1. 技术文章
  2. Expose Kubernetes cluster to Internet

Expose Kubernetes cluster to Internet

梦想的初衷 提交于 2021-02-10 15:13:14

问题


I have created a Kubernetes cluster on my virtual machine and I have been trying to expose this to Internet with my own domain(for eg, www.mydomain.xyz). I have created an ingress resource as below and I've also modified kubelet configuration to have my domain name. All my pods and services are created in this domain name (Eg, default.svc.mydomain.xyz)

root@master-1:~# kubectl get ingress
NAME           CLASS    HOSTS                  ADDRESS        PORTS   AGE
test-ingress   <none>   www.mydomain.xyz   192.168.5.11   80      5d20h

root@master-1:~# kubectl get svc -n ingress-nginx
NAME                                 TYPE           CLUSTER-IP      EXTERNAL-IP    PORT(S)                      AGE
ingress-nginx-controller             LoadBalancer   10.103.59.116   192.168.5.11   443:30740/TCP,80:31894/TCP   6d21h

I tried to add A record in my domain DNS page as below and could not add it.

This is where I get stuck and unable to proceed further. Do I need to change anything in the cluster to add this namespace in "Domain DNS configuration" (Hostinger) or anything to be added in master node.

How does the domain that I own redirect all the traffic to my kubernetes cluster?

Any help would be highly appreciated.


回答1:


You cannot expose your Kubernetes cluster like you've tried.

I strongly advise to use a different Kubernetes solution as minikube is more a tool to experiment and develop as said in the official site:

Minikube is a tool that makes it easy to run Kubernetes locally. Minikube runs a single-node Kubernetes cluster inside a Virtual Machine (VM) on your laptop for users looking to try out Kubernetes or develop with it day-to-day.

Kubernetes.io: Learning environment: Minikube

Please take a look on other solutions like:

  • Kubernetes.io: Production environment: Create cluster kubeadm
  • Github.com: Kubespray
  • Cloud.google.com: Kubernetes Engine
  • Aws.amazon.com: EKS

You have several things to remember when trying to expose Kubernetes to the Internet from your private network.

  • Access to public IP
  • Ability to port forward traffic inside your network
  • Allow traffic to your minikube instance
  • Combining all of the above

Why do I think it's minikube instance?

You have 2 network interfaces:

  • NAT
  • Host-only

This interfaces are getting created when you run your minikube with Virtualbox

Access to public IP

Access to public IP is crucial. Without it you will not be able to expose your services to the Internet. There are some exclusions but I will not focus on them here.

In the DNS panel you've entered the private IP address. You cannot do that unless the DNS server is intended resolve only local queries (your private network). To allow other users to connect to your Kubernetes cluster you need to provide a public IP address like 94.XXX.XXX.XXX.

You can read more about differences between public and private ip addresses here:

  • Help.keenetic.com: What is the difference between a public and private IP address

Ability to port forward traffic inside your network

If you have your public IP you will also need to check if the incoming connections are not blocked by other devices like ISP's firewalls or your router. If they are blocked you will be unable to expose your services. To expose your services to the Internet you will need to use "port-forwarding".

You can read more about it here:

  • Wikipedia.org: Port forwarding

Allow traffic to your minikube instance

As I previously mentioned: When you create your minikube instance with Virtualbox you will create below network interfaces:

  • NAT- interface which will allow your VM to access the Internet. This connection cannot be used to expose your services
  • Host-only-network-adapter - interface created by your host which allows to communicate within the interface. It means that your host and other vm's with this particular adapter could connect with each other. It's designed for internal usage.

You can read more about Virtualbox networking here:

  • Virtualbox.org: Virtual Networking

I've managed to find a workaround to allow connections outside your laptop/pc to your minikube instance. You will need to change network interface in settings of your minikube instance from Host-only-network-adapter to Bridged Adapter (2nd adapter). This will work as another device was connected to your physical network. Please make sure that this bridged adapter is used with Ethernet NIC. Minikube should change IP address to match the one used in your physical one.

You will also need to change your .kube/config as it will have the old/wrong IP address!

After that you should be able to connect to your Ingress resource by IP accessible in your physical network.

Combining all of the above

Remembering the information above, let's assume.

  • You have a public IP address associated on the WAN interface of your router (for example 94.100.100.100).
  • You create a A record in DNS pointing to your domain name to 94.100.100.100.
  • You create a port-forwarding from port 80 to port 80 to the IP address of minikube bridged adapter.

After that you should be able to connect from outside to your Ingress resource.

The request will first contact DNS server for IP address associated with the domain. Then it will send request to this IP address (which is presumably your router). Your router will port-forward this connection to your minikube instance.



来源:https://stackoverflow.com/questions/62559281/expose-kubernetes-cluster-to-internet

标签
nginx
Kubernetes
dns
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!