为什么 ingress-nginx 控制器 tcp-services 不起作用? [英] Why ingress-nginx controller tcp-services not working?

问题描述

我正在尝试通过 ingress-nginx tcp-services 像这样:

I'm trying to expose a RabbitMQ ssl port via ingress-nginx tcp-services like so:

$ cat rabbit-expose-amqps.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: tcp-services
  namespace: ingress-nginx
data:
  5671: "dev/rabbitmq-rabbitmq-ha:5671"

(RabbitMQ 服务已经在此端口上侦听)但是任何尝试执行 openssl s_client -connect my-external-host:5671 都会超时，当然，任何尝试连接到amqps://my-extrenal-host:5671 使用 amqplib 也会超时.不过，管理 UI 确实有效，所以我知道外部 IP 是正确的.

(the RabbitMQ service already listens on this port) but and any attempt to perform openssl s_client -connect my-external-host:5671 times out, and, of course, any attempt to connect to amqps://my-extrenal-host:5671 using amqplib times out as well. The management UI does work, though, so I know the external IP is correct.

我的 ingress-nginx pod 中的 nginx.conf 似乎得到了更新，但有些奇怪(我认为):它确实在端口 5671 上配置了一个侦听器，但上游仍然用 0.0.0.1:1234 说占位符"地址.我什至回收了 pod，以防万一，仍然是相同的 conf 文件:

It seems that nginx.conf in my ingress-nginx pod gets updated, but something is strange (I think): it DOES configure a listener on port 5671, but the upstream still says "placeholder" with 0.0.0.1:1234 address. I even recycled the pod, just in case, still the same conf file:

stream {
    upstream upstream_balancer {
            server 0.0.0.1:1234; # placeholder

            balancer_by_lua_block {
                    tcp_udp_balancer.balance()
            }
    }
    ...
    # TCP services
    server {
        preread_by_lua_block {
            ngx.var.proxy_upstream_name="tcp-dev-rabbitmq-rabbitmq-ha-5671";
        }
        listen                  5671;
        proxy_timeout           600s;
        proxy_pass              upstream_balancer;

    }
}

如何正确应用 tcp-services?

How do I get the tcp-services applied correctly?

推荐答案

找到了解决方案:nginx-ingress 是使用他们的mandatory.yaml"文件安装的 - 而不是通过 Helm.查看 nginx-ingress helm chart，似乎为了暴露 tcp 服务端口，需要配置更多资源.如果我直接使用 helm chart 而不是 yaml，端口会正确暴露.

Found the solution: nginx-ingress was installed using their "mandatory.yaml" file - not via Helm. Looking at nginx-ingress helm chart, it appears that in order to expose the tcp service ports, there are more resources to config. If I use the helm chart instead of the yaml directly, the ports get exposed correctly.

这篇关于为什么 ingress-nginx 控制器 tcp-services 不起作用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！