我们有一个在k8s部署中运行的应用程序,该应用程序在端口8000上打开TCP套接字,并侦听HTTP和GRPC流量。我们还有一个Istio网关在端口443上侦听HTTPS流量,并连接到两个虚拟服务,一个用于HTTP流量,另一个用于GRPC流量(在标头/ URI上匹配)。这些VirtualService将流量定向到服务上的两个不同端口,用于HTTP流量的端口8000和用于GRPC流量的端口5001,但是两者的目标端口均为8000(请参见下面的规格)。我们在通过HTTP或GRPC连接时遇到问题-HTTP返回通用500,GRPC返回“未找到”错误。但是,如果我们在两个端口之间分配流量(即每个协议都有其自己的端口),则一切正常,不幸的是,这迫使我们使用该应用程序的较早版本。
部署:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: test-deployment
namespace: test-ns
spec:
progressDeadlineSeconds: 600
replicas: 2
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 0
type: RollingUpdate
template:
spec:
containers:
image: <Image name>
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /live
port: 8000
scheme: HTTP
initialDelaySeconds: 20
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 60
name: test-container
ports:
- containerPort: 8000
protocol: TCP
- containerPort: 8000
name: metrics
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: 8000
scheme: HTTP
initialDelaySeconds: 20
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 60
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: 200m
memory: 10Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 20
服务:
apiVersion: v1
kind: Service
metadata:
name: test-deployment-svc
namespace: test-ns
spec:
clusterIP: <IP>
ports:
- name: http
port: 8000
protocol: TCP
targetPort: 8000
- name: http2
port: 5001
protocol: TCP
targetPort: 8000
selector:
<some label>
sessionAffinity: None
type: ClusterIP
任何建议将不胜感激!