[英]Expose kubernetes traffic to 80 (http) and 443 (https)
Currently, my kubernetes cluster (sitting on AWS ) has a simple setup with a Deployment
, which has a web container listens on 80 and 443 . 目前,我的kubernetes集群(坐在AWS上 )有一个简单的设置, Deployment
有一个Web容器侦听80和443 。
The cluster also has a NodePort
service, which exposes the traffic to public on ports 30080 and 30443 . 群集还具有NodePort
服务,该服务将流量暴露给端口30080和30443上的公共流量。 I am trying to figure out a way to accept public traffic on 80 and 443 . 我试图找出一种接受80和443公共交通的方法。
What could be a good way to do that? 有什么好办法呢?
My thoughts about possible solutions : 我对可能解决方案的看法 :
Manually configure a ELB on AWS, which could map 80 and 443 traffic to 30080 and 30443 ports. 在AWS上手动配置ELB ,可以将80和443流量映射到30080和30443端口。
Use LoadBalancer
supported by kubernetes , but I have some issues of integrating my cluster with AWS described here . 使用kubernetes支持的LoadBalancer
,但是我在此处描述了将集群与AWS集成的一些问题。 I'd rather try other possible solutions than being stuck on this one. 我宁愿尝试其他可能的解决方案而不是被困在这个问题上。
I've seen many posts talking about Ingress
service, but various posts have totally different setup. 我看过很多关于Ingress
服务的帖子,但各种帖子都有完全不同的设置。 I wonder what could be a good use case for Ingress
in my setup. 我想知道在我的设置中什么可能是Ingress
一个很好的用例。 Is Ingress
supposed to replace my NodePort
service in my case? 在我的情况下Ingress
应该替换我的NodePort
服务吗?
Thanks 谢谢
As soon as the NodePort service is bound to specified ports on all cluster nodes, you just need to deliver traffic to any of these nodes, or to all of them. 只要NodePort服务绑定到所有群集节点上的指定端口,您只需将流量传递到任何这些节点或所有节点。 Sometimes it could lead to additional delay, but from the connectivity perspective, it should work fine. 有时它可能会导致额外的延迟,但从连接的角度来看,它应该可以正常工作。
You can configure Load Balancer manually, then add all cluster nodes to its pool and configure health checks for them to exclude a node from the pool when a particular node fails. 您可以手动配置Load Balancer ,然后将所有群集节点添加到其池中,并为它们配置运行状况检查,以便在特定节点发生故障时从池中排除节点。
Ingress actually works in a similar way. Ingress实际上以类似的方式工作。 All traffic that comes to a specific port of any node is forwarded to the Ingress pod . 到达任何节点的特定端口的所有流量都将转发到Ingress pod 。 Ingress controller looks for created Ingress objects and configures the Ingress pod according to the specifications in these objects. Ingress控制器查找创建的Ingress对象,并根据这些对象中的规范配置Ingress pod 。 Actually, Ingress controller and Ingress pod in my example are the same thing. 实际上,我的例子中的Ingress控制器和Ingress pod是一回事。
Ingress can provide additional logic for managing the traffic on the HTTP level, like path based routing, adjusting the request before sending it to the service, serving like SSL endpoint, etc. Ingress可以提供额外的逻辑来管理HTTP级别的流量,如基于路径的路由,在将请求发送到服务之前调整请求,提供SSL端点等服务。
But anyway, you should deliver external traffic to the nodes somehow. 但无论如何,你应该以某种方式向节点提供外部流量。 At this point, we are returning to the Load Balancer configuration. 此时,我们将返回Load Balancer配置。
In some cases, when your cluster is deployed on the cloud that provides Load Balancer service, Ingress controller takes care about creating cloud Load Balancer also. 在某些情况下,当您的群集部署在提供Load Balancer服务的云上时,Ingress控制器也会负责创建云负载均衡器 。
Did you use kops to deploy your Kubernetes cluster on AWS? 您是否使用kops在AWS上部署Kubernetes集群?
Usually, kops create a cluster that integrates with AWS without any problems, so you can use the LoadBalancer type of Service. 通常,kops会创建一个与AWS集成而没有任何问题的集群,因此您可以使用LoadBalancer类型的服务。 Doing everything manually you can make small configuration mistake that would be hard to find and correct. 手动执行所有操作可能会导致很难找到并纠正的小配置错误。
Please check out the very good article: 请查看非常好的文章:
How to create Ingress on AWS: 如何在AWS上创建Ingress:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.