我使用 Helm Chart 安装了 kong。在
values.yaml
中,我在 Stream 部分指定了两个 TCP 端口:
stream:
- containerPort: 39019 #MongoDB
servicePort: 39019
protocol: TCP
parameters:
- ssl
- containerPort: 43576 #MySQL
servicePort: 43576
protocol: TCP
parameters:
- ssl
我的目的是为 MongoDB 公开一个端口,为 MySQL 公开另一个端口。 之后,我为两个数据库创建了一个 TCPIngress 文件:
一个用于MySQL
apiVersion: configuration.konghq.com/v1beta1
kind: TCPIngress
metadata:
name: tcp-mysql
annotations:
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: kong
konghq.com/plugins: global-file-log
spec:
tls:
- hosts:
- s.mytest.domain
secretName: s.mytest.domain-certificate
rules:
- host: s.mytest.domain
port: 43576
backend:
serviceName: mysql
servicePort: 3306
以及 MongoDB 的其他
apiVersion: configuration.konghq.com/v1beta1
kind: TCPIngress
metadata:
name: tcp-mongodb
annotations:
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: kong
konghq.com/plugins: global-file-log
spec:
tls:
- hosts:
- s.mytest.domain
secretName: s.mytest.domain-certificate
rules:
- host: s.mytest.domain
port: 39019
backend:
serviceName: mongodb
servicePort: 27017
使用此配置,MongoDB 可以完美运行,但 MySQL 却不能。 我找不到使用我的测试域连接到 MySQL 的方法。 如果我对我的 MySQL pod 进行端口转发,它会按预期工作。
我对 Kong 和 Kubernetes 总体来说还是个新手。我如何追踪出了什么问题以及如何解决这个问题?
面临同样的问题,通过暴露 TCP 端口解决,如 https://docs.konghq.com/kubernetes-ingress-controller/3.0.x/guides/services/tcp/#expose-additional-ports
文档中清楚地解释了默认情况下代理仅侦听 HTTP / HTTPS 协议。对于其他协议,如 UDP / TCP,我们需要显式指示 kong 代理这样做。从上述文档中摘录的步骤如下:
确保更改您计划公开的端口。
kubectl patch deploy -n kong kong-gateway --patch '{
"spec": {
"template": {
"spec": {
"containers": [
{
"name": "proxy",
"env": [
{
"name": "KONG_STREAM_LISTEN",
"value": "0.0.0.0:9000, 0.0.0.0:9443 ssl"
}
],
"ports": [
{
"containerPort": 9000,
"name": "stream9000",
"protocol": "TCP"
},
{
"containerPort": 9443,
"name": "stream9443",
"protocol": "TCP"
}
]
}
]
}
}
}
}'
kubectl patch service -n kong kong-gateway-proxy --patch '{
"spec": {
"ports": [
{
"name": "stream9000",
"port": 9000,
"protocol": "TCP",
"targetPort": 9000
},
{
"name": "stream9443",
"port": 9443,
"protocol": "TCP",
"targetPort": 9443
}
]
}
}'
echo "apiVersion: configuration.konghq.com/v1beta1
kind: TCPIngress
metadata:
name: echo-plaintext
annotations:
kubernetes.io/ingress.class: kong
spec:
rules:
- port: 9000
backend:
serviceName: echo
servicePort: 1025
" | kubectl apply -f -