使用 nginx-Ingress 在 Kubernetes 中暴露集群外的 TCP 端口

Question

So I have setup my application on Google cloud using Kubernetes. I have a Pod which I want to expose out of the cluster that expects TCP requests.

I came to know that this is possible via ingress-nginx and researched about it. As mentioned in the docs here , it can be done by setting up a configMap like below:

apiVersion: v1
kind: ConfigMap
metadata:
  name: tcp-configmap-example
data:
  9000: "default/my-service-name:7051

, but it's full usage is not clearly described nor I could find a complete example in the docs properly.

I have installed ingress-nginx as mentioned in the Installation Guide but I am unsure what the next steps are to expose my Pod.

Extra Info

• The port in the Pod that I want to expose out of cluster is 7051
• I have a NodePort Service that targets my Pod's port that can be used with Ingress to expose.

Answer 1

So, in order to achieve this you can do this:

1. First create the configMap that you added to the post.

apiVersion: v1
kind: ConfigMap
metadata:
  name: tcp-configmap-example
data:
  9000: "default/my-service-name:7051

2. Then edit your nginx-ingress-controller deployment by adding this flag to container args like below:

    ... containers: - name: nginx-ingress-controller image: "quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1" imagePullPolicy: "IfNotPresent" args: - /nginx-ingress-controller - --default-backend-service=nginx-ingress/nginx-ingress-default-backend - --election-id=ingress-controller-leader - --ingress-class=nginx - --configmap=nginx-ingress/nginx-ingress-controller - --tcp-services-configmap=default/tcp-configmap-example ...

3. Edit LoadBalancer service by adding port to your LoadBalancer

   ... ports: - name: http port: 80 protocol: TCP targetPort: http - name: https port: 443 protocol: TCP targetPort: https - name: some-service-port port: 7051 protocol: TCP

Hope it helps!

Answer 2

If you are installing with helm there is a way to expose tcp ports by setting values.

# add helm repo
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

helm show values ingress-nginx/ingress-nginx will show the values.yaml file for reference, there are two dictionaries for exposing ports: tcp and udp :

# TCP service key:value pairs
# Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
##
tcp: {}
#  8080: "default/example-tcp-svc:9000"

# UDP service key:value pairs
# Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
##
udp: {}
#  53: "kube-system/kube-dns:53"

To set the values from command line:

# set `tcp` dictionary in values (other `helm install` options omitted, only left options regarding to exposing tcp ports)
helm install ingress-nginx ingress-nginx/ingress-nginx --set tcp.12345=some-namespace/some-service:80

Answer 3

Inside Google Cloud Platform you can use type: LoadBalancer in order to expose your service outside the cluster. You can see example here Exposing Applications using Services .

Here is a quick example:

$ kubectl run hello --image=test/hello-world
deployment "hello" created

$ kubectl expose deployment hello --port=8080 --type=LoadBalancer
service "hello" exposed

$ kubectl get service 
NAME         TYPE           CLUSTER-IP     EXTERNAL-IP     PORT(S)          AGE
hello        LoadBalancer   10.11.251.34   35.192.25.112   8080:33107/TCP   2m

$ curl 35.192.25.112:8080
<html><head><title>hello world</title></head><body>hello world!</body></html>

Also you can follow the instructions inside Kubernetes documentation Exposing an External IP Address to Access an Application in a Cluster