检查nginx-ingress是否开启tcpudp转发
1
2
3
4
5
6
7
8
|
[root@k8s-master k8s-ingress]# kubectl get ds -n ingress-nginx -o yaml
...
- args:
...
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
...
...
|
示例
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat1
spec:
selector:
matchLabels:
app: test
replicas: 1
template:
metadata:
labels:
app: test
spec:
containers:
- image: tomcat
imagePullPolicy: Always
name: tomcat1
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: tomcat1
spec:
ports:
- port: 9527
targetPort: 8080
protocol: TCP
selector:
app: test
|
配置转发的configmap
1
2
3
4
5
|
[root@k8s-master k8s-ingress]# kubectl get cm -n ingress-nginx
NAME DATA AGE
...
tcp-services 1 358d
udp-services 0 358d
|
tcp-services.yaml
1
2
3
4
5
6
7
|
apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: ingress-nginx
data:
9527: "default/tomcat1:9527"
|
进入nginx-ingress容器查看TCP services处会发现对应的负载均衡配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
# TCP services
server {
preread_by_lua_block {
ngx.var.proxy_upstream_name="tcp-default-tomcat1-9527";
}
listen 9527;
proxy_timeout 600s;
proxy_pass upstream_balancer;
}
# UDP services
|
最后通过ingress的节点ip:9527就能访问此服务了。
用途
可以使用这个来代理kubernetes集群内的coredns,使公司内网开发的时候集群外也能通过集群内的fqdn访问到服务。
思路:
- 通过上面配置将tcp udp 53端口反向代理到coredns
- 配置内网dns,使用dnsmasq可以配置只要是 cluster.local 结尾的域名全部转到dns服务器(ingress ip,因为此时的ingress充当这台dns服务器)
配置方法如下:
server=/cluster.local/ingress_ip
- 配置内网网关路由的静态路由,将目标kubernetes内的service网段的下一跳地址,指向k8s集群的任意机器即可