CockroachDB Kubernetes集群Ingress设置

huangapple
go评论86阅读模式
英文:

CockroachDB Kubernetes Cluster Ingress Setup

问题

以下是翻译好的内容:

所以,我的目标是能够通过像 db.test.com 这样的域名访问我的CockroachDB,并使用证书。

我想使用cert-manager letsencrypt来发放密钥。并且它应该能在CF(非代理模式,因为我认为他们不支持TCP)中工作。

起初,为了测试一切,我使用了普通的 kubectl port-forward,它起作用,但现在我需要一直暴露它。

我尝试使用Ingress(使用ingress-nginx)

  • 我知道Ingress主要是用于HTTP/HTTPS,但我看到它也可以用于我需要的东西,而在CF中,我无法指向我需要的端口。
  1. apiVersion: networking.k8s.io/v1
  2. kind: Ingress
  3. metadata:
  4.   name: tcp-example-ingress
  5.   namespace: default
  6.   annotations:
  7.     kubernetes.io/ingress.class: "nginx"
  8.     nginx.ingress.kubernetes.io/tcp-services: "cluster-cockroachdb-public"
  9.     nginx.ingress.kubernetes.io/tcp-service-port: "26257"
  10.     nginx.ingress.kubernetes.io/backend-protocol: "TCP"
  11.     nginx.ingress.kubernetes.io/rewrite-target: /
  12. spec:
  13.   tls:
  14.     - hosts:
  15.         - db.test.com
  16.       secretName: db-access-ssl-cert-production
  17.   rules:
  18.     - host: db.test.com
  19.       http:
  20.         paths:
  21.           - path: /
  22.             pathType: Prefix
  23.             backend:
  24.               service:
  25.                 name: cluster-cockroachdb-public
  26.                 port:
  27.                   number: 26257

尝试连接不起作用,日志中我可以看到400状态码和奇怪的字符,如 \x20...

无论我尝试什么,都无法让它工作。

我成功地让web-ui部分工作,这相对容易。

可能有帮助的其他资源是我使用的values.yaml文件。

  1. conf:
  2.   cache: "2Gi"
  3.   max-sql-memory: "2Gi"
  5. # 我的WEB-UI可以正常工作
  6. ingress:
  7.   enabled: true
  8.   labels: {}
  9.   annotations:
  10.      kubernetes.io/ingress.class: nginx
  11.      cert-manager.io/cluster-issuer: letsencrypt-production
  12.   paths: [/]
  13.   hosts:
  14.     - db-ui.test.com
  15.   tls:
  16.     - hosts: [db-ui.test.com]
  17.       secretName: ssl-cert-production

其他都是默认设置。

英文:

So my goal is to be able to access my CockroachDB from domain like db.test.com with cert.

I want to use cert-manager letsencrypt to issue keys. And it should work with CF (in non proxy mode as I think they do not support tcp for this)

At first to test everything I used normal kubectl port-forward which worked, but now I needed to expose it always.

I have tried using Ingress (using ingress-nginx)

  • I know that Ingress is mostly HTTP/HTTPS but I saw it can be used for the thing I need and IN CF I cannot point to port that I needed.
  1. apiVersion: networking.k8s.io/v1
  2. kind: Ingress
  3. metadata:
  4.   name: tcp-example-ingress
  5.   namespace: default
  6.   annotations:
  7.     kubernetes.io/ingress.class: "nginx"
  8.     nginx.ingress.kubernetes.io/tcp-services: "cluster-cockroachdb-public"
  9.     nginx.ingress.kubernetes.io/tcp-service-port: "26257"
  10.     nginx.ingress.kubernetes.io/backend-protocol: "TCP"
  11.     nginx.ingress.kubernetes.io/rewrite-target: /
  12. spec:
  13.   tls:
  14.     - hosts:
  15.         - db.test.com
  16.       secretName: db-access-ssl-cert-production
  17.   rules:
  18.     - host: db.test.com
  19.       http:
  20.         paths:
  21.           - path: /
  22.             pathType: Prefix
  23.             backend:
  24.               service:
  25.                 name: cluster-cockroachdb-public
  26.                 port:
  27.                   number: 26257

Attempting to connect does not work, and in logs I can see 400 status code with strange characters like \x20...

No matter what I tried I could not get it to work..

I did manage to get web-ui portion working that was easy enough.

Other resource that might be helpful is the values.yaml that I used

  1. conf:
  2.   cache: "2Gi"
  3.   max-sql-memory: "2Gi"
  5. # My WEB-UI that works
  6. ingress:
  7.   enabled: true
  8.   labels: {}
  9.   annotations: 
  10.      kubernetes.io/ingress.class: nginx
  11.      cert-manager.io/cluster-issuer: letsencrypt-production
  12.   paths: [/]
  13.   hosts:
  14.     - db-ui.test.com
  15.   tls:
  16.     - hosts: [db-ui.test.com]
  17.       secretName: ssl-cert-production

Everything else is default

答案1

得分: 0

我通过按照以下教程解决了我的问题:

https://mailazy.com/blog/exposing-tcp-udp-services-ingress/

还在这里提到:

https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/

Ingress 不支持 TCP 或 UDP 服务,因此我们使用 ingress-nginx 配置。我们对 ingress-nginx helm chart 的值进行了修改并添加了自定义值(从 GitHub helm chart for ingress-nginx 复制默认 values.yaml)。

我只编辑了以下部分:

  1. # -- TCP 服务键值对
  2. ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
  3. ##
  4. tcp:
  5.   "26257": "default/cluster-cockroachdb-public:26257"

之后,我们运行 helm upgrade 命令以替换 ingress-nginx 的值,然后其他人也应该可以正常使用。

如果您正在使用 Cloudflare,请确保禁用代理!

英文:

I solved my issue by following the tutorial below:

https://mailazy.com/blog/exposing-tcp-udp-services-ingress/

also mentioned here

https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/

Ingress does not support TCP or UDP services so we use ingress-nginx config for it we patch ingress-nginx values of chart and add custom one (Copy default values.yaml from github helm chart for ingress-nginx)

I just edited this portion:

  1. # -- TCP service key-value pairs
  2. ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
  3. ##
  4. tcp:
  5.   "26257": "default/cluster-cockroachdb-public:26257"

After that we run helm upgrade command to replace values of ingress-nginx and after that it should work for anyone else as well.

If you are using cloudflare make sure to disable proxy!

huangapple
  • 本文由 发表于 2023年2月19日 00:55:15
  • 转载请务必保留本文链接:https://go.coder-hub.com/75494882.html
  • cert-manager
  • cockroachdb
  • kubernetes
  • kubernetes-ingress
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定