.46:15020
Port: http2 80/TCP
TargetPort: 80/TCP
NodePort: http2 31829/TCP
Endpoints: 10.96.2.46:80
Port: https 443/TCP
TargetPort: 443/TCP
NodePort: https 31765/TCP
Endpoints: 10.96.2.46:443
Port: tcp 31400/TCP
TargetPort: 31400/TCP
NodePort: tcp 31457/TCP
Endpoints: 10.96.2.46:31400
Port: https-kiali 15029/TCP
TargetPort: 15029/TCP
NodePort: https-kiali 32025/TCP
Endpoints: 10.96.2.46:15029
Port: https-prometheus 15030/TCP
TargetPort: 15030/TCP
NodePort: https-prometheus 30814/TCP
Endpoints: 10.96.2.46:15030
Port: https-grafana 15031/TCP
TargetPort: 15031/TCP
NodePort: https-grafana 31953/TCP
Endpoints: 10.96.2.46:15031
Port: https-tracing 15032/TCP
TargetPort: 15032/TCP
NodePort: https-tracing 31170/TCP
Endpoints: 10.96.2.46:15032
Port: tls 15443/TCP
TargetPort: 15443/TCP
NodePort: tls 31927/TCP
Endpoints: 10.96.2.46:15443
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
解决方案
推荐阅读
- kotlin - Detekt 返回类型注释始终为空
- .net - Apache Ignite 2.10 没有客户端连接,但服务器堆增加缓慢
- javascript - 如何更改 react-google-maps 的标记标签颜色
- mongodb - 从 mongodb 领域 UI 提交到 Github
- javascript - 在 Google App Engine 上部署反应应用程序:app.yaml 路径问题
- python - 当使用 keras 并尝试在我的 GPU 上训练我的模型时,我的程序会因为“整数值:x 太大”而关闭。我该如何解决?
- templates - 模板中的 AnsibleUndefinedVariable
- reactjs - GraphQL 和直接获取数据
- oracle - 如何将两个查询的结果合并到一个单元格中?
- c# - 在 SignalR Hub 内将部分视图呈现为字符串