Ingress-nginx如何将NGINX Ingress的外部装置设置为仅1 IP外部IP

发布于 2025-02-04 04:36:26 字数 1597 浏览 4 评论 0原文

我在部署时使用YAML文件安装了NGINX入口，

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/cloud/deploy.yaml

默认情况下，端点/externalips默认是我的节点的所有IP

，但我只希望1个外部设备能够访问我

尝试过的应用程序（ https://kubernetes.github.io/ingress-nginx/ingress-nginx/user-guide/nginx-configuration/configmap/configmap/#bind-address-dress-dress-dress-dress ）在配置文件中应用它，但它不起作用，我的configmap文件：

apiVersion: v1
data:
  bind-address: "192.168.30.16"
kind: ConfigMap
metadata:
  name: ingress-nginx-controller

我尝试了kubectl编辑svc/indress-nginx-controller -n in in ins in indress-nginx以编辑svc添加外部装置，但是它仍然不起作用。

nginx Ingress文档中提到的唯一一件事是 https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#external-ips ，但我尝试编辑SVC，然后更改后，它设置为单个IP，但后来又有RE RE RE - 再次添加IPS。好像在Ingress-nginx中有自动更新外部IPS机械师吗？

无论如何，是否可以将NGINX Ingress External IP设置为仅1个节点IP？我用尽了谷歌搜索的选择。希望有人可以帮助我

原文

i installed nginx ingress with the yaml file

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/cloud/deploy.yaml

when deploy i can see that the endpoints/externalIPs by default are all the ip of my nodes

but i only want 1 externalIPs to be access able to my applications

i had tried bind-address(https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#bind-address) in a configuration file and applied it but it doesn't work, my ConfigMap file:

apiVersion: v1
data:
  bind-address: "192.168.30.16"
kind: ConfigMap
metadata:
  name: ingress-nginx-controller

I tried kubectl edit svc/ingress-nginx-controller -n ingress-nginx to edit the svc adding externalIPs but it still doesn't work.

The only thing the nginx ingress document mentioned is https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#external-ips but i tried editing the svc, after i changed, it was set to single IP, but later it re-add the IPs again. Seems like there an automatic update of external IPs mechanic in ingress-nginx?

Is there anyway to set nginx ingress externals ip to only 1 of the node ip? i'm running out of option for googling this. Hope someone can help me

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

小傻瓜 2025-02-11 04:36:26

，但我只希望1个外部IP可以访问我的应用程序

可以访问您的服务以及IP/subnet/lameApce等，

但是，如果您希望“控制”谁 a href =“ https://kubernetes.io/docs/concepts/services-networking/network-policies/” rel =“ nofollow noreferrer”> https：//kubernetes.io/docs.io/docs/docs/docs/conectes/concects/services-networking/networking/network-政策/

POD可以与之通信的实体是通过以下3个标识符的组合来识别的：
其他允许的豆荚（例外：POD无法阻止对自身的访问）
允许的名称空间。
IP块（异常：始终允许运行POD的节点的流量，无论POD的IP地址或节点的IP地址如何）
定义基于POD或基于命名空间的网络Policy时，您使用选择器来指定允许与选择器匹配的POD的流量。
同时，当创建基于IP的网络电气时，我们根据IP块（CIDR范围）定义策略。

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      role: db
  policyTypes:
    - Ingress
    - Egress
  ingress:
    - from:
        - ipBlock:
            cidr: 172.17.0.0/16
            except:
              - 172.17.1.0/24
        - namespaceSelector:
            matchLabels:
              project: myproject
        - podSelector:
            matchLabels:
              role: frontend
      ports:
        - protocol: TCP
          port: 6379
  egress:
    - to:
        - ipBlock:
            cidr: 10.0.0.0/24
      ports:
        - protocol: TCP
          port: 5978

but I only want 1 external IPs to be access able to my applications

If you wish to "control" who can access your service(s) and from which ip/subnet/namesapce etc you should use NetworkPolicy

https://kubernetes.io/docs/concepts/services-networking/network-policies/

The entities that a Pod can communicate with are identified through a combination of the following 3 identifiers:
Other pods that are allowed (exception: a pod cannot block access to itself)
Namespaces that are allowed.
IP blocks (exception: traffic to and from the node where a Pod is running is always allowed, regardless of the IP address of the Pod or the node)
When defining a pod- or namespace-based NetworkPolicy, you use a selector to specify what traffic is allowed to and from the Pod(s) that match the selector.
Meanwhile, when IP-based NetworkPolicies are created, we define policies based on IP blocks (CIDR ranges).

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      role: db
  policyTypes:
    - Ingress
    - Egress
  ingress:
    - from:
        - ipBlock:
            cidr: 172.17.0.0/16
            except:
              - 172.17.1.0/24
        - namespaceSelector:
            matchLabels:
              project: myproject
        - podSelector:
            matchLabels:
              role: frontend
      ports:
        - protocol: TCP
          port: 6379
  egress:
    - to:
        - ipBlock:
            cidr: 10.0.0.0/24
      ports:
        - protocol: TCP
          port: 5978