千寻

道路很长, 开始了就别停下!

0%

Ingress对外暴露端口

发表于 分类于 阅读次数: Valine:

http,https端口

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  tls:
  - hosts:
    - ks.hongda.com
    secretName: hongda-com-tls-secret
  rules:
  - host: ks.hongda.com
    http:
      paths:
      - path: /
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 443

执行:

1
kubectl apply -f ingress-kubernetes-dashboard.yaml

具体说明

  • kubernetes.io/ingress.class: “nginx”:Inginx Ingress Controller 根据该注解自动发现 Ingress;
  • nginx.ingress.kubernetes.io/backend-protocol: Controller 向后端 Service 转发时使用 HTTPS 协议
  • secretName: kube-dasboard-ssl:https 证书 Secret;
  • host: ks.hongda.com:对外访问的域名;
  • serviceName: kubernetes-dashboard:集群对外暴露的 Service 名称;
  • servicePort: 443:service 监听的端口;
    注意:创建的 Ingress 必须要和对外暴露的 Service 在同一命名空间下!

ConfigMap暴露TCP端口

Ingress 不支持TCP 和 UDP 服务,可以通过 Ingress controller 来实现

默认的yaml中已经设置:

1
2
3
4
5
6
7
8
9
10
11
spec:
   hostNetwork: true # <--
   containers:
   - args:
     - /nginx-ingress-controller
     - --configmap=$(POD_NAMESPACE)/nginx-configuration
     - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
     - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
     - --publish-service=$(POD_NAMESPACE)/ingress-nginx
     - --annotations-prefix=nginx.ingress.kubernetes.io
     env:

通过 tcp-services-configmap.yaml 设置映射tcp, 通过 udp-services-configmap.yaml 映射udp

  • tcp-services-configmap.yaml
    1
    2
    3
    4
    5
    6
    7
    8
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: tcp-services
      namespace: ingress-nginx
    data:
      2181: "kafka/kafka-zookeeper:2181"
      9092: "kafka/kafka:9092"
  • udp-services-configmap.yaml
    1
    2
    3
    4
    5
    6
    7
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: udp-services
      namespace: ingress-nginx
    data:
      53: "kube-system/kube-dns:53"

    Ingress服务公开端口

    更新Ingress安装文件
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    apiVersion: v1
    kind: Service
    metadata:
      name: ingress-nginx
      namespace: ingress-nginx
      labels:
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
    spec:
      type: LoadBalancer
      ports:
        - name: http
          port: 80
          targetPort: 80
          protocol: TCP
        - name: https
          port: 443
          targetPort: 443
          protocol: TCP
        - name: proxied-tcp-9000
          port: 9000
          targetPort: 9000
          protocol: TCP
      selector:
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx

更新:

1
2
helm upgrade nginx-ingress stable/nginx-ingress \
-f ingress-nginx.yaml

查看:

1
2
3
[root@master home]# netstat -ano |grep 2181
tcp        0      0 0.0.0.0:2181            0.0.0.0:*               LISTEN      off (0.00/0/0)
tcp6       0      0 :::2181                 :::*                    LISTEN      off (0.00/0/0)

这样暴露以后就可以直接调用zk,连接地址:

1
2
zk.hongda.com:2181
18.16.202.163:2181

学习交流