如何将K8 Pod暴露给公共互联网? [英] How to expose k8 pods to the public internet?
问题描述
我目前正在学习docker和kubernetes。我遇到的问题之一是将Nginx Pod暴露在公共互联网上。我想从Web浏览器访问我的serverIP并看到nginx页面,就像在服务器上安装了nginx一样。
I'm currently learning docker and kubernetes. One of the issues that I'm having trouble with is exposing my nginx pod to the public internet. I would like to visit my serverIP from my web browser and see the nginx page as if nginx was installed on the server.
pod-nginx.yml来自kubernetes网站
pod-nginx.yml from kubernetes website
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx:1.7.9
ports:
- containerPort: 80
我可以从pod向前移植,然后通过curl访问默认的nginx页面。
sudo kubectl port-forward nginx 80:80
I can port forward from the pod and then access the default nginx page via curl.
sudo kubectl port-forward nginx 80:80
curl http: // localhost 返回nginx页面,而 curl http://< serverIP> 返回未能连接<服务器IP> port:80连接被拒绝
curl http://localhost returns the nginx page, while curl http://<serverIP> returns failed to connect <serverIP> port:80 Connection refused
我是否需要通过修改iptables和防火墙规则在公共网络接口与群集网络接口之间进行端口转发?我觉得我在这里确实缺少一些明显的东西。
Do I need to port forward between my pubic network interface to my cluster network interface by modifying iptables and firewall rules? I feel like im missing something really obvious here.
我尝试使用nodeport属性并阅读了有关入口和负载平衡器的文档,但是我的云提供商没有这些后端功能,因此这些命令只是结束无限期地等待中。
I have tried using the nodeport property and have read the documentation on ingress and loadbalancers, but my cloud provider doesn't have those back end functionalities, so those commands just end up pending indefinitely.
推荐答案
公开服务的方式有多种:
There are different ways to expose your services:
-
使用 NodePort :这将在主机中打开一个端口,您可以在其中访问服务。例如,类似192.168.100.99:37843之类的内容,即192.168.100.99是安装了群集的HOST系统之一。
Using NodePort: This will open a port in the host where you can access your service. For example something like 192.168.100.99:37843, being 192.168.100.99 one of the HOST system where the cluster in installed in.
使用 LoadBalancer :如果您的集群位于Google之类的云中,则可以使用基础架构来为您的服务生成外部IP。我坚持一个事实,即底层云必须支持它。
Using LoadBalancer: If your cluster is in a cloud like Google, then you can use the underlying infrastructure to generate an external IP for your service. I insist on the fact that the underlying cloud must support it.
使用入口规则:LoadBalancers的适当替代方法是使用反向代理。 Kubernetes允许您在端口80和443中侦听此反向代理,并使用Ingress规则将流量转发到您的不同服务。
Using Ingress rules: A proper alternative to LoadBalancers is the use of a reverse proxy. Kubernetes allows you to have this reverse proxy listening in port 80 and 443 and, using Ingress rules, to forward traffic to your different services.
考虑到您的情况,我认为Ingress Rules选项可以满足您的需求。如果您的集群未安装Ingress控制器,则可以安装这一个基于nginx。
Looking at your case, I think that the Ingress Rules option would suit your needs. If your cluster does not have an Ingress controller installed, you can install this one based on nginx.
这篇关于如何将K8 Pod暴露给公共互联网?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
