k8s集群通過nginx-ingress做tcp\udp 4層網絡轉發
檢查nginx-ingress是否開啟tcp\udp轉發
- args:
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
示例 kuard-demo.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: kuard
spec:
selector:
matchLabels:
app: kuard
replicas: 1
template:
metadata:
labels:
app: kuard
spec:
containers:
- image: paulcapestany/kuard-amd64:1
imagePullPolicy: Always
name: kuard
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: kuard
spec:
ports:
- port: 9527
targetPort: 8080
protocol: TCP
selector:
app: kuard
更新configmaps
$kubectl get cm -n ingress-nginx
NAME DATA AGE
ingress-controller-leader-nginx 0 10m
nginx-configuration 0 10m
tcp-services 2 10m
udp-services 0 10m
tcp-services.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: ingress-nginx
data:
9527: "default/kuard:9527"
進入nginx-ingress容器查看TCP services處會出現對應的負載配置
cat nginx.conf
# TCP services
server {
preread_by_lua_block {
ngx.var.proxy_upstream_name="tcp-default-kuard-9527";
}
listen 9527;
proxy_timeout 600s;
proxy_pass upstream_balancer;
}
# UDP services
最后即可通過邊緣節點 ip:9527 訪問。當pod節點擴容后紅線標記的hostname也會隨刷新變化。
