使用 Ingress Nginx 控制器公开 Redis [英] Exposing Redis with Ingress Nginx Controller

问题描述

您好，当我使用节点端口公开我的 redis 服务时，它工作正常.我可以访问它.但是，如果我尝试切换到 Ingress Nginx 控制器，它会拒绝连接.. 其他应用程序在 Ingress 中运行良好.

Hello when I use node port to expose my redis service it works fine. I am able to access it. But if I try switch to Ingress Nginx controller it refuse to connect.. Other apps work fine with ingress.

这是我的服务:

apiVersion: v1
kind: Service
metadata:
  name: redis-svc
spec:
#  type: NodePort
  ports:
    - name: http
      port: 6379
      targetPort: 6379
      protocol: TCP
#      nodePort: 30007
  selector:
    app: redis

这里是入口:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: redis-ing
  annotations:
     kubernetes.io/ingress.class: "nginx"
     ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
     cert-manager.io/cluster-issuer: "letsencrypt-prod"
    #  nginx.ingress.kubernetes.io/enable-cors: "true"
    #  nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
    #  nginx.ingress.kubernetes.io/cors-allow-origin: "https://test.hefest.io"
    #  nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
spec:
  tls:
  - secretName: letsencrypt-prod
    hosts:
      - redis-dev.domain.com
  rules:
  - host: redis-dev.domain.com
    http:
      paths:
      - path: /
        backend:
          serviceName: redis-svc
          servicePort: 6379

知道什么是问题吗?

我正在使用这个入口控制器:https://github.com/nginxinc/kubernetes-ingress

I am using this ingress controller: https://github.com/nginxinc/kubernetes-ingress

推荐答案

Redis 在非 HTTP 端口 (80,443) 的 6379 上工作.所以你需要启用TCP/UDP 支持 在 nginx 入口控制器中.minikube 文档 此处 展示了如何为 redis 执行此操作.

Redis works on 6379 which is non HTTP port(80,443). So you need to enable TCP/UDP support in nginx ingress controller. The minikube docs here shows how to do it for redis.

更新 TCP 和/或 UDP 服务配置映射

从使用入口 nginx 控制器配置 TCP 和 UDP 服务的教程中借用我们需要编辑启用 minikube 入口插件时默认安装的配置映射.

Borrowing from the tutorial on configuring TCP and UDP services with the ingress nginx controller we will need to edit the configmap which is installed by default when enabling the minikube ingress addon.

有 2 个配置映射，1 个用于 TCP 服务，1 个用于 UDP 服务.默认情况下，它们看起来像这样:

There are 2 configmaps, 1 for TCP services and 1 for UDP services. By default they look like this:

apiVersion: v1
kind: ConfigMap
metadata:
  name: tcp-services
  namespace: ingress-nginx
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: udp-services
  namespace: ingress-nginx

由于这些配置映射是集中式的并且可能包含配置，我们最好只修补它们而不是完全覆盖它们.

Since these configmaps are centralized and may contain configurations, it is best if we only patch them rather than completely overwrite them.

我们以这个redis部署为例:

Let’s use this redis deployment as an example:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: redis-deployment
  namespace: default
  labels:
    app: redis
spec:
  replicas: 1
  selector:
    matchLabels:
      app: redis
  template:
    metadata:
      labels:
        app: redis
    spec:
      containers:
      - image: redis
        imagePullPolicy: Always
        name: redis
        ports:
        - containerPort: 6379
          protocol: TCP

创建一个文件 redis-deployment.yaml 并粘贴上面的内容.然后使用以下命令安装 redis 部署:

Create a file redis-deployment.yaml and paste the contents above. Then install the redis deployment with the following command:

kubectl apply -f redis-deployment.yaml

接下来，我们需要创建一个可以将流量路由到我们的 Pod 的服务:

Next we need to create a service that can route traffic to our pods:

apiVersion: v1
kind: Service
metadata:
  name: redis-service
  namespace: default
spec:
  selector:
    app: redis
  type: ClusterIP
  ports:
    - name: tcp-port
      port: 6379
      targetPort: 6379
      protocol: TCP

创建一个文件 redis-service.yaml 并粘贴上面的内容.然后使用以下命令安装redis服务:

Create a file redis-service.yaml and paste the contents above. Then install the redis service with the following command:

kubectl apply -f redis-service.yaml

要将 TCP 服务添加到 nginx 入口控制器，您可以运行以下命令:

To add a TCP service to the nginx ingress controller you can run the following command:

kubectl patch configmap tcp-services -n kube-system --patch '{"data":{"6379":"default/redis-service:6379"}}'

地点:

6379 :你的服务应该从 minikube 虚拟机外部监听的端口

6379 : the port your service should listen to from outside the minikube virtual machine

default :您的服务安装在的命名空间

default : the namespace that your service is installed in

redis-service : 服务名称

我们可以使用以下命令验证我们的资源是否已打补丁:

We can verify that our resource was patched with the following command:

kubectl get configmap tcp-services -n kube-system -o yaml

我们应该看到这样的:

apiVersion: v1
data:
  "6379": default/redis-service:6379
kind: ConfigMap
metadata:
  creationTimestamp: "2019-10-01T16:19:57Z"
  labels:
    addonmanager.kubernetes.io/mode: EnsureExists
  name: tcp-services
  namespace: kube-system
  resourceVersion: "2857"
  selfLink: /api/v1/namespaces/kube-system/configmaps/tcp-services
  uid: 4f7fac22-e467-11e9-b543-080027057910

您需要验证的唯一值是 data 属性下有一个如下所示的值:

The only value you need to validate is that there is a value under the data property that looks like this:

"6379": default/redis-service:6379

修补 ingress-nginx-controller

为了从外部集群获得连接，必须完成最后一步.我们需要修补我们的 nginx 控制器，以便它侦听端口 6379 并可以将流量路由到您的服务.为此，我们需要创建一个补丁文件.

There is one final step that must be done in order to obtain connectivity from the outside cluster. We need to patch our nginx controller so that it is listening on port 6379 and can route traffic to your service. To do this we need to create a patch file.

spec:
  template:
    spec:
      containers:
      - name: ingress-nginx-controller
        ports:
         - containerPort: 6379
           hostPort: 6379

创建一个名为ingress-nginx-controller-patch.yaml的文件并粘贴上面的内容.

Create a file called ingress-nginx-controller-patch.yaml and paste the contents above.

接下来使用以下命令应用更改:

Next apply the changes with the following command:

kubectl patch deployment ingress-nginx-controller --patch "$(cat ingress-nginx-controller-patch.yaml)" -n kube-system

这篇关于使用 Ingress Nginx 控制器公开 Redis的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！