堆栈内存溢出
  简体   繁体   English

如何提供从公共 inte.net 到托管在 Azure 私有 kube.netes 集群中的应用程序的入站访问

[英]how to provide inbound access from public internet to an app hosted in an Azure private kubernetes cluster

 原文  2020-05-28 20:42:50       azure/ kubernetes/ nginx-ingress

问题描述

I deployed an application in an Azure K8S cluster, using NGINX as gateway, with a public static IP, based on AKS & PUBLIC-IP and on AKS & NGINX .我在 Azure K8S 集群中部署了一个应用程序,使用 NGINX 作为网关,公共 static IP,基于AKS & PUBLIC-IPAKS & NGINX

Now I need to deploy the application in an Azure private cluster, ie, running in a private .net (see CREATE PRIVATE AKS );现在我需要在 Azure 私有集群中部署应用程序,即在私有 .net 中运行(参见CREATE PRIVATE AKS ); attempting to assign a public static IP to NGINX does not work, which can be expected as the load-balancer expects a private IP, not a public IP.尝试将公共 static IP 分配给 NGINX 是行不通的,这是可以预期的,因为负载均衡器需要私有 IP,而不是公共 IP。

How can I provide inbound access to my app hosted in a private cluster, using NGINX and a public static IP?如何使用 NGINX 和公共 static IP 提供对托管在私有集群中的应用程序的入站访问?

3 个解决方案

解决方案1
 1  2020-06-02 19:14:48

Hi you have two ways two achieve that...Depending on your needs (and Azure costs...):您好,您有两种方法可以实现这一目标...取决于您的需要(以及 Azure 成本...):

1-Use Azure Application Gateway . 1-使用Azure 应用程序网关 For myself I use Terraform .对于我自己,我使用Terraform And here you can the see official documentation regarding internal IP address .在这里你可以看到关于内部 IP 地址的官方文档。

Now you can use this one as your new Ingress (and get rid of NGINX) like:现在你可以使用这个作为你的新 Ingress(并摆脱 NGINX),比如:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: guestbook
  annotations:
    kubernetes.io/ingress.class: azure/application-gateway
spec:
  rules:
  - http:
      paths:
      - backend:
          serviceName: frontend
          servicePort: 80

Or you could use NGINX internally as your ingress like explained on option 2.或者你可以在内部使用 NGINX 作为你的入口,就像选项 2 中解释的那样。

2- First you must have a Public IP with a Load Balancer associated with it.The backend from that LB must be up to your needs. 2- 首先,您必须有一个公共 IP 以及与之关联的负载均衡器。该负载均衡器的后端必须满足您的需求。

But here is the trick...Do not create NGINX with that public IP but with an internal IP and an internal load balancer, you can see how to do that in the following url:但这是诀窍...不要使用公共 IP 创建 NGINX,而是使用内部 IP 和内部负载平衡器,您可以在以下 url 中看到如何做到这一点:

https://learn.microsoft.com/en-us/azure/aks/ingress-internal-ip https://learn.microsoft.com/en-us/azure/aks/ingress-internal-ip

And the important thing you must do is the nginx ovveride on the helm parameters:你必须做的重要事情是 nginx ovveride on the helm parameters:

controller:
  service:
    loadBalancerIP: 10.240.0.42
    annotations:
      service.beta.kubernetes.io/azure-load-balancer-internal: "true"

Of course the internal .NET must be created an the load balancer IP must be a correct one.当然,必须创建内部 .NET,负载均衡器 IP 必须是正确的。

And the final trick now that you have NGINX listening behind a private IP is to verify your traffic from the Public IP is redirected to that internal .NET...Of course it depends on how you have infrastructure setup behind that LB that holds the public IP.现在你有 NGINX 在私有 IP 后面侦听的最后一个技巧是验证来自公共 IP 的流量被重定向到内部 .NET ......当然,这取决于你如何在持有公共 IP 的 LB 背后设置基础设施.

解决方案2
 0  2020-05-28 23:01:04

As stated in the comment above you can do the same via Application Gateway in Azure. But if you are going to only use AKS you might want to just use Application Gateway as your ingress controller which is already created with the private cluster.如上面的评论所述,您可以通过 Azure 中的应用程序网关执行相同的操作。但是如果您打算只使用 AKS,您可能只想使用应用程序网关作为已经使用私有集群创建的入口 controller。

Please follow this to achieve the samehttps://microsoft.github.io/AzureTipsAndTricks/blog/tip256.html请按照此实现相同的https://microsoft.github.io/AzureTipsAndTricks/blog/tip256.html

解决方案3
 0  2020-05-29 06:23:40

Based on your description i understand that you want to have ingress traffic through your NGINX ingress controller which has a Loadbalancer service with static IP. If your deployment is correctly configured the a Loadbalancer service should be assigned to your NGINX ingress controller with a public IP. Since i dont know your namespaces, naming of deployments etc try:根据您的描述,我了解您希望通过NGINX进入controller Ingress staticIP8888888888888888888888 88888888888888888888888. OFFICENTING 881888888888888888888888888. OFFISEDS SERVICE You to Load Balancancer Service YOW NGINX controller。因为我不知道你的命名空间,部署的命名等尝试:

kubectl get services --all-namespaces | grep -i loadbalancer

You should be able to find that an nginx loadbalancer service has a public IP. Now since NGINX is your ingress controller this means that you have a Layer 7 loadbalancer as ingress so you need to create an ingress route to your application running in AKS.您应该能够发现 nginx 负载均衡器服务具有公共 IP。现在由于 NGINX 是您的入口 controller 这意味着您有一个第 7 层负载均衡器作为入口,因此您需要创建一个入口路由到您在 AKS 中运行的应用程序。 This is documented here from Azure NGINX ingress but also here Ingress K8s这是从 Azure NGINX ingress此处记录的,但也在这里Ingress K8s

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从Internet访问Azure VM中的Suave自托管应用 - Access Suave self hosted app in Azure VM from internet 从Azure托管的Kubernetes访问Traefik UI - Access Traefik UI from Kubernetes hosted in Azure 如何在 AZURE 中从 Internet 访问私有 VM IIS? - How to access private VM IIS from internet in AZURE? 无法从 Internet 连接到 Azure Kubernetes 群集 - Can't connect to Azure Kubernetes cluster from internet 如何在可访问 Internet 的 azure 上创建私有 VM - How to create a private VM on azure with internet access 使用托管标识访问托管在 azure 上的 kubernetes 集群中的 azure 密钥库 - use managed identity to access azure keyvault in kubernetes cluster which is hosted on azure 无法访问部署在 AKS 集群上的我的应用程序,来自 azure 公共 ip - Can't access my app deployed on an AKS cluster, from the azure public ip 具有VPN网关的私有vnet中的Kubernetes集群(Azure) - Kubernetes cluster in private vnet with VPN gateway (Azure) 如何从公共 azure 私人存储帐户连接到 azure static web 应用程序 - How to connect to a azure private storage account from a public azure static web app 无法从公共Internet访问Azure云服务URL - Not able to access Azure cloud service URL from public internet
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM