k8s集群通过nginx-ingress做tcpudp 4层网络转发 集群是TKE集群
1,检查nginx-ingress-controller的POD是否开启tcpudp转发,TKE集群安装的nginx-ingress默认是开启的
代码语言:javascript复制 - args:
- --tcp-services-configmap=kube-system/nginx-ingress-nginx-tcp
- --udp-services-configmap=kube-system/nginx-ingress-nginx-udp2,示例 kuard-demo.yaml
代码语言:yaml复制apiVersion: apps/v1
kind: Deployment
metadata:
name: kuard
namespace: nginx-ingress
spec:
selector:
matchLabels:
app: kuard
replicas: 1
template:
metadata:
labels:
app: kuard
spec:
containers:
- image: gcr.tencentcloudcr.com/kuar-demo/kuard-amd64:blue
imagePullPolicy: Always
name: kuard
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: kuard
namespace: nginx-ingress
spec:
ports:
- port: 9527
targetPort: 8080
protocol: TCP
selector:
app: kuard3,需要修改下configmap(命令行方式 或者是控制台方式都可以)
代码语言:javascript复制kubectl -n kube-system get cm | grep nginx-ingress-nginx
nginx-ingress-nginx-controller 9 133d
nginx-ingress-nginx-tcp 0 133d
nginx-ingress-nginx-udp 0 133d
# kubectl -n kube-system edit cm nginx-ingress-nginx-tcp
[root@VM-0-17-tlinux ~]# kubectl -n kube-system get cm nginx-ingress-nginx-tcp -o yaml
apiVersion: v1
data: #TKE默认没有data
"9527": nginx-ingress/kuard:9527 #添加这个配置 命名空间/服务名称:端口
kind: ConfigMap
metadata:
labels:
k8s-app: nginx-ingress-nginx-tcp
qcloud-app: nginx-ingress-nginx-tcp
name: nginx-ingress-nginx-tcp
namespace: kube-system进入nginx-ingress容器查看TCP services处会出现对应的负载配置
代码语言:javascript复制# kubectl -n kube-system exec -it nginx-ingress-nginx-controller-5ddf7ccc4f-v4pzp -- /bin/sh
vi nginx.conf 镜像过滤
# TCP services
server {
preread_by_lua_block {
ngx.var.proxy_upstream_name="tcp-nginx-ingress-kuard-9527";
}
listen 9527;
listen [::]:9527;
proxy_timeout 600s;
proxy_pass upstream_balancer;
}4,编辑nginx-ingress-nginx-controller svc 添加对应端口
服务与路由>service>找到对应nginx-ingress-controller的service> 更新转发配置,在原有基础上进行添加转发配置
nginx-ingress-controller的service或者通过编辑nginx-ingress-nginx-controller svc对应的yaml文件
代码语言:javascript复制apiVersion: v1
kind: Service
metadata:
annotations:
service.cloud.tencent.com/direct-access: "false"
labels:
k8s-app: nginx-ingress-nginx-controller
qcloud-app: nginx-ingress-nginx-controller
name: nginx-ingress-nginx-controller
namespace: kube-system
spec:
clusterIP: 172.18.248.35
externalTrafficPolicy: Cluster
ports:
- name: 80-80-tcp
nodePort: 31899
port: 80
protocol: TCP
targetPort: 80
- name: 443-443-tcp
nodePort: 32534
port: 443
protocol: TCP
targetPort: 443
- name: 9527-9527-tcp-5q8prs0zx68 #增加转发配置,端口替换成自己服务的端口
nodePort: 32677
port: 9527
protocol: TCP
targetPort: 9527
selector:
k8s-app: nginx-ingress-nginx-controller
qcloud-app: nginx-ingress-nginx-controller
sessionAffinity: None
type: LoadBalancer
4,然后通过nginx-ingress-nginx-controller 的svc clb访问
代码语言:javascript复制[root@VM-0-17-tlinux ~]# kubectl -n kube-system get svc | grep nginx-ingress-nginx-controller
nginx-ingress-nginx-controller LoadBalancer 172.18.248.35 118.24.224.251 80:31899/TCP,443:32534/TCP 3m3s
nginx-ingress-nginx-controller-admission ClusterIP 172.18.251.207 <none> 443/TCP 133d
参考文档:https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/
