[英]how to provide inbound access from public internet to an app hosted in an Azure private kubernetes cluster
I deployed an application in an Azure K8S cluster, using NGINX as gateway, with a public static IP, based on AKS & PUBLIC-IP and on AKS & NGINX .我在 Azure K8S 集群中部署了一个应用程序,使用 NGINX 作为网关,公共 static IP,基于AKS & PUBLIC-IP和AKS & NGINX 。
Now I need to deploy the application in an Azure private cluster, ie, running in a private .net (see CREATE PRIVATE AKS );现在我需要在 Azure 私有集群中部署应用程序,即在私有 .net 中运行(参见CREATE PRIVATE AKS ); attempting to assign a public static IP to NGINX does not work, which can be expected as the load-balancer expects a private IP, not a public IP.
尝试将公共 static IP 分配给 NGINX 是行不通的,这是可以预期的,因为负载均衡器需要私有 IP,而不是公共 IP。
How can I provide inbound access to my app hosted in a private cluster, using NGINX and a public static IP?如何使用 NGINX 和公共 static IP 提供对托管在私有集群中的应用程序的入站访问?
Hi you have two ways two achieve that...Depending on your needs (and Azure costs...):您好,您有两种方法可以实现这一目标...取决于您的需要(以及 Azure 成本...):
1-Use Azure Application Gateway . 1-使用Azure 应用程序网关。 For myself I use Terraform .
对于我自己,我使用Terraform 。 And here you can the see official documentation regarding internal IP address .
在这里你可以看到关于内部 IP 地址的官方文档。
Now you can use this one as your new Ingress (and get rid of NGINX) like:现在你可以使用这个作为你的新 Ingress(并摆脱 NGINX),比如:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: guestbook
annotations:
kubernetes.io/ingress.class: azure/application-gateway
spec:
rules:
- http:
paths:
- backend:
serviceName: frontend
servicePort: 80
Or you could use NGINX internally as your ingress like explained on option 2.或者你可以在内部使用 NGINX 作为你的入口,就像选项 2 中解释的那样。
2- First you must have a Public IP with a Load Balancer associated with it.The backend from that LB must be up to your needs. 2- 首先,您必须有一个公共 IP 以及与之关联的负载均衡器。该负载均衡器的后端必须满足您的需求。
But here is the trick...Do not create NGINX with that public IP but with an internal IP and an internal load balancer, you can see how to do that in the following url:但这是诀窍...不要使用公共 IP 创建 NGINX,而是使用内部 IP 和内部负载平衡器,您可以在以下 url 中看到如何做到这一点:
https://learn.microsoft.com/en-us/azure/aks/ingress-internal-ip https://learn.microsoft.com/en-us/azure/aks/ingress-internal-ip
And the important thing you must do is the nginx ovveride on the helm parameters:你必须做的重要事情是 nginx ovveride on the helm parameters:
controller:
service:
loadBalancerIP: 10.240.0.42
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
Of course the internal .NET must be created an the load balancer IP must be a correct one.当然,必须创建内部 .NET,负载均衡器 IP 必须是正确的。
And the final trick now that you have NGINX listening behind a private IP is to verify your traffic from the Public IP is redirected to that internal .NET...Of course it depends on how you have infrastructure setup behind that LB that holds the public IP.现在你有 NGINX 在私有 IP 后面侦听的最后一个技巧是验证来自公共 IP 的流量被重定向到内部 .NET ......当然,这取决于你如何在持有公共 IP 的 LB 背后设置基础设施.
As stated in the comment above you can do the same via Application Gateway in Azure. But if you are going to only use AKS you might want to just use Application Gateway as your ingress controller which is already created with the private cluster.如上面的评论所述,您可以通过 Azure 中的应用程序网关执行相同的操作。但是如果您打算只使用 AKS,您可能只想使用应用程序网关作为已经使用私有集群创建的入口 controller。
Please follow this to achieve the samehttps://microsoft.github.io/AzureTipsAndTricks/blog/tip256.html请按照此实现相同的https://microsoft.github.io/AzureTipsAndTricks/blog/tip256.html
Based on your description i understand that you want to have ingress traffic through your NGINX ingress controller which has a Loadbalancer service with static IP. If your deployment is correctly configured the a Loadbalancer service should be assigned to your NGINX ingress controller with a public IP. Since i dont know your namespaces, naming of deployments etc try:根据您的描述,我了解您希望通过NGINX进入controller Ingress staticIP8888888888888888888888 88888888888888888888888. OFFICENTING 881888888888888888888888888. OFFISEDS SERVICE You to Load Balancancer Service YOW NGINX controller。因为我不知道你的命名空间,部署的命名等尝试:
kubectl get services --all-namespaces | grep -i loadbalancer
You should be able to find that an nginx loadbalancer service has a public IP. Now since NGINX is your ingress controller this means that you have a Layer 7 loadbalancer as ingress so you need to create an ingress route to your application running in AKS.您应该能够发现 nginx 负载均衡器服务具有公共 IP。现在由于 NGINX 是您的入口 controller 这意味着您有一个第 7 层负载均衡器作为入口,因此您需要创建一个入口路由到您在 AKS 中运行的应用程序。 This is documented here from Azure NGINX ingress but also here Ingress K8s
这是从 Azure NGINX ingress此处记录的,但也在这里Ingress K8s
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.