有时候需要在集群外部连接集群内部网络,可以在集群内安装相关的网络代理软件,这里使用的是 v2ray。
1. 准备
安装此软件需要如下镜像。
1
docker.io/v2fly/v2fly-core:v4.45.2
2. 导入配置
v2ray 的配置定义在 ConfigMap 下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
apiVersion: v1
kind: ConfigMap
metadata:
name: conf-v2ray
namespace: share-app
data:
config.json: |
{
"inbounds": [
{
"port": 8080,
"listen": "0.0.0.0",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "75aa04d6-3e00-11ed-807a-373594a59655"
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"acceptProxyProtocol": false,
"headers": {
"Host": "api.d7z.net"
},
"path": "/"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
}
]
}
3. 创建应用
配置应用完成后,即可开始创建 v2ray 应用:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
apiVersion: v1
kind: Service
metadata:
name: svc-v2ray
namespace: share-app
spec:
# type: LoadBalancer (1)
ports:
- port: 8080
name: v2ray
selector:
app: v2ray
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: sts-v2ray
namespace: share-app
spec:
serviceName: svc-v2ray
selector:
matchLabels:
app: v2ray
replicas: 1
template:
metadata:
labels:
app: v2ray
spec:
containers:
- name: v2ray
image: "docker.io/v2fly/v2fly-core:v4.45.2"
args:
- v2ray
- -c
- /data/config.json
volumeMounts:
- name: conf
mountPath: /data/
volumes:
- name: conf
configMap:
name: conf-v2ray
其中
| 1 | 你可以直接将内部端口暴露,不使用 Ingress |
4. 映射 Ingress
为最大化保证网络安全,防止暴露协议特征,将使用 tls 隧道包裹:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-v2ray
namespace: share-app
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
ingressClassName: nginx-public
tls:
- hosts:
- api.d7z.net
secretName: tls-pub-d7z
rules:
- host: api.d7z.net
http:
paths:
- path: /api/info
pathType: Prefix
backend:
service:
name: svc-v2ray
port:
name: v2ray
5. 测试
执行完成后,在相关的客户端软件添加新连接,协议为 vmess ,远程地址填入 api.d7z.net,端口为 443,传输层协议选择 tls+websocket,UUID 填入 75aa04d6-3e00-11ed-807a-373594a59655, Header 请求头填入 Host=api.d7z.net,路径填入 /api/info ,如无问题,集群内网络连接成功。