我正在寻找一种可能性,即在 kubernetes 中镜像 nginx 负载均衡器部署的 pod,这些 pod 与一个外部 IP 共享相同的 kubernetes 服务。我用这个 statefulset 配置尝试了这个场景:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loadbalancer
labels:
run: loadbalancer
spec:
serviceName: "loadbalancer"
selector:
matchLabels:
run: loadbalancer
replicas: 4
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
run: loadbalancer
spec:
containers:
- name: loadbalancer
image: /services/infrastructure/loadbalancer:latest
ports:
- containerPort: 80
protocol: TCP
- containerPort: 443
protocol: TCP
volumeMounts:
- name: certs
mountPath: /etc/letsencrypt
volumeClaimTemplates:
- metadata:
name: certs
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 100M
这个服务配置:
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
run: loadbalancer
name: loadbalancer
selfLink: /api/v1/namespaces/test/services/loadbalancer
spec:
clusterIP: 10.31.249.3
externalTrafficPolicy: Cluster
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
- name: https
port: 443
protocol: TCP
targetPort: 443
selector:
run: loadbalancer
sessionAffinity: None
type: LoadBalancer
所有 4 个 pod 都能够成功请求并行加密 SSL 证书。
问题是通过外部 IPv4 地址从集群外部通过单一服务的连接会随机重置。
如何防止这种情况?