如何在 GCE 上将 NodePort 公开到互联网 [英] How to expose NodePort to internet on GCE

问题描述

如何在不使用 LoadBalancer 类型的情况下，将 NodePort 类型的服务暴露给互联网?我发现的每个资源都是通过使用负载平衡器来实现的.但是我不希望负载平衡对于我的用例来说是昂贵且不必要的，因为我正在运行一个 postgres 映像实例，该实例正在挂载到永久性磁盘，并且我希望能够连接到我的数据库从我的电脑使用 pgAdmin.如果可能，请提供更详细的答案，因为我是 Kubernetes、GCE 和网络的新手.

How can I expose service of type NodePort to internet without using type LoadBalancer? Every resource I have found was doing it by using load balancer. But I don't want load balancing its expensive and unnecessary for my use case because I am running one instance of postgres image which is mounting to persistent disk and I would like to be able to connect to my database from my PC using pgAdmin. If it is possible could you please provide bit more detailed answer as I am new to Kubernetes, GCE and networking.

只是为了记录和更多的上下文，我有部署运行我的 API 服务器的 3 个副本，我通过负载均衡器与 set loadBalancerIP 和另一个部署运行一个带有 NodePort 服务的 postgres 实例，我的 API 服务器通过它正在与我的数据库通信.我的问题是在没有公共访问权限的情况下维护数据库很困难.

Just for the record and bit more context I have deployment running 3 replicas of my API server to which I am connecting through load balancer with set loadBalancerIP and another deployment which is running one instance of postgres with NodePort service through which my API servers are communicating with my db. And my problem is that maintaining the db without public access is hard.

推荐答案

使用 NodePort 作为服务类型可以立即工作，例如像这样:

using NodePort as Service type works straight away e.g. like this:

apiVersion: v1
kind: Service
metadata:
  name: nginx
spec:
  type: NodePort
  ports:
    - port: 80
      nodePort: 30080
      name: http
    - port: 443
      nodePort: 30443
      name: https
  selector:
    name: nginx

更多详细信息可以在文档中找到.使用 NodePort 的缺点是您必须自己处理与提供商防火墙的集成.也可以在 Configuring Your Cloud 中找到其起始端口官方文档的提供商防火墙部分.

More details can be found in the documentation. The drawback of using NodePort is that you've to take care of integrating with your providers firewall by yourself. A starting port for that can also be found in the Configuring Your Cloud Provider's Firewalls section of the official documentation.

对于 GCE 在所有节点上公开开放上述内容可能如下所示:

For GCE opening up the above for publicly on all nodes could look like:

gcloud compute firewall-rules create myservice --allow tcp:30080,tcp:30443

一旦到位，您的服务应该可以通过您节点的任何公共 IP 访问.您可以通过以下方式找到它们:

Once this is in place your services should be accessable through any of the public IPs of your nodes. You'll find them with:

gcloud compute instances list

这篇关于如何在 GCE 上将 NodePort 公开到互联网的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！