kevisual/k8s-docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4d21537d1bfc05dc036995110e247de141f9c5b6
k8s-docs/k8s/xiongxiao.me/docs/04-host-service.md
abearxiong 2418891634 temp
2025-11-26 15:44:15 +08:00

293 lines
5.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: Traefik 配置主机服务指南
description: 通过 Traefik Ingress 将主机端口服务暴露到 Kubernetes 集群,实现域名访问
tags:
- Kubernetes
- Traefik
- Ingress
- 主机服务
- 端口转发
createdAt: 2025-11-26
---
# Traefik 配置主机服务指南
## 概述
本文档介绍如何通过 Traefik Ingress 将主机上的服务(例如 4000 端口)暴露到 Kubernetes 集群,并通过域名访问。
## 配置方案
### 方案一:使用 Service + Endpoints推荐
这种方式直接将主机 IP 和端口映射到 Kubernetes Service。
#### 1. 创建 Service 和 Endpoints
文件:`services/host-service-4000.yaml`
```yaml
---
# 主机服务端点配置
apiVersion: v1
kind: Service
metadata:
name: host-service-4000
namespace: default
spec:
ports:
- protocol: TCP
port: 4000
targetPort: 4000
clusterIP: None
---
apiVersion: v1
kind: Endpoints
metadata:
name: host-service-4000
namespace: default
subsets:
- addresses:
- ip: 192.168.65.254 # 主机 IP 地址
ports:
- port: 4000
```
**主机 IP 说明:**
- **Docker Desktop (Mac/Windows)**: `192.168.65.254``host.docker.internal`
- **Linux (Minikube)**: 使用 `minikube ssh "route -n | grep ^0.0.0.0 | awk '{ print \$2 }'"` 获取
- **自定义集群**: 使用实际的主机 IP 地址
#### 2. 创建 Ingress 规则
文件:`ingress/host-service-ingress.yaml`
```yaml
---
# 主机服务 Ingress 配置
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: host-service-ingress
namespace: default
spec:
ingressClassName: traefik
rules:
- host: zd.xiongxiao.me
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: host-service-4000
port:
number: 4000
```
#### 3. 部署配置
```bash
# 应用 Service 和 Endpoints
kubectl apply -f services/host-service-4000.yaml
# 应用 Ingress
kubectl apply -f ingress/host-service-ingress.yaml
```
#### 4. 验证配置
```bash
# 检查 Service
kubectl get svc host-service-4000
# 检查 Endpoints
kubectl get endpoints host-service-4000
# 检查 Ingress
kubectl get ingress host-service-ingress
# 查看 Ingress 详情
kubectl describe ingress host-service-ingress
```
#### 5. 配置 DNS
在你的 DNS 提供商或本地 hosts 文件中添加:
```
<traefik-ip> zd.xiongxiao.me
```
#### 6. 测试访问
```bash
# 通过域名访问
curl http://zd.xiongxiao.me
# 或在浏览器中访问
# http://zd.xiongxiao.me
```
### 方案二:使用 ExternalName Service
适用于可以通过主机名访问的情况。
```yaml
---
apiVersion: v1
kind: Service
metadata:
name: host-service-4000
namespace: default
spec:
type: ExternalName
externalName: host.docker.internal # 或使用实际主机名
ports:
- protocol: TCP
port: 4000
targetPort: 4000
```
**注意**: ExternalName 不支持指定端口,可能需要额外配置。
## 常见问题
### 1. 如何获取主机 IP
**Docker Desktop (Mac/Windows)**:
```bash
# 使用特殊域名
host.docker.internal
# 或使用固定 IP
192.168.65.254
```
**Linux/Minikube**:
```bash
# 方法一:从容器内查看
kubectl run -it --rm debug --image=alpine --restart=Never -- sh
/ # ip route | grep default
/ # exit
# 方法二Minikube 特定
minikube ssh "route -n | grep ^0.0.0.0 | awk '{ print \$2 }'"
```
### 2. 连接被拒绝
检查以下几点:
- 主机服务是否在 0.0.0.0:4000 监听(而不是 127.0.0.1:4000
- 防火墙是否允许访问
- 主机 IP 配置是否正确
**修改服务监听地址示例**:
```bash
# 错误 - 只监听本地
node server.js --host 127.0.0.1 --port 4000
# 正确 - 监听所有接口
node server.js --host 0.0.0.0 --port 4000
```
### 3. Ingress 无法路由
检查 Traefik 日志:
```bash
kubectl logs -n traefik -l app.kubernetes.io/name=traefik --tail=100
```
查看 Ingress 事件:
```bash
kubectl describe ingress host-service-ingress
```
## 配置多个主机服务
如果需要配置多个主机端口,只需复制配置并修改相应的值:
```yaml
---
# 第二个服务 - 5000 端口
apiVersion: v1
kind: Service
metadata:
name: host-service-5000
namespace: default
spec:
ports:
- protocol: TCP
port: 5000
targetPort: 5000
clusterIP: None
---
apiVersion: v1
kind: Endpoints
metadata:
name: host-service-5000
namespace: default
subsets:
- addresses:
- ip: 192.168.65.254
ports:
- port: 5000
---
# Ingress 配置
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: host-service-5000-ingress
namespace: default
spec:
ingressClassName: traefik
rules:
- host: another.xiongxiao.me
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: host-service-5000
port:
number: 5000
```
## HTTPS 配置
如果需要 HTTPS可以添加 TLS 配置:
```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: host-service-ingress
namespace: default
annotations:
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
ingressClassName: traefik
tls:
- hosts:
- zd.xiongxiao.me
secretName: zd-xiongxiao-me-tls
rules:
- host: zd.xiongxiao.me
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: host-service-4000
port:
number: 4000
```
## 参考资源
- [Traefik 官方文档](https://doc.traefik.io/traefik/routing/providers/kubernetes-ingress/)
- [Kubernetes Ingress 文档](https://kubernetes.io/docs/concepts/services-networking/ingress/)
- [Kubernetes Service 文档](https://kubernetes.io/docs/concepts/services-networking/service/)
Reference in New Issue View Git Blame Copy Permalink