ingress-nginx导出TCP端口
helm upgrade ingress-nginx ingress-nginx/ingress-nginx -n ingress-nginx \
--values values.yaml \
--set tcp.26379="develop/redis-cluster:6379" --debug
-
整体流程大概是这样子的
- SVC(NodePort:30009映射到后台26379端口,26379端口转发到26379-tcp)
- DaemonSet/ingress-nginx-controller(26379-tcp转到controller容器的端口containerPort: 26379)
- ingress-nginx-controller容器中有nginx,nginx监听26379端口
- 从configMap中取的26379端口要转发的地址
- develop/redis-cluster:6379
- 用户请求流程
- 访问30009NodePort端口
- 映射到26379端口
- ingress-nginx-controller中的nginx监听26379端口
- 将26379端口转发至develop/redis-cluster:6379
-
添加configMap
vi configMap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: ingress-nginx
data:
26379: "develop/redis-cluster:6379" #从26379的TCP端口转发到Redis集群的6379端口,至于nodePort是哪个还未定
kubectl apply -f configMap.yaml -n ingress-nginx
也可以自己配置SVC
编辑service, 即ClusterIP
kubectl edit svc -n ingress-nginx ingress-nginx-controller
- name: 26379-tcp #配置一个新的TCP端口,取名为26379-tcp
nodePort: 30009 #导出对外的端口
port: 26379 #监听26379端口
protocol: TCP
targetPort: 26379-tcp #转发到ds上的26379-tcp端口
配置DaemonSet
- ingress-nginx-controller pod实际是Controlled By: DaemonSet/ingress-nginx-controller
- 修改DaemonSet/ingress-nginx-controller
- 将svc上监听到的26379端口转发到DaemonSet/ingress-nginx-controller上
- DaemonSet/ingress-nginx-controller连接到ingress-nginx-controller对应的pod容器的26379端口上
kubectl edit ds -n ingress-nginx ingress-nginx-controller
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
- containerPort: 8443
name: webhook
protocol: TCP
- containerPort: 26379
name: 26379-tcp
protocol: TCP
#查看SVC,已经有了26379端口,并绑定了nodePort端口30009
[root@k8s-master01 ingress-nginx]# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.99.163.44 <pending> 80:31268/TCP,443:31052/TCP,26379:30009/TCP 3d11h
ingress-nginx-controller-admission ClusterIP 10.100.131.12 <none> 443/TCP
查看nginx.conf代理配置
- kubectl exec -it ingress-nginx-controller-lkzzh /bin/sh -n ingress-nginx
- /etc/nginx
- $ ls -l
- cat nginx.conf
- 监听26379端口,应该是configMap中的data的26379
- 从configMap中取出26379端口要转发的地址
- 转发到tcp-develop-redis-cluster-6379
# TCP services
server {
preread_by_lua_block {
ngx.var.proxy_upstream_name="tcp-develop-redis-cluster-6379";
}
listen 26379;
listen [::]:26379;
proxy_timeout 600s;
proxy_next_upstream on;
proxy_next_upstream_timeout 600s;
proxy_next_upstream_tries 3;
proxy_pass upstream_balancer;
}
测试
- telnet可以通过
- telnet 192.168.221.131 30009