如何使用nginx入口基于端口路由流量 [英] How to use nginx ingress to route traffic based on port

问题描述

我目前正在Kubernetes集群上部署ELK堆栈，我能够在minikube上成功使用ClusterIP服务和nginx-ingress将入站http流量路由到kibana(5601端口)，需要有关如何路由流量的输入是基于入站端口而不是路径?

I'm currently working on deploying ELK stack on kubernetes cluster, i was successfully able to use ClusterIP service and nginx-ingress on minikube to route inbound http traffic to kibana (5601 port), need inputs on how i can route traffic based on inbound port rather than path?

使用下面的Ingress对象声明，我可以成功连接到我的kibana部署，但是如何访问暴露在不同端口(9200、5044、9600)上的其他工具堆栈?

Using below Ingress object declaration, i was successfully able to connect to my kibana deployment, but how can i access other tools stack exposed on different ports (9200, 5044, 9600)?

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
  name: ingress-service
spec:
  rules:
  - http:
      paths:
      - path: /
        backend:
          serviceName: kibana-service
          servicePort: 5601

在默认的80端口上输入minikube ip会返回有效的响应

CUrl'ing minikube ip on default 80 port returns valid response

# curl http://<minikube-ip>/api/status
{"name":"kibana",....}

注意:我不想使用NodePort，但想知道nodeport是我们实现以上目标的唯一方法吗?

Note: i would not want to use NodePort, but would like to know if nodeport is the only way we can achieve the above?

推荐答案

您已经拥有启用了minikube 和minikube ingress addon:

$ minikube addons list | grep ingress
| ingress                     | minikube | enabled ✅   |
| ingress-dns                 | minikube | enabled ✅   |

提醒一下:

targetPort:是容器接受流量的端口(应用程序在pod内运行的端口).

targetPort: is the port the container accepts traffic on (port where application runs inside the pod).

port:是抽象的Service port，可以是其他pod用来访问Service的任何端口.

port: is the abstracted Service port, which can be any port other pods use to access the Service.

请记住，如果您的容器将不是targetPort中指定的侦听端口，则将无法连接到Pod. 还请记住有关防火墙配置以允许流量的信息.

Please keep in mind that if your container will not be listening port specified in targetPort you will not be able to connect to the pod. Also remember about firewall configuration to allow traffic.

例如，我使用了这个Yamls:

As for example I've used this yamls:

apiVersion: v1
kind: Service
metadata:
  name: service-one
spec:
  selector:
    key: application-1
  ports:
    - port: 81
      targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-1
spec:
  replicas: 1
  selector:
    matchLabels:
      key: application-1
  template:
    metadata:
      labels:
        key: application-1
    spec:
      containers:
      - name: hello1
        image: gcr.io/google-samples/hello-app:1.0
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: service-two
spec:
  selector:
    key: application-2
  ports:
    - port: 82
      targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-2
spec:
  replicas: 1
  selector:
    matchLabels:
      key: application-2
  template:
    metadata:
      labels:
        key: application-2
    spec:
      containers:
      - name: hello2
        image: gcr.io/google-samples/hello-app:2.0
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 8080
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
  - http:
      paths:
      - path: /hello
        backend:
          serviceName: service-one
          servicePort: 81
      - path: /hello2
        backend:
          serviceName: service-two
          servicePort: 82

service/service-one created
deployment.apps/deployment-1 created
service/service-two created
deployment.apps/deployment-2 created
Warning: networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
ingress.networking.k8s.io/ingress created

警告:networking.k8s.io/v1beta1在v1.19 +中已弃用Ingress，在v1.22 +中不可用；使用networking.k8s.io/v1入口

Warning: networking.k8s.io/v1beta1 Ingress is deprecated in v1.19+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress

请记住，根据上述警告，Minikube很快将更改apiVersion.

Please keep in mind that soon Minikube will change apiVersion as per warning above.

此配置的输出以下:

$ curl http://172.17.0.3/hello
Hello, world!
Version: 1.0.0
Hostname: deployment-1-77ddb77d56-2l4cp
minikube-ubuntu18:~$ curl http://172.17.0.3/hello2
Hello, world!
Version: 2.0.0
Hostname: deployment-2-fb984955c-5dvbx

您可以使用:

      paths:
      - path: /elasticsearch
        backend:
          serviceName: elasticsearch-service
          servicePort: 100
      - path: /anotherservice
        backend:
          serviceName: another-service
          servicePort: 101

服务的外观如下:

  name: elasticsearch-service
  ...
  ports:
    - port: 100
      targetPort: 9200
  ---
  name: another-service
  ...
  ports:
    - port: 101
      targetPort: 5044

但是，如果您需要更高级的path配置，则还可以使用重写.您也可以使用default backend重定向到特定服务.

However, if you would need more advanced path configuration you can also use rewrite. Also you can use default backend to redirect to specific service.

有关访问Minikube的更多信息，您可以在 Minikube文档中找到.

More information about accessing Minikube you can find in Minikube documentation.

是您要找的东西还是其他东西?

Is it what you were looking for or something different?

这篇关于如何使用nginx入口基于端口路由流量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！