使用一致的IP地址从Kube.netes访问外部服务
[英]Access external service from Kubernetes with consistent IP address
问题描述
I've set up a service and some pods in an AWS Elastic Kube.netes Service (EKS) cluster which access a RabbitMQ message service and PostgreSQL database hosted externally to the cluster.
我在 AWS Elastic Kube.netes Service (EKS) 集群中设置了一项服务和一些 pod,该集群访问集群外部托管的 RabbitMQ 消息服务和 PostgreSQL 数据库。 At the moment, I've opened up via AWS security groups access from all IPs (0.0.0.0/0) to these services as kube.netes assigns an IP for each node when it is created.目前,我已经通过 AWS 安全组从所有 IP (0.0.0.0/0) 访问这些服务,因为 kube.netes 在创建每个节点时为其分配了一个 IP。
Ideally, I'd like to route traffic from Kube.netes to these services via one consistent "external Kube.netes IP" so I can add it in to each external services security group.理想情况下,我想通过一个一致的“外部 Kube.netes IP”将流量从 Kube.netes 路由到这些服务,这样我就可以将它添加到每个外部服务安全组中。 Currently, from Googling around I haven't found a way to do this, is it possible?目前,从谷歌搜索我还没有找到这样做的方法,有可能吗?
For RabbitMQ I have the current Service and Endpoint set up, but I believe this is only for routing traffic through the Kube.netes cluster and not related to the external facing side of my cluster?对于 RabbitMQ,我设置了当前的服务和端点,但我相信这仅用于通过 Kube.netes 集群路由流量,与我的集群的外部面向无关?
kind: Service
metadata:
name: rabbitmq-service
spec:
selector:
app: job-wq-1
ports:
- port: 15672
targetPort: 15672
name: management-port
- port: 5672
targetPort: 5672
name: data-port
type: LoadBalancer
---
kind: Endpoints
apiVersion: v1
metadata:
name: rabbitmq
subsets:
- addresses:
- ip: 'rabbitmq.server.public.ip'
ports:
- port: 15672
name: 'management-port'
- port: 5672
name: 'data-port'
2 个解决方案
解决方案1
0 2022-11-16 15:44:40
Do you mean the IP for the outgoing traffic?您的意思是传出流量的 IP 吗?
If you're trying to create a LoadBalancer Service with a static external IP, you can use the loadBalancerIP field to use a reserved IP, such as an AWS Elastic IP.如果您尝试使用 static 外部 IP 创建 LoadBalancer 服务,您可以使用loadBalancerIP字段来使用保留的 IP,例如 AWS Elastic IP。
https://kube.netes.io/docs/concepts/services.networking/service/#type-loadbalancer https://kube.netes.io/docs/concepts/services.networking/service/#type-loadbalancer
解决方案2
0 2022-11-17 08:34:31
Yes it is possible, but it is not simple.是的,这是可能的,但这并不简单。
What would you have to do is route your outbound traffic from the cluster through either a VPC Gateway, NAT Gateway, or some other EC2 instance whose purpose will be to act as a NAT.您需要做的是通过 VPC 网关、NAT 网关或其他一些用作 NAT 的 EC2 实例路由来自集群的出站流量。 That instance can then be given a static IP which you can then whitelist at the destination (so no need to use 0.0.0.0/0)然后可以为该实例提供 static IP,然后您可以在目的地将其列入白名单(因此无需使用 0.0.0.0/0)
We use a similar setup in GKE to allow us to spin up a GKE Cluster, run a workload in that, but have a known fixed IP the remote server will recognise and allow to connect.我们在 GKE 中使用类似的设置来允许我们启动 GKE 集群,在其中运行工作负载,但有一个已知的固定 IP 远程服务器将识别并允许连接。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.