将Kubernetes上的CockroachDB暴露给公共IP
[英]exposing CockroachDB on Kubernetes to public IP
问题描述
I have a CockroachDB instance running in a Kubernetes cluster on Google Kubernetes Engine. 
我有一个在Google Kubernetes Engine的Kubernetes集群中运行的CockroachDB实例。 I am trying to expose port 26257 so I can connect to it from my local machine. 我正在尝试公开端口26257,以便可以从本地计算机连接到该端口。
As stated in this answer , port forwarding to the pod will not work. 如该答案所述 ,将端口转发到Pod将不起作用。
I have an nginx-ingress controller which is used to map from my domain name paths to services, so I tried to use that: 我有一个nginx-ingress控制器,该控制器用于将域名路径映射到服务,因此我尝试使用该控制器:
I changed my db-cockroachdb-public service from ClusterIP to NodePort: 我将db-cockroachdb-public服务从ClusterIP更改为NodePort:
type: NodePort
I added these lines to my nginx-controller YAML: 我将这些行添加到了我的Nginx控制器YAML中:
-name: postgresql
nodePort: 30472
port: 26257
protocol: TCP
targetPort: 26257
and these lines to my ingress YAML: 这些行到我的入口YAML:
- host: db.mydomain.com
http:
paths:
- path: /
backend:
serviceName: db-cockroachdb-public
servicePort: 26257
However, I'm unable to connect to the database - connection gets refused. 但是,我无法连接到数据库-连接被拒绝。 I also tried to disable SSL redirects in the nginx controller, but it still doesn't work. 我还尝试在nginx控制器中禁用SSL重定向,但仍然无法正常工作。
I also tried a ConfigMap but it didn't do anything: 我也尝试了ConfigMap,但是它什么也没做:
https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/exposing-tcp-udp-services.md
2 个解决方案
解决方案1
2 已采纳 2018-01-02 15:39:11
There are a few ways to fix this. 有几种方法可以解决此问题。 Most are related to changing your ingress configuration or how you're connecting to the service, which I'm not going to go into. 大多数与更改入口配置或您如何连接到服务有关,我将不涉及。 Another option is to make port forwarding work to eliminate the need for the ingress machinery. 另一种选择是使端口转发工作,以消除对入口机器的需求。
You can make port forwarding work by modifying the CockroachDB config file slightly. 您可以通过稍微修改CockroachDB配置文件来使端口转发工作。 Change the name of the --host flag in the invocation of the Cockroach binary to be --advertise-host instead. 将Cockroach二进制文件调用中的--host标志的名称改为--advertise-host 。 That way, the process will listen on localhost in addition to on its hostname, which will make port forwarding work. 这样,该进程除了侦听主机名外,还将侦听localhost,这将使端口转发正常工作。
edit: To follow up on this, I've switched the default configuration in the CockroachDB repo to use --advertise-host instead of --host , so port forwarding works by default now. 编辑:要对此进行跟踪,我已经将CockroachDB存储库中的默认配置切换为使用--advertise-host而不是--host ,因此端口转发现在默认为有效。
解决方案2
0 2018-01-01 23:44:47
I don't know if it technically should work to proxy a CockroachDB through a nginx instance, but your setup fails for another reason. 我不知道它在技术上是否应该可以通过nginx实例代理CockroachDB,但是您的设置会由于其他原因而失败。 When specifying a servicePort in the rules section, you tell k8s which port is exposed to the service. 在规则部分中指定servicePort时,您告诉k8s该服务公开了哪个端口。 The mapping itself happens by default to port 80/443, not your desired port. 默认情况下,映射本身发生在端口80/443上,而不是您想要的端口上。 So you should try just to ask port 80 in your case. 因此,您应尝试仅询问端口80。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.