kubernetes - exposing CockroachDB on Kubernetes to public IP

Question

I have a CockroachDB instance running in a Kubernetes cluster on Google Kubernetes Engine. I am trying to expose port 26257 so I can connect to it from my local machine.

As stated in this answer, port forwarding to the pod will not work.

I have an nginx-ingress controller which is used to map from my domain name paths to services, so I tried to use that:

I changed my db-cockroachdb-public service from ClusterIP to NodePort:

type: NodePort

I added these lines to my nginx-controller YAML:

-name: postgresql

nodePort: 30472

port: 26257

protocol: TCP

targetPort: 26257

and these lines to my ingress YAML:

- host: db.mydomain.com
  http:
    paths:
    - path: /
      backend:
        serviceName: db-cockroachdb-public
        servicePort: 26257

However, I'm unable to connect to the database - connection gets refused. I also tried to disable SSL redirects in the nginx controller, but it still doesn't work.

I also tried a ConfigMap but it didn't do anything:

https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/exposing-tcp-udp-services.md

Answer 1

有几种方法可以解决这个问题。大多数都与更改您的入口配置或您如何连接到服务有关，我不打算讨论。另一种选择是使端口转发工作以消除对入口机器的需求。

您可以通过稍微修改 CockroachDB 配置文件来使端口转发工作。将调用 Cockroach 二进制文件中的--host标志名称更改为。这样，该进程将在 localhost 和其主机名上进行侦听，这将使端口转发工作。--advertise-host

编辑：为了跟进这一点，我已将 CockroachDB 存储库中的默认配置切换为使用，--advertise-host而不是--host，因此端口转发现在默认工作。

Answer 2

我不知道它在技术上是否应该通过 nginx 实例代理 CockroachDB，但您的设置因另一个原因而失败。在规则部分指定 servicePort 时，您告诉 k8s 哪个端口暴露给服务。默认情况下，映射本身发生在端口 80/443，而不是您想要的端口。所以你应该试着在你的情况下询问端口 80。