堆栈内存溢出
  简体   繁体   English

在 IBM Cloud Kubernetes 中公开 HAProxy(端口 80)Docker 的最简单方法

[英]Simplest approach to expose a HAProxy (port 80) Docker in IBM Cloud Kubernetes

 原文  2018-02-23 08:26:35       docker/ kubernetes/ ibm-cloud/ haproxy/ ibm-cloud-kubernetes

问题描述

I need to deploy a Docker running HAProxy which I already have working on on premise dockers into IBM Cloud (Bluemix) Kubernetes service.我需要将运行 HAProxy 的 Docker 部署到 IBM Cloud (Bluemix) Kubernetes 服务中。 I am a bit lost on how to expose por 80 and 443. In plain simple docker that is very straightforward but seems complicated in Kubernetes, or at least in IBM Cloud.我对如何公开 80 和 443 端口有点迷茫。在简单的 docker 中,这非常简单,但在 Kubernetes 中似乎很复杂,或者至少在 IBM Cloud 中。 I don't need load balancing, virtual hosts, or any extra configuration, as HAProxy will take care of it.我不需要负载平衡、虚拟主机或任何额外的配置,因为 HAProxy 会处理它。 Just need to replicate (move) my on premise running HAProxy exposing ports 80 and 443 into bluemix.只需要复制(移动)我的本地运行 HAProxy,将端口 80 和 443 暴露到 bluemix 中。 (For multiple reasons I want to use HAproxy, so the request here is very specific: Simplest way to expose HAProxy ports 443 and 80 to a permanent IP address in IBM Cloud Kubernetes service. (出于多种原因,我想使用 HAproxy,因此这里的请求非常具体:将 HAProxy 端口 443 和 80 公开到 IBM Cloud Kubernetes 服务中的永久 IP 地址的最简单方法。

could I have a basic example yaml kubectl file for that?我可以为此提供一个基本的示例 yaml kubectl 文件吗? Thanks谢谢

3 个解决方案

解决方案1
 2  2018-02-23 10:29:36

NodePort节点端口

To keep the same image running in both environments then you can define a Deployment for the HAProxy containers and aService to access them via a NodePort on the NodeIP or clusterIP.为了保持在两个环境中运行,那么你可以定义一个相同的图像部署为HAProxy的容器和Service ,以通过访问他们NodePort在NodeIP或clusterIP。 A NodePort is similar in concept to running docker run -pn:n . NodePort 在概念上类似于运行 docker docker run -pn:n

The IP:NodePort would need to be accessable externally and HAProxy will take over from there. IP:NodePort 需要可以从外部访问,HAProxy 将从那里接管。 Here's a sample HAProxy setup that uses an AWS ELB to get external users to a Node. 这是一个示例 HAProxy 设置,它使用 AWS ELB 将外部用户连接到节点。 Most people don't recommend running services via NodePort because Kubernetes offers alternate methods that provide more integration.大多数人不建议通过 NodePort 运行服务,因为 Kubernetes 提供了提供更多集成的替代方法。

LoadBalancer负载均衡器

A LoadBalancer is specifically for automatic configuration of a cloud providers load balancer service. LoadBalancer专门用于自动配置云提供商负载均衡器服务。 I don't believe IBM Clouds load balancer has any support in Kubernetes, maybe IBM have added something in?我不相信 IBM Clouds 负载均衡器在 Kubernetes 中有任何支持,也许 IBM 已经添加了一些东西? If they have you could use this instead of a NodePort to get to your Service.如果他们有,您可以使用它而不是NodePort来访问您的服务。

Ingress入口

If you are running Docker locally and Kubernetes externally you've kind of thrown consistency out the window already so you could setup Ingress with an Ingress Controller based on HAProxy, there's a few available:如果您在本地运行 Docker 并在外部运行 Kubernetes,那么您已经将一致性排除在外,因此您可以使用基于 HAProxy 的 Ingress Controller 设置Ingress ,有一些可用的:

This gives you the standard Kubernetes abstraction of how to manage ingress for a service but using HAProxy underneath.这为您提供了如何管理服务入口的标准 Kubernetes 抽象,但在底层使用 HAProxy。 This will not be your HAProxy image though, it's likely you can configure the same things for the HAProxy Ingress as you do in your HAProxy image.不过,这不会是您的 HAProxy 映像,您可能可以像在 HAProxy 映像中一样为 HAProxy Ingress 配置相同的内容。

Voyagers docco is pretty good: Voyagers docco非常好:

apiVersion: voyager.appscode.com/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: default
spec:
  rules:
  - host: appscode.example.com
    http:
      paths:
      - path: '/test'
        backend:
          serviceName: test-service
          servicePort: '80'
          backendRules:
          - 'acl add_url capture.req.uri -m beg /test-second'
          - 'http-response set-header X-Added-From-Proxy added-from-proxy if add_url'

解决方案2
 0  2018-02-23 09:57:37

If you are fine with running this HAProsy on each node that is supposed to expose port 80/443 then consider running DaemonSet with hostNetwork: true .如果您可以在每个应该公开端口 80/443 的节点上运行这个 HAProsy,那么考虑使用hostNetwork: true运行 DaemonSet。 That will allow you to create pods that open 80 and 443 directly on node network.这将允许您创建直接在节点网络上打开 80 和 443 的 pod。 If you have a loadbalancer support in your cluster, you can instead use a Service of LoadBalancer type.如果您的集群中有负载均衡器支持,则可以改用 LoadBalancer 类型的服务。 It will forward from high node ports like ie.它将从高节点端口转发,例如 ie。 32080 to your backing haproxy pods, and also automaticaly configure LB in front of it to give you an external IP and forward 80/443 from that IP to your high node ports (again, assuming your kube deployment supports use of LB services) 32080 到您的后备 haproxy pod,并在其前面自动配置 LB,为您提供外部 IP 并将 80/443 从该 IP 转发到您的高节点端口(同样,假设您的 kube 部署支持使用 LB 服务)

解决方案3
 0  2018-02-23 14:39:16

IBM Cloud has built-in solutions for load balancer and Ingress. IBM Cloud 具有用于负载均衡器和 Ingress 的内置解决方案。 The docs include sample YAMLs for both.这些文档包括两者的示例 YAML。

Load Balancer: https://console.bluemix.net/docs/containers/cs_loadbalancer.html#loadbalancer负载均衡器: https : //console.bluemix.net/docs/containers/cs_loadbalancer.html#loadbalancer

Ingress: https://console.bluemix.net/docs/containers/cs_ingress.html#ingress入口: https : //console.bluemix.net/docs/containers/cs_ingress.html#ingress

If you need tls termination or want to use a route rather than an IP address for accessing your HAProxy, then Ingress would be the best choice.如果您需要 tls 终止或想要使用路由而不是 IP 地址来访问您的 HAProxy,那么 Ingress 将是最佳选择。 If those options don't matter, then I'd suggest starting with the provided load balancer to see if that meets your needs.如果这些选项无关紧要,那么我建议从提供的负载均衡器开始,看看它是否满足您的需求。

Note, both load balancer and Ingress required a paid cluster.请注意,负载均衡器和 Ingress 都需要付费集群。 For lite clusters, only NodePort is available.对于 lite 集群,只有 NodePort 可用。

Here's a sample YAML that deploys IBM Liberty and exposes it via a load balancer service.这是一个示例 YAML,它部署 IBM Liberty 并通过负载均衡器服务公开它。

#If you are not logged into the US-South https://api.ng.bluemix.net 
region, change the image registry location to match your region.
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: ibmliberty-deployment
spec:
  replicas: 3
  template:
    metadata:
      labels:
        app: ibmliberty
    spec:
      containers:
      - name: ibmliberty
        image: registry.ng.bluemix.net/ibmliberty
---    
apiVersion: v1
kind: Service
metadata:
  name: ibmliberty-loadbalancer
spec:
  type: LoadBalancer
  selector:
    app: ibmliberty
  ports:
   - protocol: TCP
     port: 9080

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Docker - 无法在端口 80 上公开 - Docker - can not expose on port 80 Docker Centos7+haproxy1.8 80端口 - Docker Centos7+haproxy1.8 on port 80 在 Docker 和 Kubernetes 中暴露 5671 端口 - Expose 5671 port in Docker and Kubernetes 如何通过Google Cloud中的Kubernetes向Docker提供Docker端口? - How do I expose Docker a Docker port via Kubernetes in Google Cloud? 无法将端口 80 以外的 docker 容器端口暴露给主机 - Unable to expose docker container port other than port 80 to host Kubernetes docker示例不会暴露端口 - Kubernetes docker sample does not expose a port Dockerfile 暴露80端口 - Dockerfile expose 80 port Docker compose不会为链接服务设置公开端口80 - Docker compose doesn't expose port 80 for a Linked Service setup 如何在使用docker时为多个项目共享(公开)端口80 - How to share(expose) port 80 for multiple projects while using docker 如何将 nginx docker 镜像暴露到 80 以外的端口? - How to expose nginx docker image to port other than 80?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM