Docker 桌面 + k8s 加上 https 代理多个外部端口到部署中的 http 上的 Pod? [英] Docker Desktop + k8s plus https proxy multiple external ports to pods on http in deployment?
问题描述
我正在尝试做一件我认为很简单的事情.我需要 https://localhost:44301, https://localhost:5002, https://localhost:5003 到在 docker 桌面的 k8s 环境中被监听,并使用我指定的 pfx 文件/密码进行代理,并通过端口将其转发到监听特定地址的 Pod(可能是端口 80,无所谓)
文档看起来很复杂,看起来应该是直截了当的.我可以让 pod 运行,我可以使用 kubectl port-forward 并且它们工作正常,但我无法弄清楚如何以有意义的方式使用 ha-proxy 或 nginx 或其他任何方式来使用 ingress.>
有人可以做一个 ELI5 来告诉我如何打开它吗?我在 Windows 10 2004 上使用 WSL2 和 Docker 实验性,所以我应该可以访问他们在文档中引用的入口内容,并把它们说清楚.
谢谢!
正如评论中所讨论的,这是一个社区 wiki 答案:
<小时>我已经成功地在 Windows 的 Docker 上的 Kubernetes 中创建了 Ingress 资源.
重现步骤:
- 启用 Hyper-V
- 为 Windows 安装 Docker 并启用 Kubernetes
- 连接 kubectl
- 启用入口
- 创建部署
- 创建服务
- 创建入口资源
- 将主机添加到本地主机文件中
- 测试
启用 Hyper-V
从具有管理员访问权限的 Powershell 运行以下命令:
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
系统可能会要求您重新启动机器.
为 Windows 安装 Docker 并启用 Kubernetes
使用所有默认选项安装 Docker 应用程序并启用 Kubernetes
连接 kubectl
安装 kubectl .
启用入口
运行此命令:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
确保没有其他服务正在使用端口 80
重启你的机器.在以管理员身份运行的 cmd
提示符下,执行以下操作:网络停止http
使用 services.msc
使用:netstat -a -n -o -b
并检查侦听端口 80 的其他进程.
创建部署
下面是一个简单的部署,使用 pod 来响应请求:
apiVersion: apps/v1种类:部署元数据:姓名:你好规格:选择器:匹配标签:应用程序:你好版本:2.0.0复制品:3模板:元数据:标签:应用程序:你好版本:2.0.0规格:容器:- 姓名:你好图片:gcr.io/google-samples/hello-app:2.0"环境:- 名称:港口"值:50001"
通过运行命令应用它:
$ kubectl apply -f file_name.yaml
创建服务
要使 Pod 能够与它们通信,您需要创建一个服务.
示例如下:
apiVersion: v1种类:服务元数据:名称:你好服务规格:类型:节点端口选择器:应用程序:你好版本:2.0.0端口:- 名称:http协议:TCP端口:80目标端口:50001
通过运行命令应用此服务定义:
$ kubectl apply -f file_name.yaml
创建 Ingress 资源
下面是使用上面创建的服务的简单 Ingress 资源:
apiVersion: extensions/v1beta1种类:入口元数据:名称:hello-ingress规格:规则:- 主机:kubernetes.docker.internal网址:路径:- 小路:/后端:服务名称:你好服务服务端口:http
看看:
规范:规则:- 主机:hello-test.internal
hello-test.internal
将用作 hostname
以连接到您的 Pod.
通过调用命令来应用您的 Ingress 资源:
$ kubectl apply -f file_name.yaml
将主机添加到本地主机文件
我发现这个 Github 链接 可以让你连接到你的 Ingresshostname
的资源.
为了实现这一点,在您的 C:WindowsSystem32driversetchosts
文件中添加一行 127.0.0.1 hello-test.internal
并保存它.您将需要管理员权限才能执行此操作.
最新版本的 Docker Desktop for Windows 已经添加了一个 hosts 文件条目:127.0.0.1 kubernetes.docker.internal
测试
调用命令显示Ingress资源信息:kubectl 获取入口
它应该显示:
NAME 主机地址 PORTS AGEhello-ingress hello-test.internal localhost 80 6m2s
现在您可以通过打开 Web 浏览器并输入
来访问您的 Ingress 资源http://kubernetes.docker.internal/
浏览器应该输出:
你好,世界!版本:2.0.0主机名:hello-84d554cbdf-2lr76
Hostname: hello-84d554cbdf-2lr76
是响应的 pod 的名称.
如果此解决方案不起作用,请使用以下命令检查连接:netstat -a -n -o
(具有管理员权限)如果没有使用端口 80.
I'm trying to do a straight up thing that I would think is simple. I need to have https://localhost:44301, https://localhost:5002, https://localhost:5003 to be listened to in my k8s environment in docker desktop, and be proxied using a pfx file/password that I specify and have it forward by the port to pods listening on specific addresses (could be port 80, doesn't matter)
The documentation is mind numbingly complex for what looks like it should be straight forward. I can get the pods running, I can use kubectl port-forward and they work fine, but I can't figure out how to get ingress working with ha-proxy or nginx or anything else in a way that makes any sense.
Can someone do an ELI5 telling me how to turn this on? I'm on Windows 10 2004 with WSL2 and Docker experimental so I should have access to the ingress stuff they reference in the docs and make clear as mud.
Thanks!
As discussed in the comments this is a community wiki answer:
I have managed to create Ingress resource in Kubernetes on Docker in Windows.
Steps to reproduce:
- Enable Hyper-V
- Install Docker for Windows and enable Kubernetes
- Connect kubectl
- Enable Ingress
- Create deployment
- Create service
- Create ingress resource
- Add host into local hosts file
- Test
Enable Hyper-V
From Powershell with administrator access run below command:
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
System could ask you to reboot your machine.
Install Docker for Windows and enable Kubernetes
Install Docker application with all the default options and enable Kubernetes
Connect kubectl
Install kubectl .
Enable Ingress
Run this commands:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud-generic.yaml
Edit: Make sure no other service is using port 80
Restart your machine. From a cmd
prompt running as admin, do:
net stop http
Stop the listed services using services.msc
Use: netstat -a -n -o -b
and check for other processes listening on port 80.
Create deployment
Below is simple deployment with pods that will reply to requests:
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello
spec:
selector:
matchLabels:
app: hello
version: 2.0.0
replicas: 3
template:
metadata:
labels:
app: hello
version: 2.0.0
spec:
containers:
- name: hello
image: "gcr.io/google-samples/hello-app:2.0"
env:
- name: "PORT"
value: "50001"
Apply it by running command:
$ kubectl apply -f file_name.yaml
Create service
For pods to be able for you to communicate with them you need to create a service.
Example below:
apiVersion: v1
kind: Service
metadata:
name: hello-service
spec:
type: NodePort
selector:
app: hello
version: 2.0.0
ports:
- name: http
protocol: TCP
port: 80
targetPort: 50001
Apply this service definition by running command:
$ kubectl apply -f file_name.yaml
Create Ingress resource
Below is simple Ingress resource using service created above:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: hello-ingress
spec:
rules:
- host: kubernetes.docker.internal
http:
paths:
- path: /
backend:
serviceName: hello-service
servicePort: http
Take a look at:
spec:
rules:
- host: hello-test.internal
hello-test.internal
will be used as the hostname
to connect to your pods.
Apply your Ingress resource by invoking command:
$ kubectl apply -f file_name.yaml
Add host into local hosts file
I found this Github link that will allow you to connect to your Ingress resource by hostname
.
To achieve that add a line 127.0.0.1 hello-test.internal
to your C:WindowsSystem32driversetchosts
file and save it.
You will need Administrator privileges to do that.
Edit: The newest version of Docker Desktop for Windows already adds a hosts file entry:
127.0.0.1 kubernetes.docker.internal
Test
Display the information about Ingress resources by invoking command:
kubectl get ingress
It should show:
NAME HOSTS ADDRESS PORTS AGE
hello-ingress hello-test.internal localhost 80 6m2s
Now you can access your Ingress resource by opening your web browser and typing
http://kubernetes.docker.internal/
The browser should output:
Hello, world!
Version: 2.0.0
Hostname: hello-84d554cbdf-2lr76
Hostname: hello-84d554cbdf-2lr76
is the name of the pod that replied.
If this solution is not working please check connections with the command:
netstat -a -n -o
(with Administrator privileges) if something is not using port 80.
这篇关于Docker 桌面 + k8s 加上 https 代理多个外部端口到部署中的 http 上的 Pod?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!