通过nginx-ingress做tcp\udp 4层网络转发

原创

chen1900s

发布于 2023-10-06 17:56:39

1.4K0

发布于 2023-10-06 17:56:39

文章被收录于专栏：TKE学习TKE学习

k8s集群通过nginx-ingress做tcp\udp 4层网络转发集群是TKE集群

1，检查nginx-ingress-controller的POD是否开启tcp\udp转发，TKE集群安装的nginx-ingress默认是开启的

      - args:
        - --tcp-services-configmap=kube-system/nginx-ingress-nginx-tcp
        - --udp-services-configmap=kube-system/nginx-ingress-nginx-udp

2，示例 kuard-demo.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: kuard
  namespace: nginx-ingress
spec:
  selector:
    matchLabels:
      app: kuard
  replicas: 1
  template:
    metadata:
      labels:
        app: kuard
    spec:
      containers:
      - image: gcr.tencentcloudcr.com/kuar-demo/kuard-amd64:blue
        imagePullPolicy: Always
        name: kuard
        ports:
        - containerPort: 8080
        
---
apiVersion: v1
kind: Service
metadata:
  name: kuard
  namespace: nginx-ingress
spec:
  ports:
  - port: 9527
    targetPort: 8080
    protocol: TCP
  selector:
    app: kuard

3，需要修改下configmap（命令行方式或者是控制台方式都可以）

kubectl  -n kube-system get cm  | grep nginx-ingress-nginx

nginx-ingress-nginx-controller                      9      133d
nginx-ingress-nginx-tcp                             0      133d
nginx-ingress-nginx-udp                             0      133d


# kubectl  -n kube-system edit  cm nginx-ingress-nginx-tcp

[root@VM-0-17-tlinux ~]# kubectl  -n kube-system get  cm nginx-ingress-nginx-tcp -o yaml
apiVersion: v1
data:                                   #TKE默认没有data
  "9527": nginx-ingress/kuard:9527      #添加这个配置 命名空间/服务名称：端口
kind: ConfigMap
metadata:
  labels:
    k8s-app: nginx-ingress-nginx-tcp
    qcloud-app: nginx-ingress-nginx-tcp
  name: nginx-ingress-nginx-tcp
  namespace: kube-system

进入nginx-ingress容器查看TCP services处会出现对应的负载配置

# kubectl  -n kube-system  exec -it nginx-ingress-nginx-controller-5ddf7ccc4f-v4pzp -- /bin/sh

vi  nginx.conf  镜像过滤

 
 
 # TCP services            
                                  
        server {
                preread_by_lua_block {
                        ngx.var.proxy_upstream_name="tcp-nginx-ingress-kuard-9527";
                }                                 

                listen                  9527;
                                                          
                listen                  [::]:9527;
                                             
                proxy_timeout           600s;  
                proxy_pass              upstream_balancer;
                                               
        }

4，编辑nginx-ingress-nginx-controller svc 添加对应端口

服务与路由>service>找到对应nginx-ingress-controller的service> 更新转发配置，在原有基础上进行添加转发配置

或者通过编辑nginx-ingress-nginx-controller svc对应的yaml文件

apiVersion: v1
kind: Service
metadata:
  annotations:
    service.cloud.tencent.com/direct-access: "false"
  labels:
    k8s-app: nginx-ingress-nginx-controller
    qcloud-app: nginx-ingress-nginx-controller
  name: nginx-ingress-nginx-controller
  namespace: kube-system
spec:
  clusterIP: 172.18.248.35
  externalTrafficPolicy: Cluster
  ports:
  - name: 80-80-tcp
    nodePort: 31899
    port: 80
    protocol: TCP
    targetPort: 80
  - name: 443-443-tcp
    nodePort: 32534
    port: 443
    protocol: TCP
    targetPort: 443
  - name: 9527-9527-tcp-5q8prs0zx68     #增加转发配置，端口替换成自己服务的端口
    nodePort: 32677
    port: 9527
    protocol: TCP
    targetPort: 9527
  selector:
    k8s-app: nginx-ingress-nginx-controller
    qcloud-app: nginx-ingress-nginx-controller
  sessionAffinity: None
  type: LoadBalancer

4，然后通过nginx-ingress-nginx-controller 的svc clb访问

[root@VM-0-17-tlinux ~]# kubectl  -n kube-system  get svc   | grep  nginx-ingress-nginx-controller
nginx-ingress-nginx-controller                     LoadBalancer   172.18.248.35    118.24.224.251   80:31899/TCP,443:32534/TCP     3m3s
nginx-ingress-nginx-controller-admission           ClusterIP      172.18.251.207   <none>           443/TCP                        133d