Ingress对外暴露端口

http,https端口

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  tls:
  - hosts:
    - ks.hongda.com
    secretName: hongda-com-tls-secret
  rules:
  - host: ks.hongda.com
    http:
      paths:
      - path: /
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 443

执行:

kubectl apply -f ingress-kubernetes-dashboard.yaml  

具体说明

  • kubernetes.io/ingress.class: "nginx":Inginx Ingress Controller 根据该注解自动发现 Ingress;
  • nginx.ingress.kubernetes.io/backend-protocol: Controller 向后端 Service 转发时使用 HTTPS 协议
  • secretName: kube-dasboard-ssl:https 证书 Secret;
  • host: ks.hongda.com:对外访问的域名;
  • serviceName: kubernetes-dashboard:集群对外暴露的 Service 名称;
  • servicePort: 443:service 监听的端口;

注意:创建的 Ingress 必须要和对外暴露的 Service 在同一命名空间下!

ConfigMap暴露TCP端口

Ingress 不支持TCP 和 UDP 服务,可以通过 Ingress controller 来实现

默认的yaml中已经设置:

...
spec:
   hostNetwork: true # <--
   containers:
   - args:
     - /nginx-ingress-controller
     - --configmap=$(POD_NAMESPACE)/nginx-configuration
     - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
     - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
     - --publish-service=$(POD_NAMESPACE)/ingress-nginx
     - --annotations-prefix=nginx.ingress.kubernetes.io
     env:
...

通过 tcp-services-configmap.yaml 设置映射tcp, 通过 udp-services-configmap.yaml 映射udp

tcp-services-configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: tcp-services
  namespace: ingress-nginx
data:
  2181: "kafka/kafka-zookeeper:2181"
  9092: "kafka/kafka:9092"

udp-services-configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: udp-services
  namespace: ingress-nginx
data:
  53: "kube-system/kube-dns:53"

Ingress服务公开端口

更新Ingress安装文件

controller:
  replicaCount: 1
  hostNetwork: true
  nodeSelector:
    node-role.kubernetes.io/edge: ''
  affinity:
    podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchExpressions:
            - key: app
              operator: In
              values:
              - nginx-ingress
            - key: component
              operator: In
              values:
              - controller
          topologyKey: kubernetes.io/hostname
  tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: PreferNoSchedule
defaultBackend:
  nodeSelector:
    node-role.kubernetes.io/edge: ''
  tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: PreferNoSchedule
# TCP service key:value pairs
tcp:
   2181: "kafka/kafka-zookeeper:2181"
   9092: "kafka/kafka:9092"

底部新增了

# TCP service key:value pairs
tcp:
   2181: "kafka/kafka-zookeeper:2181"
   9092: "kafka/kafka:9092"

更新:

helm upgrade nginx-ingress stable/nginx-ingress \
-f ingress-nginx.yaml

查看:

[root@master home]# netstat -ano |grep 2181
tcp        0      0 0.0.0.0:2181            0.0.0.0:*               LISTEN      off (0.00/0/0)
tcp6       0      0 :::2181                 :::*                    LISTEN      off (0.00/0/0)

这样暴露以后就可以直接调用zk,连接地址:

zk.hongda.com:2181
18.16.202.163:2181

参考:

使用 Kubernetes Ingress 对外暴露服务

使用OpenVPN将Kubernetes集群网络暴露给本地开发网络

Kubernetes Ingress实战(二):使用Ingress将第一个HTTP服务暴露到集群外部

IngressController使用和它的高可用落地

Kubernetes Ingress管理

Exposing TCP and UDP services

TCP LoadBalancing

How to load balance Ingress traffic to TCP or UDP based application

Kubernetes Ingress Controller的使用介绍及高可用落地

posted @ 2019-09-09 15:31 hongdada 阅读(...) 评论(...) 编辑 收藏