Docker 桌面 + k8s 加上 https 代理多个外部端口到部署中的 http 上的 Pod? [英] Docker Desktop + k8s plus https proxy multiple external ports to pods on http in deployment?

问题描述

我正在尝试做一件我认为很简单的事情.我需要 https://localhost:44301, https://localhost:5002, https://localhost:5003 到在 docker 桌面的 k8s 环境中被监听，并使用我指定的 pfx 文件/密码进行代理，并通过端口将其转发到监听特定地址的 Pod(可能是端口 80，无所谓)

文档看起来很复杂，看起来应该是直截了当的.我可以让 pod 运行，我可以使用 kubectl port-forward 并且它们工作正常，但我无法弄清楚如何以有意义的方式使用 ha-proxy 或 nginx 或其他任何方式来使用 ingress.

有人可以做一个 ELI5 来告诉我如何打开它吗?我在 Windows 10 2004 上使用 WSL2 和 Docker 实验性，所以我应该可以访问他们在文档中引用的入口内容，并把它们说清楚.

谢谢！

解决方案

正如评论中所讨论的，这是一个社区 wiki 答案:

<小时>

我已经成功地在 Windows 的 Docker 上的 Kubernetes 中创建了 Ingress 资源.

重现步骤:

• 启用 Hyper-V
• 为 Windows 安装 Docker 并启用 Kubernetes
• 连接 kubectl
• 启用入口
• 创建部署
• 创建服务
• 创建入口资源
• 将主机添加到本地主机文件中
• 测试

启用 Hyper-V

从具有管理员访问权限的 Powershell 运行以下命令:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All

系统可能会要求您重新启动机器.

为 Windows 安装 Docker 并启用 Kubernetes

使用所有默认选项安装 Docker 应用程序并启用 Kubernetes

连接 kubectl

安装 kubectl .

启用入口

运行此命令:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml

确保没有其他服务正在使用端口 80

重启你的机器.在以管理员身份运行的 cmd 提示符下，执行以下操作:网络停止http使用 services.msc

停止列出的服务

使用:netstat -a -n -o -b 并检查侦听端口 80 的其他进程.

创建部署

下面是一个简单的部署，使用 pod 来响应请求:

apiVersion: apps/v1种类:部署元数据:姓名:你好规格:选择器:匹配标签:应用程序:你好版本:2.0.0复制品:3模板:元数据:标签:应用程序:你好版本:2.0.0规格:容器:- 姓名:你好图片:gcr.io/google-samples/hello-app:2.0"环境:- 名称:港口"值:50001"

通过运行命令应用它:

$ kubectl apply -f file_name.yaml

创建服务

要使 Pod 能够与它们通信，您需要创建一个服务.

示例如下:

apiVersion: v1种类:服务元数据:名称:你好服务规格:类型:节点端口选择器:应用程序:你好版本:2.0.0端口:- 名称:http协议:TCP端口:80目标端口:50001

通过运行命令应用此服务定义:

$ kubectl apply -f file_name.yaml

创建 Ingress 资源

下面是使用上面创建的服务的简单 Ingress 资源:

apiVersion: extensions/v1beta1种类:入口元数据:名称:hello-ingress规格:规则:- 主机:kubernetes.docker.internal网址:路径:- 小路:/后端:服务名称:你好服务服务端口:http

看看:

规范:规则:- 主机:hello-test.internal

hello-test.internal 将用作 hostname 以连接到您的 Pod.

通过调用命令来应用您的 Ingress 资源:

$ kubectl apply -f file_name.yaml

将主机添加到本地主机文件

我发现这个 Github 链接 可以让你连接到你的 Ingresshostname 的资源.

为了实现这一点，在您的 C:WindowsSystem32driversetchosts 文件中添加一行 127.0.0.1 hello-test.internal 并保存它.您将需要管理员权限才能执行此操作.

最新版本的 Docker Desktop for Windows 已经添加了一个 hosts 文件条目:127.0.0.1 kubernetes.docker.internal

测试

调用命令显示Ingress资源信息:kubectl 获取入口

它应该显示:

NAME 主机地址 PORTS AGEhello-ingress hello-test.internal localhost 80 6m2s

现在您可以通过打开 Web 浏览器并输入

来访问您的 Ingress 资源

http://kubernetes.docker.internal/

浏览器应该输出:

你好，世界！版本:2.0.0主机名:hello-84d554cbdf-2lr76

Hostname: hello-84d554cbdf-2lr76 是响应的 pod 的名称.

如果此解决方案不起作用，请使用以下命令检查连接:netstat -a -n -o(具有管理员权限)如果没有使用端口 80.

<小时>

I'm trying to do a straight up thing that I would think is simple. I need to have https://localhost:44301, https://localhost:5002, https://localhost:5003 to be listened to in my k8s environment in docker desktop, and be proxied using a pfx file/password that I specify and have it forward by the port to pods listening on specific addresses (could be port 80, doesn't matter)

The documentation is mind numbingly complex for what looks like it should be straight forward. I can get the pods running, I can use kubectl port-forward and they work fine, but I can't figure out how to get ingress working with ha-proxy or nginx or anything else in a way that makes any sense.

Can someone do an ELI5 telling me how to turn this on? I'm on Windows 10 2004 with WSL2 and Docker experimental so I should have access to the ingress stuff they reference in the docs and make clear as mud.

Thanks!

解决方案

As discussed in the comments this is a community wiki answer:

---

I have managed to create Ingress resource in Kubernetes on Docker in Windows.

Steps to reproduce:

• Enable Hyper-V
• Install Docker for Windows and enable Kubernetes
• Connect kubectl
• Enable Ingress
• Create deployment
• Create service
• Create ingress resource
• Add host into local hosts file
• Test

Enable Hyper-V

From Powershell with administrator access run below command:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All

System could ask you to reboot your machine.

Install Docker for Windows and enable Kubernetes

Install Docker application with all the default options and enable Kubernetes

Connect kubectl

Install kubectl .

Enable Ingress

Run this commands:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml

Edit: Make sure no other service is using port 80

Restart your machine. From a cmd prompt running as admin, do: net stop http Stop the listed services using services.msc

Use: netstat -a -n -o -b and check for other processes listening on port 80.

Create deployment

Below is simple deployment with pods that will reply to requests:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello
spec:
  selector:
    matchLabels:
      app: hello
      version: 2.0.0
  replicas: 3
  template:
    metadata:
      labels:
        app: hello
        version: 2.0.0
    spec:
      containers:
      - name: hello
        image: "gcr.io/google-samples/hello-app:2.0"
        env:
        - name: "PORT"
          value: "50001"

Apply it by running command:

$ kubectl apply -f file_name.yaml

Create service

For pods to be able for you to communicate with them you need to create a service.

Example below:

apiVersion: v1
kind: Service
metadata:
  name: hello-service
spec:
  type: NodePort
  selector:
    app: hello
    version: 2.0.0
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 50001

Apply this service definition by running command:

$ kubectl apply -f file_name.yaml

Create Ingress resource

Below is simple Ingress resource using service created above:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: hello-ingress 
spec:
  rules:
  - host: kubernetes.docker.internal
    http:
      paths:
      - path: /
        backend:
          serviceName: hello-service 
          servicePort: http

Take a look at:

spec:
  rules:
  - host: hello-test.internal 

hello-test.internal will be used as the hostname to connect to your pods.

Apply your Ingress resource by invoking command:

$ kubectl apply -f file_name.yaml

Add host into local hosts file

I found this Github link that will allow you to connect to your Ingress resource by hostname.

To achieve that add a line 127.0.0.1 hello-test.internal to your C:WindowsSystem32driversetchosts file and save it. You will need Administrator privileges to do that.

Edit: The newest version of Docker Desktop for Windows already adds a hosts file entry: 127.0.0.1 kubernetes.docker.internal

Test

Display the information about Ingress resources by invoking command: kubectl get ingress

It should show:

NAME            HOSTS                 ADDRESS     PORTS   AGE
hello-ingress   hello-test.internal   localhost   80      6m2s

Now you can access your Ingress resource by opening your web browser and typing

http://kubernetes.docker.internal/

The browser should output:

Hello, world!
Version: 2.0.0
Hostname: hello-84d554cbdf-2lr76

Hostname: hello-84d554cbdf-2lr76 is the name of the pod that replied.

If this solution is not working please check connections with the command: netstat -a -n -o (with Administrator privileges) if something is not using port 80.

---

这篇关于Docker 桌面 + k8s 加上 https 代理多个外部端口到部署中的 http 上的 Pod?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！