云服务器以域名形式访问机房Kubernetes集群服务之解决方案

1. 背景介绍

1）机房K8S集群采用KubeSphere方式部署，集群信息如下：

2）上述节点公用同一联通专线出站公网IP，地址为1.1.1.1 ；入站公网IP为2.2.2.2

3）机房入站公网IP2.2.2.2的80和443端口未做互联网备案

4）云服务器IP为3.3.3.3

2. 访问需求

        通过HTTPS域名形式【https://www.lmzf.com】访问机房k8s集群服务。

3. 解决方案

3.1  转发流程

https://www.lmzf.com——>3.3.3.3:443——> 2.2.2.2:32532——>10.10.18.151:32532

3.2 方案配置

3.2.1 域名解析

www.lmzf.com解析至3.3.3.3

3.2.2 Nginx配置

服务器3.3.3.3上nginx配置如下

[root@3.3.3.3 ~]# cat  /etc/nginx/conf.d/www.lmzf.com.conf
server {listen 443 ssl;server_name www.lmzf.com;ssl_certificate    /etc/nginx/ssl/www.lmzf.com.pem;ssl_certificate_key   /etc/nginx/ssl/www.lmzf.com.key;ssl_protocols TLSv1.2 TLSv1.3;ssl_ciphers HIGH:!aNULL:!MD5;location / {proxy_pass https://2.2.2.2:32532;  # 指向Kubesphere网关的节点端口add_header 'Access-Control-Allow-Origin' '*';add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';add_header 'Access-Control-Allow-Headers' 'Content-Type';proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection "upgrade";}error_log  /var/log/www.lmzf.com.error.log;
}

备注：服务器3.3.3.3的防火墙需放开32532端口 

3.2.3 网关映射

路由器NAT配置或Nginx四层转发实现

2.2.2.2:32532——映射——>10.10.18.151:32532  

3.2.4 KubeSphere网关配置

3.3.5 Ingress配置

kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:name: www.lmzf.comnamespace: lmzfcreationTimestamp: '2025-07-21T08:06:16Z'annotations:kubesphere.io/alias-name: lmzfkubesphere.io/creator: admin
spec:ingressClassName: kubesphere-router-clustertls:- hosts:- www.lmzf.comsecretName: www.lmzf.com_sslrules:- host: www.lmzf.comhttp:paths:- path: /pathType: ImplementationSpecificbackend:service:name: lmzf-nginx-webport:number: 80

 3.2.6 域名访问

浏览器输入：https://www.lmzf.com