具有 MatalLB 和 Ingress 的裸机集群上的真实 IP(域和子域)
[英]Real IP (Domains and Subtomains) on Bare Metal Cluster with MatalLB and Ingress
问题描述
help me figure it out.
帮我弄清楚。
I have a Bare Metal Kubernetes cluster with three nodes, each node has a public ip.我有一个带有三个节点的裸机 Kubernetes 集群,每个节点都有一个公共 ip。 I have installed MetalLB and IngressController.我已经安装了 MetalLB 和 IngressController。
It is not clear to me which IP should I redirect domains and subdomains to so that they can be resolved by the Ingress Controller?我不清楚应该将域和子域重定向到哪个 IP 以便它们可以由 Ingress Controller 解析?
I need to initially define on which node the Ingress Controller will be launched?我需要首先定义 Ingress Controller 将在哪个节点上启动? I need to install the Ingress Controller, and then look at the worker node, on which it will be installed and send all domains or subdomains there?我需要安装 Ingress Controller,然后查看工作节点,它将在其上安装并将所有域或子域发送到那里? What happens if, after restarting the cluster, the ingress controller will be deployed on another node?如果重启集群后,入口 controller 将部署在另一个节点上会发生什么情况?
All the tutorials I've seen show how it works locally or with a cloud load balancer.我看过的所有教程都展示了它是如何在本地或与云负载均衡器一起工作的。
Help me understand how this should work correctly.帮助我了解这应该如何正常工作。
2 个解决方案
解决方案1
0 2021-12-14 15:24:38
Usually, when you install MetalLB, you configure a pool of addresses which can be used to assign new IPs at LoadBalancer services whenever they are created.通常,当您安装 MetalLB 时,您会配置一个地址池,可用于在 LoadBalancer 服务创建时分配新 IP。 Such IP addresses need to be available, they cannot be created out of nothing of course.. they could be in lease from your hosting provider for example.这样的 IP 地址需要可用,它们当然不能无中生有地创建。例如,它们可以从您的托管服务提供商处租用。
If instead you have a private Bare Metal cluster which serves only your LAN network, you could just select a private range of IP addresses which are not used.相反,如果您有一个仅服务于您的 LAN 网络的私有 Bare Metal 集群,您可以只使用 select 一个未使用的私有 IP 地址范围。
Then, once MetalLB is running, what happens is the following:然后,一旦 MetalLB 运行,会发生以下情况:
- Someone / something creates a
LoadBalancerservices (an HELM Chart, a user with a definition, with commands, etc)某人/某事创建了一个LoadBalancer服务(一个 HELM 图表,一个有定义的用户,有命令等) - The newly created service needs an external IP.新创建的服务需要一个外部 IP。 MetalLB will select one address from the configured selected range and assign it to that service MetalLB 将从配置的选定范围中 select 一个地址并将其分配给该服务
- MetalLb will start to announce using standard protocol that the IP address can now be reached by contacting the cluster, it can work either in
Layer2mode (one node of the cluster holds that additional IP address) orBGP(true load balancing across all nodes of the cluster)MetalLb 将开始使用标准协议宣布,现在可以通过联系集群来访问 IP 地址,它可以在Layer2模式(集群的一个节点拥有额外的 IP 地址)或BGP(跨所有节点的真正负载平衡)下工作集群)
From that point, you can just reach the new service by contacting this newly assigned IP address (which is NOT the ip of any of the cluster nodes)从那时起,您可以通过联系这个新分配的 IP 地址(不是任何集群节点的 ip)来访问新服务
Usually, the Ingress Controller will just bring a LoadBalancer service (which will grab an external IP address from MetalLb) and then, you can reach hte Ingress Controller from that IP. Usually, the Ingress Controller will just bring a LoadBalancer service (which will grab an external IP address from MetalLb) and then, you can reach hte Ingress Controller from that IP.
As for your other questions, you don't need to worry about where the Ingress Controller is running or similar, it will be automatically handled.至于您的其他问题,您无需担心 Ingress Controller 在哪里运行或类似问题,它会自动处理。
The only thing you may want to do is to make the domain names which you want to serve point to the external IP address assigned to the Ingress Controller.您可能想要做的唯一一件事就是使您要服务的域名指向分配给 Ingress Controller 的外部 IP 地址。
Some docs:一些文档:
解决方案2
0 2022-02-05 14:02:55
As an alternative (especially when you want "static" ip addresses) I should mention HAProxy, installed external to kubernetes cluster in a bare_server/vm/lxc_container/etc.作为替代方案(特别是当您想要“静态”ip 地址时)我应该提到 HAProxy,安装在 kubernetes 集群外部,位于 bare_server/vm/lxc_container/etc 中。 and configured to send all incoming 80/433 traffic to the NodePort of ingress controller on all kubernetes workers (if no ingress pod is running on that worker traffic will be forwarded by kubernetes).并配置为将所有传入的 80/433 流量发送到所有 kubernetes 工作人员上的入口 controller 的 NodePort(如果没有入口 pod 在该工作人员流量将由 kubernetes 转发)。
Of course, nowadays ip addresses are also "cattle", not "pets" anymore, so MetalLB is more of a "kubernetish" solution, but who knows...当然,现在 ip 地址也是“牛”,不再是“宠物”,所以 MetalLB 更像是一个“kubernetish”解决方案,但谁知道...
This is the link describing HAProxy solution (I am not affiliated with the author):这是描述 HAProxy 解决方案的链接(我不隶属于作者):
https://itnext.io/bare-metal-kubernetes-with-kubeadm-nginx-ingress-controller-and-haproxy-bb0a7ef29d4e https://itnext.io/bare-metal-kubernetes-with-kubeadm-nginx-ingress-controller-and-haproxy-bb0a7ef29d4e
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.