将Kubernetes集群公开到Internet [英] Expose Kubernetes cluster to Internet

问题描述

我已经在虚拟机上创建了一个Kubernetes集群，并且我一直试图通过自己的域将它公开给Internet(例如，

I have created a Kubernetes cluster on my virtual machine and I have been trying to expose this to Internet with my own domain(for eg, www.mydomain.xyz). I have created an ingress resource as below and I've also modified kubelet configuration to have my domain name. All my pods and services are created in this domain name (Eg, default.svc.mydomain.xyz)

root@master-1:~# kubectl get ingress
NAME           CLASS    HOSTS                  ADDRESS        PORTS   AGE
test-ingress   <none>   www.mydomain.xyz   192.168.5.11   80      5d20h

root@master-1:~# kubectl get svc -n ingress-nginx
NAME                                 TYPE           CLUSTER-IP      EXTERNAL-IP    PORT(S)                      AGE
ingress-nginx-controller             LoadBalancer   10.103.59.116   192.168.5.11   443:30740/TCP,80:31894/TCP   6d21h

我尝试如下在域DNS页面中添加A记录，但无法添加.

I tried to add A record in my domain DNS page as below and could not add it.

这是我遇到的问题，无法继续进行下去.我是否需要更改群集中的任何内容以在域DNS配置"域中添加此名称空间? (Hostinger)或要添加到主节点中的任何内容.

This is where I get stuck and unable to proceed further. Do I need to change anything in the cluster to add this namespace in "Domain DNS configuration" (Hostinger) or anything to be added in master node.

我拥有的域如何将所有流量重定向到我的kubernetes集群?

How does the domain that I own redirect all the traffic to my kubernetes cluster?

任何帮助将不胜感激.

推荐答案

您无法像尝试过的那样公开Kubernetes集群.

我强烈建议您使用其他Kubernetes解决方案，因为minikube更像是官方网站上所述的实验和开发工具:

I strongly advise to use a different Kubernetes solution as minikube is more a tool to experiment and develop as said in the official site:

Minikube是一种可以轻松在本地运行Kubernetes的工具. Minikube在笔记本电脑的虚拟机(VM)内运行一个单节点Kubernetes集群，以供希望试用Kubernetes或使用它进行日常开发的用户使用.

Minikube is a tool that makes it easy to run Kubernetes locally. Minikube runs a single-node Kubernetes cluster inside a Virtual Machine (VM) on your laptop for users looking to try out Kubernetes or develop with it day-to-day.

Kubernetes.io:学习环境:Minikube

请查看其他解决方案，例如:

Please take a look on other solutions like:

• Kubernetes.io:生产环境:创建集群kubeadm
• Github.com:Kubespray
• Cloud.google.com:Kubernetes引擎
• Aws.amazon.com:EKS

• Kubernetes.io: Production environment: Create cluster kubeadm
• Github.com: Kubespray
• Cloud.google.com: Kubernetes Engine
• Aws.amazon.com: EKS

尝试从专用网络向Internet公开Kubernetes时，您要记住几件事.

You have several things to remember when trying to expose Kubernetes to the Internet from your private network.

• 访问公共IP
• 能够在网络内部移植转发流量
• 允许访问您的minikube实例的流量
• 结合以上所有内容

• Access to public IP
• Ability to port forward traffic inside your network
• Allow traffic to your minikube instance
• Combining all of the above

我为什么认为它是minikube实例?

您有2个网络接口:

• NAT
• Host-only

• NAT
• Host-only

使用Virtualbox运行minikube时会创建此接口

This interfaces are getting created when you run your minikube with Virtualbox

访问公共IP

访问公共IP至关重要. 没有它，您将无法在Internet上公开您的服务.有一些例外情况，但在此我将不重点讨论.

Access to public IP

Access to public IP is crucial. Without it you will not be able to expose your services to the Internet. There are some exclusions but I will not focus on them here.

在DNS面板中，您输入了专用IP地址.除非打算将DNS服务器仅解析本地查询(您的专用网络)，否则您不能这样做.为了允许其他用户连接到您的Kubernetes集群，您需要提供一个公共IP地址 就像94.XXX.XXX.XXX.

In the DNS panel you've entered the private IP address. You cannot do that unless the DNS server is intended resolve only local queries (your private network). To allow other users to connect to your Kubernetes cluster you need to provide a public IP address like 94.XXX.XXX.XXX.

您可以在此处详细了解公共IP地址和私有IP地址之间的区别:

You can read more about differences between public and private ip addresses here:

• 如果您拥有公共IP，则还需要检查传入的连接是否被其他设备(例如ISP的防火墙或路由器)阻止. 如果它们被阻止，您将无法公开您的服务.要将您的服务公开到Internet，您将需要使用端口转发".

  If you have your public IP you will also need to check if the incoming connections are not blocked by other devices like ISP's firewalls or your router. If they are blocked you will be unable to expose your services. To expose your services to the Internet you will need to use "port-forwarding".

  您可以在此处了解更多信息:

  You can read more about it here:

  • Wikipedia.org:端口转发

  正如我之前提到的:使用Virtualbox创建minikube实例时，您将创建以下网络接口:

  As I previously mentioned: When you create your minikube instance with Virtualbox you will create below network interfaces:

  • NAT-界面，该界面将允许您的VM访问Internet.此连接不能用于公开您的服务
  • Host-only-network-adapter-由主机创建的接口，允许在该接口内进行通信.这意味着您的主机和具有此特定适配器的其他虚拟机可以相互连接.专为内部使用而设计.
  • NAT- interface which will allow your VM to access the Internet. This connection cannot be used to expose your services
  • Host-only-network-adapter - interface created by your host which allows to communicate within the interface. It means that your host and other vm's with this particular adapter could connect with each other. It's designed for internal usage.

  您可以在此处阅读有关Virtualbox网络的更多信息:

  You can read more about Virtualbox networking here:

  • Virtualbox.org:虚拟网络

  我设法找到了一种解决方法，以允许笔记本电脑/PC外部的计算机连接到minikube实例.您需要将minikube实例的设置中的网络接口从 Host-only-network-adapter 更改为 Bridged Adapter (第二个适配器).这将在另一台设备连接到您的物理网络时起作用.请确保此桥接适配器与以太网NIC一起使用. Minikube应该更改IP地址，使其与您实际使用的IP地址相匹配.

  I've managed to find a workaround to allow connections outside your laptop/pc to your minikube instance. You will need to change network interface in settings of your minikube instance from Host-only-network-adapter to Bridged Adapter (2nd adapter). This will work as another device was connected to your physical network. Please make sure that this bridged adapter is used with Ethernet NIC. Minikube should change IP address to match the one used in your physical one.

  您还需要更改您的.kube/config，因为它将具有旧的或错误的IP地址！

  You will also need to change your .kube/config as it will have the old/wrong IP address!

  之后，您应该能够通过物理网络中可访问的IP连接到Ingress资源.

  After that you should be able to connect to your Ingress resource by IP accessible in your physical network.

  记住上面的信息，让我们假设.

  Remembering the information above, let's assume.

  • 您在路由器的WAN接口上关联了一个公共IP地址(例如94.100.100.100).
  • 您在DNS中创建一个A记录，将您的域名指向94.100.100.100.
  • 您创建从端口80到端口80 到minikube桥接适配器的IP地址的端口转发.
  • You have a public IP address associated on the WAN interface of your router (for example 94.100.100.100).
  • You create a A record in DNS pointing to your domain name to 94.100.100.100.
  • You create a port-forwarding from port 80 to port 80 to the IP address of minikube bridged adapter.

  之后，您应该可以从外部连接到您的Ingress资源.

  After that you should be able to connect from outside to your Ingress resource.

  该请求将首先与DNS服务器联系以获取与该域关联的IP地址.然后它将请求发送到该IP地址(大概是您的路由器).您的路由器会将此连接移植到您的minikube实例.

  The request will first contact DNS server for IP address associated with the domain. Then it will send request to this IP address (which is presumably your router). Your router will port-forward this connection to your minikube instance.

  这篇关于将Kubernetes集群公开到Internet的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！