在没有云提供商的负载均衡器的情况下将kubernetes集群暴露给“世界”

到目前为止,我已经建立了一个运行NodeJS部署的kubernetes集群。我现在准备将其公开给“世界”,并在阅读了实现此目的的服务之后,我相信所有这些都需要负载均衡器。通常,这些负载均衡器是由托管kubernetes的云提供商创建的。我遇到了这些限制,一些定价很高,有些在连接方面有限制等。

I am now trying to figure out how to avoid these Load Balancers and expose my kubernetes cluster, but in a performant, secure and manageable way. I've looked through documentation and there seem to be mentionings of things like NodePort and Ingress. As far as I understood NodePort only works for a single machine in the cluster? and Ingress still requires traffic to come from somewhere, usually a Load Balancer.

这是我当前的清单,从公开的角度出发,我应该从哪里去做,最好是采用允许SSL证书,速率限制等的方法...生产中通常需要的东西

development.yaml

---
# ClusterIP
apiVersion: v1
kind: Service
metadata:
  name: development-actions-cip
spec:
  type: ClusterIP
  selector:
    app: development-actions
  ports:
    - protocol: TCP
      port: 80
      targetPort: 4000
---
# Actions NodeJS server
apiVersion: apps/v1
kind: Deployment
metadata:
  name: development-actions
spec:
  replicas: 1
  selector:
    matchLabels:
      app: development-actions
  template:
    metadata:
      labels:
        app: development-actions
    spec:
      containers:
        - image: my-image/latest
          name: development-actions
          ports:
            - containerPort: 4000
              protocol: TCP
评论
  • 别离开我身边
    别离开我身边 回复

    You could deploy the nginx ingress controller in a selected and dedicated kubernetes node using hostNetwork: true. This would mean nginx will listen on port 80 and 443 on the host VM network. Assign public IP to the VM. Add the public IP of the VM as A record into your DNS providers configuration to route traffic for your domain to the VM.

    然后,对于所有后端Pod,只需创建clusterIP服务和入口资源即可将其公开给外界。

    要使其成为HA,您可以将同一设置复制到多个kubernetes节点上。