说明
前面我们通过部署nginx-ingress作为一个访问入口,访问的都是支持http类型的服务,但是某些些场景下我们的服务不支持通过http服务访问,如MySQL,但是MySQL支持通过tcp进行访问。如果通过nodeport方式的话,每个节点都会暴露端口,会显得繁琐浪费。而我们集群一般会部署一个nginx-ingress,我们可以通过它来支持tcp的访问。udp也类似。
安装部署测试
安装nginx-ingress
按照前面的文章https://blog.csdn.net/margu_168/article/details/131681749部署好nginx-ingress服务,使用hostNetwork: true 的方式部署。
TCP测试服务部署
bash
#mysql服务部署
[root@k8s-m1 ingress-tcp-udp-test]# cat mysql-deployment-test.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql-master
labels:
name: mysql-master
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: mysql-master
name: mysql-master
template:
metadata:
labels:
app: mysql-master
name: mysql-master
spec:
terminationGracePeriodSeconds: 10
# imagePullSecrets:
# - name: docker-registry
containers:
- name: mysql-master
image: mysql:5.7
imagePullPolicy: Always
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: "margu123"
#创建mysql service
[root@k8s-m1 ingress-tcp-udp-test]# cat mysql-svc.yaml
kind: Service
apiVersion: v1
metadata:
name: mysql
namespace: default
spec:
type: ClusterIP
clusterIP: None
ports:
- name: mysql
port: 3306
selector:
name: mysql-master
[root@k8s-m1 ingress-tcp-udp-test]# kubectl apply -f mysql-deployment-test.yaml
deployment.apps/mysql-master created
[root@k8s-m1 ingress-tcp-udp-test]# kubectl apply -f mysql-svc.yaml
service/mysql created
#查看部署情况
[root@k8s-m1 ingress-tcp-udp-test]# kubectl get po -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mysql-master-c84c6c55d-t9jtt 1/1 Running 0 3m39s 10.244.42.155 k8s-m1 <none> <none>
[root@k8s-m1 ingress-tcp-udp-test]# kubectl get ep mysql
NAME ENDPOINTS AGE
mysql 10.244.42.155:3306 5s
#tcp
[root@k8s-m1 ingress-tcp-udp-test]# cat tcp-test.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: ingress-nginx
data:
33333: "default/mysql:3306"
[root@k8s-m1 ingress-tcp-udp-test]# kubectl apply -f tcp-test.yaml
configmap/tcp-services createdTCP访问测试
bash
[root@k8s-m1 ingress-tcp-udp-test]# kubectl get po -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ingress-controller-6dbfb9c476-5rqpc 1/1 Running 0 6m21s 192.168.2.141 k8s-m2 <none> <none>
#nginx的pod在k8s-m2上,IP为192.168.2.141
#访问mysql,通过客户端或者命令行都可以,我的k8s-m1节点上有mysql客户端,直接测试。
[root@k8s-m1 ingress-tcp-udp-test]# mysql -h192.168.2.141 -uroot -P33333 -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.7.36 MySQL Community Server (GPL)
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
##能正常访问UDP访问测试
由于kubernetes系统自带了一个暴露了udp端口的服务那就是内部dns服务,现在是kube-dns服务。我们直接使用它来进行测试。
bash
[root@k8s-m1 ingress-tcp-udp-test]# cat udp-test.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: udp-services
namespace: ingress-nginx
data:
53: "kube-system/kube-dns:53"
##使用的端口一不一样无所谓,不用53的话后面解析的时候用-p指定一下使用的端口就行
[root@k8s-m1 ingress-tcp-udp-test]# kubectl apply -f udp-test.yaml
configmap/udp-services created
#使用k8s集群内部dns的IP地址解析mysql服务,正常
[root@k8s-m1 ingress-tcp-udp-test]# dig -t A mysql.default.svc.cluster.local. @10.96.0.10
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.10 <<>> -t A mysql.default.svc.cluster.local. @10.96.0.10
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47569
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mysql.default.svc.cluster.local. IN A
;; ANSWER SECTION:
mysql.default.svc.cluster.local. 30 IN A 10.244.42.155
;; Query time: 0 msec
;; SERVER: 10.96.0.10#53(10.96.0.10)
;; WHEN: Thu Jul 20 15:37:43 CST 2023
;; MSG SIZE rcvd: 107
#使用通过ingres-nginx暴露出来的端口解析也是正常的,如下
[root@k8s-m1 ingress-tcp-udp-test]# dig -t A mysql.default.svc.cluster.local. @192.168.2.141
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.10 <<>> -t A mysql.default.svc.cluster.local. @192.168.2.141
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1435
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mysql.default.svc.cluster.local. IN A
;; ANSWER SECTION:
mysql.default.svc.cluster.local. 14 IN A 10.244.42.155
;; Query time: 1 msec
;; SERVER: 192.168.2.141#53(192.168.2.142)
;; WHEN: Thu Jul 20 15:37:59 CST 2023
;; MSG SIZE rcvd: 107更多关于kubernetes的知识分享,请前往博客主页。编写过程中,难免出现差错,敬请指出