Kubernetes pod ip 暴露
2023-12-22 07:57:31
1. k8s pod 和 service 网络暴露
- 借助
iptables的路由转发功能,打通k8s集群内的pod和service网络,与外部网络联通
# 查看集群的 pod 网段和 service 网段
kubectl -n kube-system describe cm kubeadm-config
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
# 内核模块
sysctl -a | grep 'net.ipv4.ip_forward = 1'
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
sysctl -p
# 在k8s节点 192.168.1.79 节点上开启转发 192.168.0.0/16 网段为服务器网段,利用 192.168.0.0/16 网段某个服务器作为路由器
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o eth0 -j SNAT --to-source 10.244.0.0/16
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o eth0 -j SNAT --to-source 10.96.0.0/12
# 这个不确定是否执行
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j MASQUERADE
# 测试,在 192.168.0.0/16 网段中找一个非k8s集群的服务器,加上路由,进行测试
# 现找个pod ip ping一下是否通不通
route add -net 10.244.0.0 netmask 255.255.0.0 gw 192.168.1.79 dev eth0
# 加上这个路由之后, 再测试看是否通
# 为了能让办公人员的浏览器可以访问到, 需要再核心交换机上配置规则
# 核心交换机
route add -net 10.244.0.0 netmask 255.255.0.0 gw 192.168.1.79 dev eth0
route add -net 10.96.0.0 netmask 255.240.0.0 gw 192.168.1.79 dev eth0
- nginx demo
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-aa
spec:
replicas: 1
selector:
matchLabels:
app: aa
template:
metadata:
labels:
app: aa
spec:
containers:
- name: nginx-aa
image: nginx
volumeMounts:
- mountPath: /etc/nginx/conf.d/
name: nginx-aa
volumes:
- configMap:
name: nginx-aa
name: nginx-aa
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-bb
spec:
replicas: 1
selector:
matchLabels:
app: bb
template:
metadata:
labels:
app: bb
spec:
containers:
- name: nginx-bb
image: nginx
volumeMounts:
- mountPath: /etc/nginx/conf.d/
name: nginx-bb
volumes:
- configMap:
name: nginx-bb
name: nginx-bb
---
apiVersion: v1
kind: Service
metadata:
name: nginx-aa
spec:
type: ClusterIP
ports:
- port: 80
selector:
app: aa
---
apiVersion: v1
kind: Service
metadata:
name: nginx-bb
spec:
type: ClusterIP
ports:
- port: 80
selector:
app: bb
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-demo
annotations:
kubernetes.io/ingress.class: nginx
spec:
#ingressClassName: nginx
rules:
- host: jin.yeemiao.net.cn
http:
paths:
- backend:
service:
name: nginx-aa
port:
number: 80
path: /aa/
pathType: Prefix
- backend:
service:
name: nginx-bb
port:
number: 80
path: /bb/
pathType: Prefix
tls:
- hosts:
- jin.yeemiao.net.cn
secretName: yeemiao.net.cn
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-aa
data:
default.conf: |
server{
listen 80;
server_name localhost;
location /aa/ {
proxy_pass http://192.168.1.181:8888/;
}
}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-bb
data:
default.conf: |
server{
listen 80;
server_name localhost;
location /bb/ {
proxy_pass http://192.168.1.181:8889/;
}
}
文章来源:https://blog.csdn.net/moon_naxx/article/details/135127628
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!