使用 Ingress Nginx 控制器公开 Redis [英] Exposing Redis with Ingress Nginx Controller
问题描述
您好,当我使用节点端口公开我的 redis 服务时,它工作正常.我可以访问它.但是,如果我尝试切换到 Ingress Nginx 控制器,它会拒绝连接.. 其他应用程序在 Ingress 中运行良好.
Hello when I use node port to expose my redis service it works fine. I am able to access it. But if I try switch to Ingress Nginx controller it refuse to connect.. Other apps work fine with ingress.
这是我的服务:
apiVersion: v1
kind: Service
metadata:
name: redis-svc
spec:
# type: NodePort
ports:
- name: http
port: 6379
targetPort: 6379
protocol: TCP
# nodePort: 30007
selector:
app: redis
这里是入口:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: redis-ing
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
# nginx.ingress.kubernetes.io/enable-cors: "true"
# nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
# nginx.ingress.kubernetes.io/cors-allow-origin: "https://test.hefest.io"
# nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
spec:
tls:
- secretName: letsencrypt-prod
hosts:
- redis-dev.domain.com
rules:
- host: redis-dev.domain.com
http:
paths:
- path: /
backend:
serviceName: redis-svc
servicePort: 6379
知道什么是问题吗?
我正在使用这个入口控制器:https://github.com/nginxinc/kubernetes-ingress
I am using this ingress controller: https://github.com/nginxinc/kubernetes-ingress
推荐答案
Redis 在非 HTTP 端口 (80,443) 的 6379 上工作.所以你需要启用TCP/UDP 支持 在 nginx 入口控制器中.minikube 文档 此处 展示了如何为 redis 执行此操作.
Redis works on 6379 which is non HTTP port(80,443). So you need to enable TCP/UDP support in nginx ingress controller. The minikube docs here shows how to do it for redis.
更新 TCP 和/或 UDP 服务配置映射
从使用入口 nginx 控制器配置 TCP 和 UDP 服务的教程中借用我们需要编辑启用 minikube 入口插件时默认安装的配置映射.
Borrowing from the tutorial on configuring TCP and UDP services with the ingress nginx controller we will need to edit the configmap which is installed by default when enabling the minikube ingress addon.
有 2 个配置映射,1 个用于 TCP 服务,1 个用于 UDP 服务.默认情况下,它们看起来像这样:
There are 2 configmaps, 1 for TCP services and 1 for UDP services. By default they look like this:
apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: ingress-nginx
---
apiVersion: v1
kind: ConfigMap
metadata:
name: udp-services
namespace: ingress-nginx
由于这些配置映射是集中式的并且可能包含配置,我们最好只修补它们而不是完全覆盖它们.
Since these configmaps are centralized and may contain configurations, it is best if we only patch them rather than completely overwrite them.
我们以这个redis部署为例:
Let’s use this redis deployment as an example:
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis-deployment
namespace: default
labels:
app: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- image: redis
imagePullPolicy: Always
name: redis
ports:
- containerPort: 6379
protocol: TCP
创建一个文件 redis-deployment.yaml
并粘贴上面的内容.然后使用以下命令安装 redis 部署:
Create a file redis-deployment.yaml
and paste the contents above. Then install the redis deployment with the following command:
kubectl apply -f redis-deployment.yaml
接下来,我们需要创建一个可以将流量路由到我们的 Pod 的服务:
Next we need to create a service that can route traffic to our pods:
apiVersion: v1
kind: Service
metadata:
name: redis-service
namespace: default
spec:
selector:
app: redis
type: ClusterIP
ports:
- name: tcp-port
port: 6379
targetPort: 6379
protocol: TCP
创建一个文件 redis-service.yaml
并粘贴上面的内容.然后使用以下命令安装redis服务:
Create a file redis-service.yaml
and paste the contents above. Then install the redis service with the following command:
kubectl apply -f redis-service.yaml
要将 TCP 服务添加到 nginx 入口控制器,您可以运行以下命令:
To add a TCP service to the nginx ingress controller you can run the following command:
kubectl patch configmap tcp-services -n kube-system --patch '{"data":{"6379":"default/redis-service:6379"}}'
地点:
6379
:你的服务应该从 minikube 虚拟机外部监听的端口
6379
: the port your service should listen to from outside the minikube virtual machine
default
:您的服务安装在的命名空间
default
: the namespace that your service is installed in
redis-service
: 服务名称
我们可以使用以下命令验证我们的资源是否已打补丁:
We can verify that our resource was patched with the following command:
kubectl get configmap tcp-services -n kube-system -o yaml
我们应该看到这样的:
apiVersion: v1
data:
"6379": default/redis-service:6379
kind: ConfigMap
metadata:
creationTimestamp: "2019-10-01T16:19:57Z"
labels:
addonmanager.kubernetes.io/mode: EnsureExists
name: tcp-services
namespace: kube-system
resourceVersion: "2857"
selfLink: /api/v1/namespaces/kube-system/configmaps/tcp-services
uid: 4f7fac22-e467-11e9-b543-080027057910
您需要验证的唯一值是 data 属性下有一个如下所示的值:
The only value you need to validate is that there is a value under the data property that looks like this:
"6379": default/redis-service:6379
修补 ingress-nginx-controller
为了从外部集群获得连接,必须完成最后一步.我们需要修补我们的 nginx 控制器,以便它侦听端口 6379 并可以将流量路由到您的服务.为此,我们需要创建一个补丁文件.
There is one final step that must be done in order to obtain connectivity from the outside cluster. We need to patch our nginx controller so that it is listening on port 6379 and can route traffic to your service. To do this we need to create a patch file.
spec:
template:
spec:
containers:
- name: ingress-nginx-controller
ports:
- containerPort: 6379
hostPort: 6379
创建一个名为ingress-nginx-controller-patch.yaml
的文件并粘贴上面的内容.
Create a file called ingress-nginx-controller-patch.yaml
and paste the contents above.
接下来使用以下命令应用更改:
Next apply the changes with the following command:
kubectl patch deployment ingress-nginx-controller --patch "$(cat ingress-nginx-controller-patch.yaml)" -n kube-system
这篇关于使用 Ingress Nginx 控制器公开 Redis的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!