CockroachDB Kubernetes集群Ingress设置

huangapple go评论63阅读模式
英文:

CockroachDB Kubernetes Cluster Ingress Setup

问题

以下是翻译好的内容:

所以,我的目标是能够通过像 db.test.com 这样的域名访问我的CockroachDB,并使用证书。

我想使用cert-manager letsencrypt来发放密钥。并且它应该能在CF(非代理模式,因为我认为他们不支持TCP)中工作。

起初,为了测试一切,我使用了普通的 kubectl port-forward,它起作用,但现在我需要一直暴露它。

我尝试使用Ingress(使用ingress-nginx)

  • 我知道Ingress主要是用于HTTP/HTTPS,但我看到它也可以用于我需要的东西,而在CF中,我无法指向我需要的端口。
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: tcp-example-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/tcp-services: "cluster-cockroachdb-public"
    nginx.ingress.kubernetes.io/tcp-service-port: "26257"
    nginx.ingress.kubernetes.io/backend-protocol: "TCP"
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  tls:
    - hosts:
        - db.test.com
      secretName: db-access-ssl-cert-production
  rules:
    - host: db.test.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: cluster-cockroachdb-public
                port:
                  number: 26257

尝试连接不起作用,日志中我可以看到400状态码和奇怪的字符,如 \x20...

无论我尝试什么,都无法让它工作。

我成功地让web-ui部分工作,这相对容易。

可能有帮助的其他资源是我使用的values.yaml文件。

conf:
  cache: "2Gi"
  max-sql-memory: "2Gi"

# 我的WEB-UI可以正常工作
ingress:
  enabled: true
  labels: {}
  annotations:
     kubernetes.io/ingress.class: nginx
     cert-manager.io/cluster-issuer: letsencrypt-production
  paths: [/]
  hosts:
    - db-ui.test.com
  tls:
    - hosts: [db-ui.test.com]
      secretName: ssl-cert-production

其他都是默认设置。

英文:

So my goal is to be able to access my CockroachDB from domain like db.test.com with cert.

I want to use cert-manager letsencrypt to issue keys. And it should work with CF (in non proxy mode as I think they do not support tcp for this)

At first to test everything I used normal kubectl port-forward which worked, but now I needed to expose it always.

I have tried using Ingress (using ingress-nginx)

  • I know that Ingress is mostly HTTP/HTTPS but I saw it can be used for the thing I need and IN CF I cannot point to port that I needed.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: tcp-example-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/tcp-services: "cluster-cockroachdb-public"
    nginx.ingress.kubernetes.io/tcp-service-port: "26257"
    nginx.ingress.kubernetes.io/backend-protocol: "TCP"
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  tls:
    - hosts:
        - db.test.com
      secretName: db-access-ssl-cert-production
  rules:
    - host: db.test.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: cluster-cockroachdb-public
                port:
                  number: 26257

Attempting to connect does not work, and in logs I can see 400 status code with strange characters like \x20...

No matter what I tried I could not get it to work..

I did manage to get web-ui portion working that was easy enough.

Other resource that might be helpful is the values.yaml that I used

conf:
  cache: "2Gi"
  max-sql-memory: "2Gi"

# My WEB-UI that works
ingress:
  enabled: true
  labels: {}
  annotations: 
     kubernetes.io/ingress.class: nginx
     cert-manager.io/cluster-issuer: letsencrypt-production
  paths: [/]
  hosts:
    - db-ui.test.com
  tls:
    - hosts: [db-ui.test.com]
      secretName: ssl-cert-production

Everything else is default

答案1

得分: 0

我通过按照以下教程解决了我的问题:

https://mailazy.com/blog/exposing-tcp-udp-services-ingress/

还在这里提到:

https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/

Ingress 不支持 TCP 或 UDP 服务,因此我们使用 ingress-nginx 配置。我们对 ingress-nginx helm chart 的值进行了修改并添加了自定义值(从 GitHub helm chart for ingress-nginx 复制默认 values.yaml)。

我只编辑了以下部分:

# -- TCP 服务键值对
## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
##
tcp:
  "26257": "default/cluster-cockroachdb-public:26257"

之后,我们运行 helm upgrade 命令以替换 ingress-nginx 的值,然后其他人也应该可以正常使用。

如果您正在使用 Cloudflare,请确保禁用代理!

英文:

I solved my issue by following the tutorial below:

https://mailazy.com/blog/exposing-tcp-udp-services-ingress/

also mentioned here

https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/

Ingress does not support TCP or UDP services so we use ingress-nginx config for it we patch ingress-nginx values of chart and add custom one (Copy default values.yaml from github helm chart for ingress-nginx)

I just edited this portion:

# -- TCP service key-value pairs
## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
##
tcp:
  "26257": "default/cluster-cockroachdb-public:26257"

After that we run helm upgrade command to replace values of ingress-nginx and after that it should work for anyone else as well.

If you are using cloudflare make sure to disable proxy!

huangapple
  • 本文由 发表于 2023年2月19日 00:55:15
  • 转载请务必保留本文链接:https://go.coder-hub.com/75494882.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定