Docker Desktop + k8s加上https将多个外部端口代理到部署中的http上的Pod? [英] Docker Desktop + k8s plus https proxy multiple external ports to pods on http in deployment?

问题描述

我正在尝试做一件我认为很简单的事情.我需要 https://localhost:44301 ， https://localhost:5002 ， https://localhost:5003 到在我的docker桌面的k8s环境中被监听，并使用我指定的pfx文件/密码进行代理，并通过端口转发给侦听特定地址(可能是端口80，无关紧要)的Pod.

对于看起来应该是简单明了的文档，该文档的头脑非常复杂.我可以使Pod运行，可以使用kubectl port-forward，它们可以正常工作，但是我无法弄清楚如何以合理的方式使用ha-proxy或nginx或其他任何东西来进行入口操作.

有人可以通过ELI5告诉我如何打开它吗?我使用的是Windows 10 2004，具有WSL2和Docker实验功能，因此我应该可以访问它们在文档中引用的入口内容，并使其清晰可见.

谢谢！

解决方案

如评论中所述，这是社区Wiki答案:

---

我已经设法在Windows的Docker上的Kubernetes中创建Ingress资源.

复制步骤:

• 启用Hyper-V
• 为Windows安装Docker并启用Kubernetes
• 连接kubectl
• 启用入口
• 创建部署
• 创建服务
• 创建入口资源
• 将主机添加到本地主机文件
• 测试

启用 Hyper-V

在具有管理员访问权限的Powershell中，运行以下命令:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All

系统可能会要求您重新启动计算机.

为Windows安装Docker并启用Kubernetes

使用所有默认选项安装Docker应用程序并启用Kubernetes

连接Kubectl

安装 kubectl .

启用入口

运行此命令:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml

编辑:确保没有其他服务正在使用端口80

重新启动计算机.在以管理员身份运行的cmd提示符下，执行以下操作: net stop http 使用services.msc

停止列出的服务

使用:netstat -a -n -o -b并检查侦听端口80的其他进程.

创建部署

下面是具有可响应请求的Pod的简单部署:

 apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello
spec:
  selector:
    matchLabels:
      app: hello
      version: 2.0.0
  replicas: 3
  template:
    metadata:
      labels:
        app: hello
        version: 2.0.0
    spec:
      containers:
      - name: hello
        image: "gcr.io/google-samples/hello-app:2.0"
        env:
        - name: "PORT"
          value: "50001"
 

通过运行命令来应用它:

$ kubectl apply -f file_name.yaml

创建服务

要使Pod能够与您进行通信，您需要创建服务.

以下示例:

 apiVersion: v1
kind: Service
metadata:
  name: hello-service
spec:
  type: NodePort
  selector:
    app: hello
    version: 2.0.0
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 50001
 

通过运行以下命令来应用此服务定义:

$ kubectl apply -f file_name.yaml

创建Ingress资源

下面是使用上面创建的服务的简单Ingress资源:

 apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: hello-ingress 
spec:
  rules:
  - host: kubernetes.docker.internal
    http:
      paths:
      - path: /
        backend:
          serviceName: hello-service 
          servicePort: http
 

看看:

 spec:
  rules:
  - host: hello-test.internal 
 

hello-test.internal将用作hostname来连接到您的Pod.

通过调用以下命令来应用您的Ingress资源:

$ kubectl apply -f file_name.yaml

将主机添加到本地主机文件中

我发现了这个 Github链接，它可以让您连接到您的通过hostname进入资源.

要实现此目的，请在您的C:\Windows\System32\drivers\etc\hosts文件中添加一行127.0.0.1 hello-test.internal并保存. 您将需要管理员权限才能做到这一点.

编辑:Windows的最新版本Docker Desktop已经添加了一个hosts文件条目: 127.0.0.1 kubernetes.docker.internal

测试

通过调用命令显示有关Ingress资源的信息: kubectl get ingress

它应该显示:

NAME            HOSTS                 ADDRESS     PORTS   AGE
hello-ingress   hello-test.internal   localhost   80      6m2s

现在，您可以通过打开网络浏览器并输入

来访问Ingress资源.

http://kubernetes.docker.internal/

浏览器应输出:

Hello, world!
Version: 2.0.0
Hostname: hello-84d554cbdf-2lr76

Hostname: hello-84d554cbdf-2lr76是所回复的窗格的名称.

如果此解决方案不起作用，请使用以下命令检查连接: netstat -a -n -o (具有管理员权限)，如果某些端口未使用端口80.

---

I'm trying to do a straight up thing that I would think is simple. I need to have https://localhost:44301, https://localhost:5002, https://localhost:5003 to be listened to in my k8s environment in docker desktop, and be proxied using a pfx file/password that I specify and have it forward by the port to pods listening on specific addresses (could be port 80, doesn't matter)

The documentation is mind numbingly complex for what looks like it should be straight forward. I can get the pods running, I can use kubectl port-forward and they work fine, but I can't figure out how to get ingress working with ha-proxy or nginx or anything else in a way that makes any sense.

Can someone do an ELI5 telling me how to turn this on? I'm on Windows 10 2004 with WSL2 and Docker experimental so I should have access to the ingress stuff they reference in the docs and make clear as mud.

Thanks!

解决方案

As discussed in the comments this is a community wiki answer:

---

I have managed to create Ingress resource in Kubernetes on Docker in Windows.

Steps to reproduce:

• Enable Hyper-V
• Install Docker for Windows and enable Kubernetes
• Connect kubectl
• Enable Ingress
• Create deployment
• Create service
• Create ingress resource
• Add host into local hosts file
• Test

Enable Hyper-V

From Powershell with administrator access run below command:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All

System could ask you to reboot your machine.

Install Docker for Windows and enable Kubernetes

Install Docker application with all the default options and enable Kubernetes

Connect kubectl

Install kubectl .

Enable Ingress

Run this commands:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml

Edit: Make sure no other service is using port 80

Restart your machine. From a cmd prompt running as admin, do: net stop http Stop the listed services using services.msc

Use: netstat -a -n -o -b and check for other processes listening on port 80.

Create deployment

Below is simple deployment with pods that will reply to requests:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello
spec:
  selector:
    matchLabels:
      app: hello
      version: 2.0.0
  replicas: 3
  template:
    metadata:
      labels:
        app: hello
        version: 2.0.0
    spec:
      containers:
      - name: hello
        image: "gcr.io/google-samples/hello-app:2.0"
        env:
        - name: "PORT"
          value: "50001"

Apply it by running command:

$ kubectl apply -f file_name.yaml

Create service

For pods to be able for you to communicate with them you need to create a service.

Example below:

apiVersion: v1
kind: Service
metadata:
  name: hello-service
spec:
  type: NodePort
  selector:
    app: hello
    version: 2.0.0
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 50001

Apply this service definition by running command:

$ kubectl apply -f file_name.yaml

Create Ingress resource

Below is simple Ingress resource using service created above:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: hello-ingress 
spec:
  rules:
  - host: kubernetes.docker.internal
    http:
      paths:
      - path: /
        backend:
          serviceName: hello-service 
          servicePort: http

Take a look at:

spec:
  rules:
  - host: hello-test.internal 

hello-test.internal will be used as the hostname to connect to your pods.

Apply your Ingress resource by invoking command:

$ kubectl apply -f file_name.yaml

Add host into local hosts file

I found this Github link that will allow you to connect to your Ingress resource by hostname.

To achieve that add a line 127.0.0.1 hello-test.internal to your C:\Windows\System32\drivers\etc\hosts file and save it. You will need Administrator privileges to do that.

Edit: The newest version of Docker Desktop for Windows already adds a hosts file entry: 127.0.0.1 kubernetes.docker.internal

Test

Display the information about Ingress resources by invoking command: kubectl get ingress

It should show:

NAME            HOSTS                 ADDRESS     PORTS   AGE
hello-ingress   hello-test.internal   localhost   80      6m2s

Now you can access your Ingress resource by opening your web browser and typing

http://kubernetes.docker.internal/

The browser should output:

Hello, world!
Version: 2.0.0
Hostname: hello-84d554cbdf-2lr76

Hostname: hello-84d554cbdf-2lr76 is the name of the pod that replied.

If this solution is not working please check connections with the command: netstat -a -n -o (with Administrator privileges) if something is not using port 80.

---

这篇关于Docker Desktop + k8s加上https将多个外部端口代理到部署中的http上的Pod?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！