Say I have a cluster with two services: one is an http service that I want
to expose to the world, and the other is a thrift service that I want to
call from some other place (over a vpn gateway into the GCP project). For
this use case I decide to go with two load balancers: the one k8s will
create for inbound http traffic, and an internal one I will create to
handle inbound thrift traffic from the vpn. From earlier experiments I know
I'm not supposed to have an instance belong to more than one load balanced
instance group, so I create a separate nodepool/instance group just for the
thrift service to live in, set the thrift service to open a HostPort on
those instances, and use that instance group as the back end for my
internal load balancer.
The problem is that kubernetes also includes the instances in the thrift
instance group when it creates the load balancer for the inbound http
traffic. So it seems like whatever I do, if I want to have more than one
load balancer I can't avoid:
status: {
code: 400
message: "Validation failed for instance 'projects/blah/instances/blah':
instance may belong to at most one load-balanced instance group."
}
So we actually set this up as described, and connections seem to work
however we have seen some timeout anomalies we're debugging. They could be
completely unrelated but in the process of digging into them I came across
that status, investigated that and ended up posting this message.
My first question is: what is the practical effect of this condition/status
in the project/cluster?
Follow-up: is there a way I can enable this general use case without
running into the above constraint?
Thanks!
--Mark
--
You received this message because you are subscribed to the Google Groups
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.
