英文:
CockroachDB Kubernetes Cluster Ingress Setup
问题
以下是翻译好的内容:
所以,我的目标是能够通过像 db.test.com
这样的域名访问我的CockroachDB,并使用证书。
我想使用cert-manager letsencrypt来发放密钥。并且它应该能在CF(非代理模式,因为我认为他们不支持TCP)中工作。
起初,为了测试一切,我使用了普通的 kubectl port-forward
,它起作用,但现在我需要一直暴露它。
我尝试使用Ingress(使用ingress-nginx)
- 我知道Ingress主要是用于HTTP/HTTPS,但我看到它也可以用于我需要的东西,而在CF中,我无法指向我需要的端口。
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tcp-example-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/tcp-services: "cluster-cockroachdb-public"
nginx.ingress.kubernetes.io/tcp-service-port: "26257"
nginx.ingress.kubernetes.io/backend-protocol: "TCP"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- db.test.com
secretName: db-access-ssl-cert-production
rules:
- host: db.test.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cluster-cockroachdb-public
port:
number: 26257
尝试连接不起作用,日志中我可以看到400状态码和奇怪的字符,如 \x20...
无论我尝试什么,都无法让它工作。
我成功地让web-ui部分工作,这相对容易。
可能有帮助的其他资源是我使用的values.yaml文件。
conf:
cache: "2Gi"
max-sql-memory: "2Gi"
# 我的WEB-UI可以正常工作
ingress:
enabled: true
labels: {}
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-production
paths: [/]
hosts:
- db-ui.test.com
tls:
- hosts: [db-ui.test.com]
secretName: ssl-cert-production
其他都是默认设置。
英文:
So my goal is to be able to access my CockroachDB from domain like db.test.com
with cert.
I want to use cert-manager letsencrypt to issue keys. And it should work with CF (in non proxy mode as I think they do not support tcp for this)
At first to test everything I used normal kubectl port-forward
which worked, but now I needed to expose it always.
I have tried using Ingress (using ingress-nginx)
- I know that Ingress is mostly HTTP/HTTPS but I saw it can be used for the thing I need and IN CF I cannot point to port that I needed.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tcp-example-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/tcp-services: "cluster-cockroachdb-public"
nginx.ingress.kubernetes.io/tcp-service-port: "26257"
nginx.ingress.kubernetes.io/backend-protocol: "TCP"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- db.test.com
secretName: db-access-ssl-cert-production
rules:
- host: db.test.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cluster-cockroachdb-public
port:
number: 26257
Attempting to connect does not work, and in logs I can see 400 status code with strange characters like \x20...
No matter what I tried I could not get it to work..
I did manage to get web-ui portion working that was easy enough.
Other resource that might be helpful is the values.yaml that I used
conf:
cache: "2Gi"
max-sql-memory: "2Gi"
# My WEB-UI that works
ingress:
enabled: true
labels: {}
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-production
paths: [/]
hosts:
- db-ui.test.com
tls:
- hosts: [db-ui.test.com]
secretName: ssl-cert-production
Everything else is default
答案1
得分: 0
我通过按照以下教程解决了我的问题:
https://mailazy.com/blog/exposing-tcp-udp-services-ingress/
还在这里提到:
https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/
Ingress 不支持 TCP 或 UDP 服务,因此我们使用 ingress-nginx 配置。我们对 ingress-nginx helm chart 的值进行了修改并添加了自定义值(从 GitHub helm chart for ingress-nginx 复制默认 values.yaml)。
我只编辑了以下部分:
# -- TCP 服务键值对
## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
##
tcp:
"26257": "default/cluster-cockroachdb-public:26257"
之后,我们运行 helm upgrade
命令以替换 ingress-nginx 的值,然后其他人也应该可以正常使用。
如果您正在使用 Cloudflare,请确保禁用代理!
英文:
I solved my issue by following the tutorial below:
https://mailazy.com/blog/exposing-tcp-udp-services-ingress/
also mentioned here
https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/
Ingress does not support TCP or UDP services so we use ingress-nginx config for it we patch ingress-nginx values of chart and add custom one (Copy default values.yaml from github helm chart for ingress-nginx)
I just edited this portion:
# -- TCP service key-value pairs
## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
##
tcp:
"26257": "default/cluster-cockroachdb-public:26257"
After that we run helm upgrade
command to replace values of ingress-nginx and after that it should work for anyone else as well.
If you are using cloudflare make sure to disable proxy!
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论