Docker Desktop + k8s加上https将多个外部端口代理到部署中的http上的Pod? [英] Docker Desktop + k8s plus https proxy multiple external ports to pods on http in deployment?
问题描述
我正在尝试做一件我认为很简单的事情.我需要 https://localhost:44301 , https://localhost:5002 , https://localhost:5003 到在我的docker桌面的k8s环境中被监听,并使用我指定的pfx文件/密码进行代理,并通过端口转发给侦听特定地址(可能是端口80,无关紧要)的Pod.
对于看起来应该是简单明了的文档,该文档的头脑非常复杂.我可以使Pod运行,可以使用kubectl port-forward,它们可以正常工作,但是我无法弄清楚如何以合理的方式使用ha-proxy或nginx或其他任何东西来进行入口操作.>
有人可以通过ELI5告诉我如何打开它吗?我使用的是Windows 10 2004,具有WSL2和Docker实验功能,因此我应该可以访问它们在文档中引用的入口内容,并使其清晰可见.
谢谢!
如评论中所述,这是社区Wiki答案:
我已经设法在Windows的Docker上的Kubernetes中创建Ingress资源.
复制步骤:
- 启用Hyper-V
- 为Windows安装Docker并启用Kubernetes
- 连接kubectl
- 启用入口
- 创建部署
- 创建服务
- 创建入口资源
- 将主机添加到本地主机文件
- 测试
启用 Hyper-V
在具有管理员访问权限的Powershell中,运行以下命令:
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
系统可能会要求您重新启动计算机.
为Windows安装Docker并启用Kubernetes
使用所有默认选项安装Docker应用程序并启用Kubernetes
连接Kubectl
安装 kubectl .
启用入口
运行此命令:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
编辑:确保没有其他服务正在使用端口80
重新启动计算机.在以管理员身份运行的cmd
提示符下,执行以下操作:
net stop http
使用services.msc
使用:netstat -a -n -o -b
并检查侦听端口80的其他进程.
创建部署
下面是具有可响应请求的Pod的简单部署:
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello
spec:
selector:
matchLabels:
app: hello
version: 2.0.0
replicas: 3
template:
metadata:
labels:
app: hello
version: 2.0.0
spec:
containers:
- name: hello
image: "gcr.io/google-samples/hello-app:2.0"
env:
- name: "PORT"
value: "50001"
通过运行命令来应用它:
$ kubectl apply -f file_name.yaml
创建服务
要使Pod能够与您进行通信,您需要创建服务.
以下示例:
apiVersion: v1
kind: Service
metadata:
name: hello-service
spec:
type: NodePort
selector:
app: hello
version: 2.0.0
ports:
- name: http
protocol: TCP
port: 80
targetPort: 50001
通过运行以下命令来应用此服务定义:
$ kubectl apply -f file_name.yaml
创建Ingress资源
下面是使用上面创建的服务的简单Ingress资源:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: hello-ingress
spec:
rules:
- host: kubernetes.docker.internal
http:
paths:
- path: /
backend:
serviceName: hello-service
servicePort: http
看看:
spec:
rules:
- host: hello-test.internal
hello-test.internal
将用作hostname
来连接到您的Pod.
通过调用以下命令来应用您的Ingress资源:
$ kubectl apply -f file_name.yaml
将主机添加到本地主机文件中
我发现了这个 Github链接,它可以让您连接到您的通过hostname
进入资源.
要实现此目的,请在您的C:\Windows\System32\drivers\etc\hosts
文件中添加一行127.0.0.1 hello-test.internal
并保存.
您将需要管理员权限才能做到这一点.
编辑:Windows的最新版本Docker Desktop已经添加了一个hosts文件条目:
127.0.0.1 kubernetes.docker.internal
测试
通过调用命令显示有关Ingress资源的信息:
kubectl get ingress
它应该显示:
NAME HOSTS ADDRESS PORTS AGE
hello-ingress hello-test.internal localhost 80 6m2s
现在,您可以通过打开网络浏览器并输入
来访问Ingress资源. http://kubernetes.docker.internal/
浏览器应输出:
Hello, world!
Version: 2.0.0
Hostname: hello-84d554cbdf-2lr76
Hostname: hello-84d554cbdf-2lr76
是所回复的窗格的名称.
如果此解决方案不起作用,请使用以下命令检查连接:
netstat -a -n -o
(具有管理员权限),如果某些端口未使用端口80.
I'm trying to do a straight up thing that I would think is simple. I need to have https://localhost:44301, https://localhost:5002, https://localhost:5003 to be listened to in my k8s environment in docker desktop, and be proxied using a pfx file/password that I specify and have it forward by the port to pods listening on specific addresses (could be port 80, doesn't matter)
The documentation is mind numbingly complex for what looks like it should be straight forward. I can get the pods running, I can use kubectl port-forward and they work fine, but I can't figure out how to get ingress working with ha-proxy or nginx or anything else in a way that makes any sense.
Can someone do an ELI5 telling me how to turn this on? I'm on Windows 10 2004 with WSL2 and Docker experimental so I should have access to the ingress stuff they reference in the docs and make clear as mud.
Thanks!
As discussed in the comments this is a community wiki answer:
I have managed to create Ingress resource in Kubernetes on Docker in Windows.
Steps to reproduce:
- Enable Hyper-V
- Install Docker for Windows and enable Kubernetes
- Connect kubectl
- Enable Ingress
- Create deployment
- Create service
- Create ingress resource
- Add host into local hosts file
- Test
Enable Hyper-V
From Powershell with administrator access run below command:
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
System could ask you to reboot your machine.
Install Docker for Windows and enable Kubernetes
Install Docker application with all the default options and enable Kubernetes
Connect kubectl
Install kubectl .
Enable Ingress
Run this commands:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
Edit: Make sure no other service is using port 80
Restart your machine. From a cmd
prompt running as admin, do:
net stop http
Stop the listed services using services.msc
Use: netstat -a -n -o -b
and check for other processes listening on port 80.
Create deployment
Below is simple deployment with pods that will reply to requests:
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello
spec:
selector:
matchLabels:
app: hello
version: 2.0.0
replicas: 3
template:
metadata:
labels:
app: hello
version: 2.0.0
spec:
containers:
- name: hello
image: "gcr.io/google-samples/hello-app:2.0"
env:
- name: "PORT"
value: "50001"
Apply it by running command:
$ kubectl apply -f file_name.yaml
Create service
For pods to be able for you to communicate with them you need to create a service.
Example below:
apiVersion: v1
kind: Service
metadata:
name: hello-service
spec:
type: NodePort
selector:
app: hello
version: 2.0.0
ports:
- name: http
protocol: TCP
port: 80
targetPort: 50001
Apply this service definition by running command:
$ kubectl apply -f file_name.yaml
Create Ingress resource
Below is simple Ingress resource using service created above:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: hello-ingress
spec:
rules:
- host: kubernetes.docker.internal
http:
paths:
- path: /
backend:
serviceName: hello-service
servicePort: http
Take a look at:
spec:
rules:
- host: hello-test.internal
hello-test.internal
will be used as the hostname
to connect to your pods.
Apply your Ingress resource by invoking command:
$ kubectl apply -f file_name.yaml
Add host into local hosts file
I found this Github link that will allow you to connect to your Ingress resource by hostname
.
To achieve that add a line 127.0.0.1 hello-test.internal
to your C:\Windows\System32\drivers\etc\hosts
file and save it.
You will need Administrator privileges to do that.
Edit: The newest version of Docker Desktop for Windows already adds a hosts file entry:
127.0.0.1 kubernetes.docker.internal
Test
Display the information about Ingress resources by invoking command:
kubectl get ingress
It should show:
NAME HOSTS ADDRESS PORTS AGE
hello-ingress hello-test.internal localhost 80 6m2s
Now you can access your Ingress resource by opening your web browser and typing
http://kubernetes.docker.internal/
The browser should output:
Hello, world!
Version: 2.0.0
Hostname: hello-84d554cbdf-2lr76
Hostname: hello-84d554cbdf-2lr76
is the name of the pod that replied.
If this solution is not working please check connections with the command:
netstat -a -n -o
(with Administrator privileges) if something is not using port 80.
这篇关于Docker Desktop + k8s加上https将多个外部端口代理到部署中的http上的Pod?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!