在没有负载均衡器的情况下在Digital Ocean的托管Kubernetes上暴露端口80 [英] Expose port 80 on Digital Ocean's managed Kubernetes without a load balancer
问题描述
我想在端口80上公开我的Kubernetes托管的Digital Ocean(单节点)集群的服务,而无需使用Digital Ocean的负载均衡器.这可能吗?我该怎么做?
I would like to expose my Kubernetes Managed Digital Ocean (single node) cluster's service on port 80 without the use of Digital Ocean's load balancer. Is this possible? How would I do this?
这本质上是一个业余项目(我从Kubernetes入手),只是想将成本保持在非常低的水平.
This is essentially a hobby project (I am beginning with Kubernetes) and just want to keep the cost very low.
推荐答案
您可以部署配置为使用主机网络和端口80/443的Ingress.
You can deploy an Ingress configured to use the host network and port 80/443.
-
默认情况下,集群的
-
DO的防火墙没有打开80/443入站.
DO's firewall for your cluster doesn't have 80/443 inbound open by default.
如果您编辑自动创建的防火墙,则规则最终将重置自己.解决方案是创建一个单独的防火墙,该防火墙也指向相同的Kubernetes工作者节点:
If you edit the auto-created firewall the rules will eventually reset themselves. The solution is to create a separate firewall also pointing at the same Kubernetes worker nodes:
$ doctl compute firewall create \
--inbound-rules="protocol:tcp,ports:80,address:0.0.0.0/0,address:::/0 protocol:tcp,ports:443,address:0.0.0.0/0,address:::/0" \
--tag-names=k8s:CLUSTER_UUID \
--name=k8s-extra-mycluster
(从仪表板获取CLUSTER_UUID值,或从doctl kubernetes cluster list获取ID列)
(Get the CLUSTER_UUID value from the dashboard or the ID column from doctl kubernetes cluster list)
- 使用主机网络创建 nginx入口.我在下面添加了 helm chart 配置,但是您也可以通过直接安装过程来做到这一点.
- Create the nginx ingress using the host network. I've included the helm chart config below, but you could do it via the direct install process too.
# For Helm 2
$ helm install stable/nginx-ingress --name=myingress -f myingress.values.yml
# For Helm 3
$ helm install myingress stable/nginx-ingress -f myingress.values.yml
图表的
myingress.values.yml:
---
controller:
kind: DaemonSet
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
daemonset:
useHostPort: true
service:
type: ClusterIP
rbac:
create: true
-
您应该能够通过任何辅助节点IP分别在:80和:443上访问群集,它将流量路由到您的入口.
you should be able to access the cluster on :80 and :443 via any worker node IP and it'll route traffic to your ingress.
因为节点IP可以&要进行更改,请查看部署外部DNS 以管理指向您的工作人员的DNS条目节点.再次使用舵图并假设您的DNS域由DigitalOcean托管(尽管任何受支持的DNS提供商都可以使用):
since node IPs can & do change, look at deploying external-dns to manage DNS entries to point to your worker nodes. Again, using the helm chart and assuming your DNS domain is hosted by DigitalOcean (though any supported DNS provider will work):
# For Helm 2
$ helm install --name=mydns -f mydns.values.yml stable/external-dns
# For Helm 3
$ helm install mydns stable/external-dns -f mydns.values.yml
图表的
mydns.values.yml:
---
provider: digitalocean
digitalocean:
# create the API token at https://cloud.digitalocean.com/account/api/tokens
# needs read + write
apiToken: "DIGITALOCEAN_API_TOKEN"
domainFilters:
# domains you want external-dns to be able to edit
- example.com
rbac:
create: true
- 创建Kubernetes 入口资源来路由请求到现有的Kubernetes服务:
- create a Kubernetes Ingress resource to route requests to an existing Kubernetes service:
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: testing123-ingress
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: testing123.example.com # the domain you want associated
http:
paths:
- path: /
backend:
serviceName: testing123-service # existing service
servicePort: 8000 # existing service port
- 大约一分钟后,您应该会看到DNS记录出现并且可以解决:
$ dig testing123.example.com # should return worker IP address
$ curl -v http://testing123.example.com # should send the request through the Ingress to your backend service
(编辑自动创建的防火墙规则最终会失败,请添加单独的防火墙).
( editing the automatically created firewall rules eventually breaks, add a separate firewall instead).
这篇关于在没有负载均衡器的情况下在Digital Ocean的托管Kubernetes上暴露端口80的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
