为什么 ingress-nginx 控制器 tcp-services 不起作用? [英] Why ingress-nginx controller tcp-services not working?
问题描述
我正在尝试通过 ingress-nginx tcp-services 像这样:
I'm trying to expose a RabbitMQ ssl port via ingress-nginx tcp-services like so:
$ cat rabbit-expose-amqps.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: ingress-nginx
data:
5671: "dev/rabbitmq-rabbitmq-ha:5671"
(RabbitMQ 服务已经在此端口上侦听)但是任何尝试执行 openssl s_client -connect my-external-host:5671
都会超时,当然,任何尝试连接到amqps://my-extrenal-host:5671
使用 amqplib 也会超时.不过,管理 UI 确实有效,所以我知道外部 IP 是正确的.
(the RabbitMQ service already listens on this port) but and any attempt to perform openssl s_client -connect my-external-host:5671
times out, and, of course, any attempt to connect to amqps://my-extrenal-host:5671
using amqplib times out as well. The management UI does work, though, so I know the external IP is correct.
我的 ingress-nginx pod 中的 nginx.conf 似乎得到了更新,但有些奇怪(我认为):它确实在端口 5671 上配置了一个侦听器,但上游仍然用 0.0.0.1:1234 说占位符"地址.我什至回收了 pod,以防万一,仍然是相同的 conf 文件:
It seems that nginx.conf in my ingress-nginx pod gets updated, but something is strange (I think): it DOES configure a listener on port 5671, but the upstream still says "placeholder" with 0.0.0.1:1234 address. I even recycled the pod, just in case, still the same conf file:
stream {
upstream upstream_balancer {
server 0.0.0.1:1234; # placeholder
balancer_by_lua_block {
tcp_udp_balancer.balance()
}
}
...
# TCP services
server {
preread_by_lua_block {
ngx.var.proxy_upstream_name="tcp-dev-rabbitmq-rabbitmq-ha-5671";
}
listen 5671;
proxy_timeout 600s;
proxy_pass upstream_balancer;
}
}
如何正确应用 tcp-services?
How do I get the tcp-services applied correctly?
推荐答案
找到了解决方案:nginx-ingress 是使用他们的mandatory.yaml"文件安装的 - 而不是通过 Helm.查看 nginx-ingress helm chart,似乎为了暴露 tcp 服务端口,需要配置更多资源.如果我直接使用 helm chart 而不是 yaml,端口会正确暴露.
Found the solution: nginx-ingress was installed using their "mandatory.yaml" file - not via Helm. Looking at nginx-ingress helm chart, it appears that in order to expose the tcp service ports, there are more resources to config. If I use the helm chart instead of the yaml directly, the ports get exposed correctly.
这篇关于为什么 ingress-nginx 控制器 tcp-services 不起作用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!