如何在GCE上将NodePort暴露给Internet [英] How to expose NodePort to internet on GCE
问题描述
如何使用类型LoadBalancer向Internet 无公开类型为NodePort的服务?我发现的每个资源都是通过使用负载均衡器来完成的.但是我不希望负载均衡其昂贵和不必要的用例,因为我正在运行postgres映像的一个实例,该实例正在安装到永久磁盘上,并且我希望能够使用pgAdmin从我的PC连接到我的数据库.如果可以的话,请提供更多详细的答案,因为我是Kubernetes,GCE和网络领域的新手.
How can I expose service of type NodePort to internet without using type LoadBalancer? Every resource I have found was doing it by using load balancer. But I don't want load balancing its expensive and unnecessary for my use case because I am running one instance of postgres image which is mounting to persistent disk and I would like to be able to connect to my database from my PC using pgAdmin. If it is possible could you please provide bit more detailed answer as I am new to Kubernetes, GCE and networking.
仅出于记录和更多上下文的考虑,我有一个部署正在运行我的API服务器的3个副本的部署,我通过设置了loadBalancerIP的负载均衡器连接到了该服务器的另一个副本,而另一个部署正在运行一个具有NodePort服务的postgres实例,而我的API服务器通过该实例正在与我的数据库通信.我的问题是,很难在没有公共访问权限的情况下维护数据库.
Just for the record and bit more context I have deployment running 3 replicas of my API server to which I am connecting through load balancer with set loadBalancerIP and another deployment which is running one instance of postgres with NodePort service through which my API servers are communicating with my db. And my problem is that maintaining the db without public access is hard.
推荐答案
使用NodePort作为服务类型可以立即使用,例如像这样:
using NodePort as Service type works straight away e.g. like this:
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
type: NodePort
ports:
- port: 80
nodePort: 30080
name: http
- port: 443
nodePort: 30443
name: https
selector:
name: nginx
更多详细信息可以在文档中找到.
使用NodePort的缺点是您必须自己与提供商防火墙集成.也可以在配置云中找到该端口的起始端口官方文档中的提供商的防火墙部分.
More details can be found in the documentation.
The drawback of using NodePort is that you've to take care of integrating with your providers firewall by yourself. A starting port for that can also be found in the Configuring Your Cloud Provider's Firewalls section of the official documentation.
对于GCE,在所有节点上公开开放上述内容可能是这样的:
For GCE opening up the above for publicly on all nodes could look like:
gcloud compute firewall-rules create myservice --allow tcp:30080,tcp:30443
到位后,您的服务应该可以通过节点的任何公共IP进行访问.您会发现它们的来源:
Once this is in place your services should be accessable through any of the public IPs of your nodes. You'll find them with:
gcloud compute instances list
这篇关于如何在GCE上将NodePort暴露给Internet的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
