Kube.netes Ingress 在 nginx 反向代理后面运行
[英]Kubernetes Ingress running behind nginx reverse proxy
问题描述
I have installed minikube on a server which I can access from the inte.net.
我在可以从 inte.net 访问的服务器上安装了 minikube。
I have created a kube.netes service which is available:我创建了一个可用的 kube.netes 服务:
>kubectl get service myservice
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
myservice 10.0.0.246 <nodes> 80:31988/TCP 14h
The IP address of minikube is: minikube的IP地址为:
>minikube ip
192.168.42.135
I would like the URL http://myservice.myhost.com (ie port 80) to map to the service in minikube.我想要 URL http://myservice.myhost.com (即端口 80)到 map 到 minikube 中的服务。
I have nginx running on the host (totally unrelated to kube.netes).我在主机上运行了 nginx(与 kube.netes 完全无关)。 I can set up a virtual host, mapping the URL to 192.168.42.135:31988 (the node port) and it works fine.我可以设置一个虚拟主机,将 URL 映射到192.168.42.135:31988 (节点端口)并且它工作正常。
I would like to use an ingress.我想使用入口。 I've added and enabled ingress.我已经添加并启用了入口。 But I am unsure of:但我不确定:
a) what the yaml file should contain a) yaml 文件应该包含什么
b) how incoming traffic on port 80, from the browser, gets redirected to the ingress and minikube. b) 端口 80 上来自浏览器的传入流量如何重定向到入口和 minikube。
c) do I still need to use nginx as a reverse proxy? c) 我还需要使用 nginx 作为反向代理吗?
d) if so, what address is the ingress-nginx running on (so that I can map traffic to it)? d) 如果是这样,ingress-nginx 运行在什么地址上(这样我就可以向它发送 map 流量)?
3 个解决方案
解决方案1
4 2017-10-01 05:08:51
Setup 建立
First of all, you need a nginx ingress controller . 首先,您需要一个nginx入口控制器 。
The nginx instance(s) will listen on host 80 and 443 port, and redirect every HTTP request to services which ingress configuration defined, like this. nginx实例将侦听主机80和443端口,并将每个HTTP请求重定向到入口配置定义的服务,如下所示。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-service-ingress
annotations:
# by default the controller redirects (301) HTTP to HTTPS,
# the following would make it disabled.
# ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: myservice
servicePort: 80
Use https://{host-ip}/ to visit myservice, The host should be the one where nginx controller is running at. 使用https://{host-ip}/访问myservice,主机应该是运行nginx控制器的主机。
Outside 外
Normally you don't need another nginx outside kubernetes cluster. 通常你不需要kubernetes集群之外的另一个nginx。
While Minikube is a little different, It is running kubernetes in a virtual machine instead of host. 虽然Minikube有点不同,但它在虚拟机中运行kubernetes而不是主机。
We need do some port-forwards like host:80 => minikube:80, Running a reverse proxy (like nginx) in the host is an elegant way. 我们需要像主机那样做一些端口转发:80 => minikube:80,在主机中运行反向代理(如nginx)是一种优雅的方式。
It can also be done by setting virtual networking port forward in Virtualbox . 也可以通过在Virtualbox中设置虚拟网络端口来完成。
解决方案2
2 已采纳 2017-10-01 12:51:50
As stated by @silverfox, you need an ingress controller. 如@silverfox所述,您需要一个入口控制器。 You can enable the ingress controller in minikube like this: 您可以在minikube中启用入口控制器,如下所示:
minikube addons enable ingress
Minikube runs on IP 192.168.42.135, according to minikube ip . 根据minikube ip ,Minikube运行在IP 192.168.42.135上。 And after enabling the ingress addon it listens to port 80 too. 启用入口插件后,它也会侦听端口80。 But that means a reverse proxy like nginx is required on the host, to proxy calls to port 80 through to minikube. 但这意味着主机需要像nginx这样的反向代理,以代理到端口80到minikube的调用。
After enabling ingress on minikube, I created an ingress file (myservice-ingress.yaml): 在minikube上启用入口后,我创建了一个入口文件(myservice-ingress.yaml):
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: myservice-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myservice.myhost.com
http:
paths:
- path: /
backend:
serviceName: myservice
servicePort: 80
Note that this is different to the answer given by @silverfox because it must contain the "host" which should match. 请注意,这与@silverfox给出的答案不同,因为它必须包含应该匹配的“主机”。
Using this file, I created the ingress: 使用此文件,我创建了入口:
kubectl create -f myservice-ingress.yaml
Finally, I added a virtual host to nginx (running outside of minikube) to proxy traffic from outside into minikube: 最后,我向nginx添加了一个虚拟主机(在minikube外部运行),以便将来自外部的流量代理到minikube:
server {
listen 80;
server_name myservice.myhost.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://192.168.42.135;
}
}
The Host header must be passed through because the ingress uses it to match the service. 必须传递Host头,因为入口使用它来匹配服务。 If it is not passed through, minikube cannot match the request to the service. 如果未通过,则minikube无法将该请求与服务匹配。
Remember to restart nginx after adding the virtual host above. 记得在添加上面的虚拟主机后重启nginx。
解决方案3
0 2022-03-31 10:05:20
use iptables forward host's port to minikube ip's port使用 iptables 转发主机的端口到 minikube ip 的端口
sudo echo “1” > /proc/sys/net/ipv4/ip_forward
sudo vim /etc/sysctl.conf
change net.ipv4.ip_forward = 1
# enable iptables's NAT:
sudo /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# forword host's port 30000-32767 to minikube ip's port 30000-32767
sudo iptables -t nat -I PREROUTING -p tcp -d <host ip> --dport 30000:32767 -j DNAT --to <minikube ip>:30000-32767
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.