除了 80 / 443 之外,我可以为 Kubernetes ingress 设置自定义端口来监听吗?
Can I set custom ports for a Kubernetes ingress to listen on besides 80 / 443?
我不是说能够路由到特定端口,我的意思是实际更改入口侦听的端口。
这可能吗?如何?这记录在哪里?
没有。来自 kubernetes documentation:
An Ingress does not expose arbitrary ports or protocols. Exposing services other than HTTP and HTTPS to the internet typically uses a service of type Service.Type=NodePort or Service.Type=LoadBalancer.
可以在 AWS 等云提供商上自定义 LoadBalancer 以侦听其他端口。
我假设您正在使用 NGINX Ingress Controller. In this case, during installation, instead of doing a kubectl apply in the official yaml like this is one,您可以尝试下载 yaml 并更改端口。上面的文件,用于 L4 AWS ELB,将变成这样:
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- port: {custom port 1}
targetPort: http
- port: {custom port 2}
targetPort: https
另一种方法是使用更强大的入口控制器。
Here is a list 个不同的控制器。
我个人的选择是Ambassador。如果您关注 getting-started 页面,您只需更改您选择的端口的服务定义:
---
apiVersion: v1
kind: Service
metadata:
name: ambassador
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- port: {custom port}
targetPort: 8080
selector:
service: ambassador
与之关联的 Ingress definition is backed by an ingress controller. The ingress controller is deployed with normal Kubernetes objects so will have a Service 公开入口控制器的端口。
kubernetes/ingress-nginx static deploys 有一个 deploy.yaml 服务类型 LoadBalancer:
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
externalTrafficPolicy: Local
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https
在外部服务 spec.ports[*].port 中修改负载均衡器配置的端口,但是已部署。
我不是说能够路由到特定端口,我的意思是实际更改入口侦听的端口。
这可能吗?如何?这记录在哪里?
没有。来自 kubernetes documentation:
An Ingress does not expose arbitrary ports or protocols. Exposing services other than HTTP and HTTPS to the internet typically uses a service of type Service.Type=NodePort or Service.Type=LoadBalancer.
可以在 AWS 等云提供商上自定义 LoadBalancer 以侦听其他端口。
我假设您正在使用 NGINX Ingress Controller. In this case, during installation, instead of doing a kubectl apply in the official yaml like this is one,您可以尝试下载 yaml 并更改端口。上面的文件,用于 L4 AWS ELB,将变成这样:
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- port: {custom port 1}
targetPort: http
- port: {custom port 2}
targetPort: https
另一种方法是使用更强大的入口控制器。 Here is a list 个不同的控制器。 我个人的选择是Ambassador。如果您关注 getting-started 页面,您只需更改您选择的端口的服务定义:
---
apiVersion: v1
kind: Service
metadata:
name: ambassador
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- port: {custom port}
targetPort: 8080
selector:
service: ambassador
与之关联的 Ingress definition is backed by an ingress controller. The ingress controller is deployed with normal Kubernetes objects so will have a Service 公开入口控制器的端口。
kubernetes/ingress-nginx static deploys 有一个 deploy.yaml 服务类型 LoadBalancer:
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
externalTrafficPolicy: Local
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https
在外部服务 spec.ports[*].port 中修改负载均衡器配置的端口,但是已部署。