Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
296 views
in Technique[技术] by (71.8m points)

docker - How to route traffic from pysical server's port to minikube cluster?

I want to sent traffic from one port through kubernetes cluster (using minikube) to another physical port. I don't know how to route traffic from physical port to cluster and from cluster to the second physical port. I'm exposing cluster via ingress (and I tested service solution also), i have one service to send external tarffic to pod and another to sent traffic from first pod to second pod. But I really don't know how to send this traffic from port to cluster and how to sent from cluster to receiving port...

My cluster is described in there: How to route test traffic through kubernetes cluster (minikube)?

question from:https://stackoverflow.com/questions/65872990/how-to-route-traffic-from-pysical-servers-port-to-minikube-cluster

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Assuming that:

  • Traffic needs to enter through a physical enp0s6 port on Ubuntu Server and be sent to Pod
  • Pod is configured with some software capable of routing traffic.
  • Pod from the image is routing traffic received to a physical enp0s5 port on the same Ubuntu Server machine (or further down the line).

Diagram

This answer does not acknowledge:

  • Software used to route the traffic from Pod to a physical port enp0s5.

A side note!

Please consider entering each link that I included in the answer as there are a lot of useful information.


Minikube is a tool that spawn your single node Kubernetes cluster for development purposes on your machine (PC, Laptop, Server, etc.).

It uses different drivers to run Kubernetes (it can be deployed as bare-metal, in docker, in virtualbox, in kvm, etc.). This allows for isolation from host (Ubuntu Server). It also means that there are differences when it comes to the networking part of this setup.

By the setup of minikube with kvm2 driver you will need to make some additional changes to your setup to be able to route traffic from 192.168.0.150 to your Deployment (set of Pods).

Let' assume that the Deployment manifest is following:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1 
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        ports:
        - containerPort: 80

Also let's assume that the Service manifest is following:

apiVersion: v1
kind: Service
metadata:
  name: nginx-deployment
spec:
  type: NodePort 
  selector:
    app: nginx # <-- this needs to match with Deployment matchLabels
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
      nodePort: 30000 

Service of type NodePort from above example will expose your Deployment on a minikube instance (IP) on port 30000.

In this particular example Service (An abstract way to expose an application running on a set of Pods as a network service) will expose the Pod within minikube instance and your host but not for external access (like other machine in the 192.168.0.0/24 network).

Options to allow external traffic are either:

  • Run on your host (Ubuntu Server):
    • $ kubectl port-forward --address 192.168.0.150 service/nginx-deployment 8000:80

kubectl will allow connections on your Ubuntu Server on port 8000 to be forwarded directly to the nginx-deployment service and inherently to your Pod.

Side notes!

  • You can also use kubectl port-forward on your PC/Laptop and by that you can direct traffic from the PC/Laptop port to your Pod.

  • --address 192.168.0.150 is set to target specifically enp0s6.

  • Use OS built-in port forwarding.

You can read more about it by following this answer:


Above explanation should help you to direct the traffic to your Pod directly from enp0s6. Sending traffic from Pod to your enp0s5 interface is pretty straightforward. You can run (from your Pod):

  • curl 10.0.0.150 (enp0s5)
  • curl 10.0.0.X (device in enp0s5 network)

Alternative

As an alternative you can try to provision your own Kubernetes cluster without using minikube. This will inherently eliminate the isolation layer and allow you for a more direct access. There are a lot of options like for example:


I encourage you to check the additional resources as Kubernetes is a complex solution and there is a lot to discover:


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...