k8s集群通过nginx-ingress做tcp\udp 4层网络转发
检查nginx-ingress是否开启tcp\udp转发
- args:
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
示例 kuard-demo.yaml
apiVersion: apps/v1
kind: Deployment
Metadata:
name: kuard
spec:
selector:
matchLabels:
app: kuard
replicas: 1
template:
Metadata:
labels:
app: kuard
spec:
containers:
#gcr.azk8s.cn/kuar-demo/kuard-amd64:1
- image: paulcapestany/kuard-amd64:1
imagePullPolicy: Always
name: kuard
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
Metadata:
name: kuard
spec:
ports:
- port: 9527
targetPort: 8080
protocol: TCP
selector:
app: kuard
更新configmaps
$kubectl get cm -n ingress-Nginx
NAME DATA AGE
ingress-controller-leader-Nginx 0 10m
Nginx-configuration 0 10m
tcp-services 2 10m
udp-services 0 10m
tcp-services.yaml
apiVersion: v1
kind: ConfigMap
Metadata:
name: tcp-services
namespace: ingress-Nginx
data:
9527: "default/kuard:9527"
进入nginx-ingress容器查看TCP services处会出现对应的负载配置
cat Nginx.conf
# TCP services
server {
preread_by_lua_block {
ngx.var.proxy_upstream_name="tcp-default-kuard-9527";
}
listen 9527;
proxy_timeout 600s;
proxy_pass upstream_balancer;
}
# UDP services
最后即可通过边缘节点 ip:9527 访问。当pod节点库容后红线标记的hostname也会随刷新变化。
