{"id":36006,"date":"2023-10-19T08:53:46","date_gmt":"2023-12-01T20:13:54","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8azure-aks%e6%9d%a5%e5%b0%86kubernetes%e4%b8%8e%e6%9c%ac%e5%9c%b0%e7%bd%91%e7%bb%9c%e9%80%9a%e8%bf%87openvpn%ef%bc%88443-tcp%ef%bc%89%e8%bf%9e%e6%8e%a5%e8%b5%b7%e6%9d%a5%e3%80%82\/"},"modified":"2024-05-04T04:59:17","modified_gmt":"2024-05-03T20:59:17","slug":"%e4%bd%bf%e7%94%a8azure-aks%e6%9d%a5%e5%b0%86kubernetes%e4%b8%8e%e6%9c%ac%e5%9c%b0%e7%bd%91%e7%bb%9c%e9%80%9a%e8%bf%87openvpn%ef%bc%88443-tcp%ef%bc%89%e8%bf%9e%e6%8e%a5%e8%b5%b7%e6%9d%a5%e3%80%82","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8azure-aks%e6%9d%a5%e5%b0%86kubernetes%e4%b8%8e%e6%9c%ac%e5%9c%b0%e7%bd%91%e7%bb%9c%e9%80%9a%e8%bf%87openvpn%ef%bc%88443-tcp%ef%bc%89%e8%bf%9e%e6%8e%a5%e8%b5%b7%e6%9d%a5%e3%80%82\/","title":{"rendered":"\u4f7f\u7528Azure AKS\u6765\u5c06Kubernetes\u4e0e\u672c\u5730\u7f51\u7edc\u901a\u8fc7OpenVPN\uff08443\/tcp\uff09\u8fde\u63a5\u8d77\u6765"},"content":{"rendered":"

\u9996\u5148<\/h1>\n

\u5927\u5bb6\u6709\u4f7f\u7528 Kubernetes \u5417\uff1f\u5b83\u662f\u4e00\u4e2a\u53ef\u7231\u7684\u5bb6\u4f19\uff0c\u53ea\u9700\u58f0\u660e\u5f0f\u5730\u63cf\u8ff0\u6240\u9700\u7684\u5bb9\u5668\u7ec4\uff0c\u800c\u65e0\u9700\u8003\u8651\u670d\u52a1\u5668\u7aef\u7684\u57fa\u7840\u8bbe\u65bd\u548c\u7f51\u7edc\u914d\u7f6e\uff0c\u5c31\u80fd\u5e2e\u52a9\u6211\u4eec\u6784\u5efa\u670d\u52a1\u5668\u7aef\u3002<\/p>\n

\u7531\u4e8e\u642d\u5efa\u548c\u7ef4\u62a4Kubernetes\u672c\u8eab\u975e\u5e38\u7e41\u7410\uff0c\u6240\u4ee5\u901a\u5e38\u5e0c\u671b\u5c06Kubernetes\u4ea4\u7ed9\u4e91\u7aef\u6765\u7167\u987e\uff0c\u8fd9\u662f\u5f88\u6b63\u5e38\u7684\u3002<\/p>\n

\u7136\u800c\uff0c\u4e16\u754c\u4e0a\u5e76\u4e0d\u5b8c\u5168\u4f9d\u8d56\u4e91\u670d\u52a1\uff0c\u6709\u65f6\u4e5f\u9700\u8981\u4e0e\u672c\u5730\u7cfb\u7edf\u548c\u539f\u59cb\u6570\u636e\u5305\u8fdb\u884c\u4ea4\u4e92\u3002\u867d\u7136\u5927\u591a\u6570\u4e91\u670d\u52a1\u90fd\u63d0\u4f9b\u5c06\u672c\u5730\u7f51\u7edc\u548c\u4e91\u865a\u62df\u7f51\u7edc\u901a\u8fc7VPN\u8fde\u63a5\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u4f46\u6839\u636e\u9700\u6c42\u53ef\u80fd\u5e76\u4e0d\u603b\u662f\u9002\u7528\u3002<\/p>\n

\u6bd4\u5982\u8bf4Azure\u7684\u70b9\u5230\u7ad9\u70b9VPN\u53ea\u652f\u6301Windows\u548cMac\u7684\u5ba2\u6237\u64cd\u4f5c\u7cfb\u7edf\uff0c\u5176\u4ed6\u7684\u7cfb\u7edf\u662f\u65e0\u6548\u7684\u3002<\/p><\/blockquote>\n

\u56e0\u6b64\uff0c\u6211\u5011\u5c07\u5728Kubernetes (Azure AKS)\u4e0a\u5efa\u7acbOpenVPN\u4f3a\u670d\u5668\uff0c\u4e26\u5617\u8a66\u9023\u63a5\u5230\u672c\u5730\u7db2\u8def\uff08\u6a21\u64ec\u7684\u53e6\u4e00\u500b\u7db2\u7ad9\u7684\u865b\u64ec\u7db2\u8def\uff09\u3002\u6700\u7d42\u7684\u7d50\u69cb\u5c07\u5982\u4e0b\u6240\u793a\u3002<\/p>\n

\"kubernetes-openvpn.png\"<\/div>\n

\u9a8c\u8bc1\u73af\u5883<\/h1>\n
\n
Kubernetes\u30af\u30e9\u30b9\u30bf\u30d0\u30fc\u30b8\u30e7\u30f3AKSMicrosoft AKS \u7c73\u56fd\u4e2d\u90e8Kubernetes1.8.10<\/div>\n<\/div>\n
\n
\u30ed\u30fc\u30ab\u30eb\u30b7\u30b9\u30c6\u30e0\u30d0\u30fc\u30b8\u30e7\u30f3\u30af\u30e9\u30a6\u30c9Microsoft Azure \u6771\u65e5\u672cOSUbuntu 16.04 LTS<\/div>\n<\/div>\n
\n
kubectl\u7aef\u672b\u30d0\u30fc\u30b8\u30e7\u30f3azure cli2.0.31kubectl1.10.0OSmacOS Sierra 10.12.6<\/div>\n<\/div>\n

AKS\u7684\u542f\u52a8<\/h1>\n

\u4f7f\u7528Azure CLI\uff0c\u5728\u7f8e\u56fd\u4e2d\u592e\u5730\u533a\u542f\u52a8AKS\u3002<\/p>\n

\u8bf7\u6ce8\u610f\uff0c\u8981\u542f\u52a8AKS\uff0c\u60a8\u9700\u8981\u5177\u5907\u521b\u5efaService Principal\u7684\u6743\u9650\u3002\u5982\u679c\u9047\u5230403\u9519\u8bef\uff0c\u8bf7\u54a8\u8be2Azure\u8d26\u6237\u7684\u7ba1\u7406\u5458\u3002<\/p>\n

\u4f7f\u7528Azure CLI\u8fdb\u884c\u767b\u5f55<\/h2>\n
mac:~$ <\/span>az login\r\n<\/code><\/pre>\n
\u8bf7\u5728\u6d4f\u89c8\u5668\u4e2d\u8bbf\u95ee https:\/\/microsoft.com\/devicelogin \u5e76\u8f93\u5165\u663e\u793a\u7684\u5bc6\u94a5\u4ee3\u7801\uff0c\u4ee5\u901a\u8fc7oauth2\u8fdb\u884c\u9a8c\u8bc1\uff0c\u7136\u540e\u9a8c\u8bc1Azure CLI\u3002<\/p>\n
\u521b\u5efa\u4e00\u4e2a\u7528\u4e8eAKS\u7684\u8d44\u6e90\u7ec4\u3002<\/h2>\n
mac:~$ <\/span>az group create --name<\/span> aks --location<\/span> centralus\r\n<\/code><\/pre>\n
\u6211\u5c06\u5728\u7f8e\u56fd\u4e2d\u592e\u5730\u533a\u521b\u5efa\u4e00\u4e2a\u7528\u4e8eAKS\u7684\u8d44\u6e90\u7ec4\u3002<\/p>\n
AKS \u542f\u52a8<\/h2>\n
mac:~$ <\/span>az aks create --resource-group<\/span> aks --name<\/span> aksCluster --node-count<\/span> 1 --ssh-key-value<\/span> $HOME<\/span>\/.ssh\/azure.pub\r\n<\/code><\/pre>\n
\u5728\u7f8e\u56fd\u4e2d\u592e\u5730\u533a\u542f\u52a8AKS\u3002<\/p>\n
\u914d\u7f6ekubectl\u3002<\/h2>\n
mac:~$ <\/span>az aks get-credentials --resource-group<\/span> aks --name<\/span> aksCluster\r\n<\/code><\/pre>\n
\u4e3a\u4e86\u8fde\u63a5\u5230\u542f\u52a8\u7684AKS\uff0c\u914d\u7f6ekubectl\u3002<\/p>\n
mac:~$ <\/span>kubectl get nodes\r\nNAME                       STATUS    ROLES     AGE       VERSION\r\naks-nodepool1-37708792-0   Ready     agent     16m       v1.8.10\r\n<\/code><\/pre>\n
\u5982\u679c\u8282\u70b9\u5217\u8868\u4e2d\u5217\u51fa\u4e86\u540d\u4e3aaks-…\u7684\u8282\u70b9\uff0c\u90a3\u4e48\u5c31\u662f\u8fde\u63a5\u5230\u4e86AKS\u3002<\/p>\n
\uff08\u9009\u9879\uff09\u5c55\u793aKubernetes\u4eea\u8868\u677f<\/h2>\n
mac:~$ <\/span>az aks browse --resource-group<\/span> aks --name<\/span> aksCluster --disable-browser<\/span>\r\n<\/code><\/pre>\n
\u5f53\u60a8\u5728\u53e6\u4e00\u4e2a\u63a7\u5236\u53f0\u6267\u884caz aks browse\u547d\u4ee4\u65f6\uff0c\u5c06\u4f1a\u5efa\u7acb\u4e0eAKS\u7ba1\u7406\u5668\u4e4b\u95f4\u7684\u96a7\u9053\u3002\u5f53\u96a7\u9053\u6253\u5f00\u65f6\uff0c\u60a8\u53ef\u4ee5\u8bbf\u95ee http:\/\/127.0.0.1:8001\/ \u67e5\u770bKubernetes\u4eea\u8868\u677f\u3002<\/p>\n
\u5728Kubernetes\u4e0a\u642d\u5efaOpenVPN\u670d\u52a1\u5668\u3002<\/h1>\n
\u7531\u4e8eAKS\u5df2\u51c6\u5907\u5c31\u7eea\uff0c\u6211\u4eec\u5c06\u5728AKS\u7684Kubernetes\u4e0a\u6784\u5efa\u4e00\u4e2a\u5728443\/tcp\u7aef\u53e3\u4e0a\u76d1\u542c\u7684OpenVPN\u670d\u52a1\u5668\u3002<\/p>\n
\u83b7\u53d6\u811a\u672c\u6587\u4ef6<\/h2>\n
mac:~$ <\/span>git clone https:\/\/github.com\/nmatsui\/kubernetes-openvpn.git\r\nmac:~$ <\/span>cd <\/span>kubernetes-openvpn\r\n<\/code><\/pre>\n
\u83b7\u53d6\u5728Kubernetes\u4e0a\u90e8\u7f72OpenVPN\u670d\u52a1\u5668\u6240\u9700\u7684\u811a\u672c\u3002<\/p>\n
\u514b\u9686\u7684nmatsui\/kubernetes-openvpn\u811a\u672c\u548cyaml\u57fa\u4e8ekube-openvpn\u8fdb\u884c\u4e86\u4fee\u6539\uff0c\u4ee5\u5728443\/tcp\u4e0a\u76d1\u542cVPN\u3002<\/p><\/blockquote>\n
PKI\u5bc6\u94a5\u751f\u6210<\/h2>\n
mac:kubernetes-openvpn$ <\/span>docker run --user<\/span>=<\/span>$(<\/span>id<\/span> -u<\/span>)<\/span> -e<\/span> OVPN_SERVER_URL<\/span>=<\/span>tcp:\/\/vpn.example.com:443 -v<\/span> $PWD<\/span>:\/etc\/openvpn:z -ti<\/span> ptlange\/openvpn ovpn_initpki\r\nmac:kubernetes-openvpn$ <\/span>docker run --user<\/span>=<\/span>$(<\/span>id<\/span> -u<\/span>)<\/span> -e<\/span> EASYRSA_CRL_DAYS<\/span>=<\/span>180 -v<\/span> $PWD<\/span>:\/etc\/openvpn:z -ti<\/span> ptlange\/openvpn easyrsa gen-crl\r\n<\/code><\/pre>\n
\u4f7f\u7528kube-openvpn\u5bb9\u5668\u751f\u6210\u7528\u4e8eVPN\u8fde\u63a5\u7684PKI\u5bc6\u94a5\u3002\u867d\u7136\u5c06\u4e0d\u5b58\u5728\u7684\u57df\u540dvpn.example.com\u6307\u5b9a\u4e3aFQDN\uff0c\u4f46\u6700\u7ec8\u8be5FQDN\u5c06\u5728OpenVPN\u5ba2\u6237\u7aef\u7684\/etc\/hosts\u4e2d\u8fdb\u884c\u540d\u79f0\u89e3\u6790\u3002<\/p>\n
\u5728Kubernetes\u4e0a\u6784\u5efaOpenVPN POD\u65f6\uff0c\u6307\u5b9a\u7684FQDN\u4e5f\u5c06\u7528\u4f5c\u6807\u7b7e\u540d\u79f0\u3002\u5982\u679c\u4f7f\u7528\u9664vpn.example.com\u4ee5\u5916\u7684FQDN\uff0c\u8bf7\u4e00\u5e76\u66f4\u6539testproxy-1.yaml\u548ctestproxy-2.yaml\u7684\u9009\u62e9\u5668\u3002<\/p><\/blockquote>\n
\u83b7\u53d6Kubernetes\u4e2d\u670d\u52a1\u7f51\u7edc\u548cPod\u7f51\u7edc\u7684CIDR\u3002<\/h2>\n
mac:kubernetes-openvpn$ <\/span>kubectl cluster-info dump | grep<\/span> \"service-cluster-ip-range\"<\/span>\r\n<\/code><\/pre>\n
mac:kubernetes-openvpn$ <\/span>kubectl cluster-info dump | grep<\/span> \"cluster-cidr\"<\/span>\r\n<\/code><\/pre>\n
OpenVPN\u53ef\u4ee5\u5c06OpenVPN\u670d\u52a1\u5668\u7684\u8def\u7531\u63a8\u9001\u5230\u5ba2\u6237\u7aef\u7684\u8def\u7531\u8868\u4e2d\u3002\u4e3a\u6b64\uff0c\u9700\u8981\u83b7\u53d6Kubernetes\u7684Service\u548cPod\u7684CIDR\u3002<\/p>\n
\u7136\u800c\u5728Azure AKS\u4e2d\uff0c\u65e0\u6cd5\u51c6\u786e\u83b7\u53d6Service\u7684CIDR\uff08\u6216\u8bb8\u53ef\u4ee5\u901a\u8fc7az aks\u4e4b\u7c7b\u7684\u65b9\u5f0f\u83b7\u53d6\uff1f\uff1f\uff09
\n\u4ece\u8868\u9762\u4e0a\u770b\uff0cAzure AKS\u4f3c\u4e4e\u4f7f\u752810.0.0.0\/16\u6765\u5206\u914dService\u7684IP\u5730\u5740\uff0c\u56e0\u6b64\u53ea\u9700\u786e\u4fdd\u672c\u5730\u7cfb\u7edf\u7684\u865a\u62df\u7f51\u7edcCIDR\u4e0d\u4e0e\u4e4b\u91cd\u53e0\uff0c\u628a\u5168\u90e810.0.0.0\/8\u90fd\u4ea4\u7531Kubernetes\u5373\u53ef\u89e3\u51b3\u95ee\u9898\uff0c\u611f\u89c9\u6ca1\u6709\u4ec0\u4e48\u5927\u95ee\u9898\u3002<\/p>\n
\u542f\u52a8OpenVPN\u670d\u52a1\u5668<\/h2>\n
mac:kubernetes-openvpn$ <\/span>.\/kube-openvpn\/deploy.sh default tcp:\/\/vpn.example.com:443 10.0.0.0\/8 10.244.0.0\/16\r\n<\/code><\/pre>\n
\u4f7f\u7528.\/kube-openvpn\/deploy.sh\u5728Kubernetes\u4e0a\u542f\u52a8OpenVPN\u670d\u52a1\u5668\u3002\u5728\u5185\u90e8\u5927\u81f4\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002<\/p>\n
    \n
  • \n
      namespace\u3084FQDN\u3001\u30dd\u30fc\u30c8\u3001\u6307\u5b9a\u3055\u308c\u305fCIDR\u3092\u5143\u306bOpenVPN\u306e\u5404\u7a2e\u8a2d\u5b9a\u5024\u3092\u751f\u6210\u3057\u3066configmap\u306b\u8a2d\u5b9a<\/ul>\n<\/li>\n<\/ul>\n
       <\/p>\n
        \n
      • \n
          \u751f\u6210\u3057\u305fPKI\u9375\u3092secret\u306b\u767b\u9332<\/ul>\n<\/li>\n<\/ul>\n
          .\/kube-openvpn\/deployment.yaml\u3092\u7528\u3044\u3066OpenVPN POD\u3068Service\u3092\u8d77\u52d5<\/p>\n
          \u751f\u6210\u9002\u7528\u4e8eOpenVPN\u5ba2\u6237\u7aef\u7684\u914d\u7f6e\u6587\u4ef6\u3002<\/h2>\n
          mac:kubernetes-openvpn$ <\/span>docker run --user<\/span>=<\/span>$(<\/span>id<\/span> -u<\/span>)<\/span> -v<\/span> $PWD<\/span>:\/etc\/openvpn:z -ti<\/span> ptlange\/openvpn easyrsa build-client-full client nopass\r\nmac:kubernetes-openvpn$ <\/span>docker run --user<\/span>=<\/span>$(<\/span>id<\/span> -u<\/span>)<\/span> -e<\/span> OVPN_SERVER_URL<\/span>=<\/span>tcp:\/\/vpn.example.com:443 -v<\/span> $PWD<\/span>:\/etc\/openvpn:z --rm<\/span> ptlange\/openvpn ovpn_getclient client ><\/span> client.ovpn\r\n<\/code><\/pre>\n
          \u751f\u6210OpenVPN\u5ba2\u6237\u7aef\u8fde\u63a5\u5230OpenVPN\u670d\u52a1\u5668\u65f6\u7684\u914d\u7f6e\u6587\u4ef6\uff0c\u5e76\u4e14\u5c06\u5176\u5b58\u50a8\u8d77\u6765\uff08\u7a0d\u540e\u901a\u8fc7scp\u4e0a\u4f20\u5230\u7528\u4e8e\u9a8c\u8bc1\u7684\u865a\u62df\u673a\uff09\u3002<\/p>\n
          \u542f\u52a8\u672c\u5730\u7cfb\u7edf\u4ee5\u8fdb\u884c\u8fde\u63a5\u9a8c\u8bc1\u3002<\/h1>\n
          \u7531\u4e8e\u5728\u7f8e\u56fd\u4e2d\u592eAKS\u4e0a\u542f\u52a8\u4e86OpenVPN\u670d\u52a1\u5668\uff0c\u63a5\u4e0b\u6765\u5c06\u5728\u4e1c\u65e5\u672c\u5730\u533a\u542f\u52a8\u6a21\u62df\u672c\u5730\u7cfb\u7edf\u7684\u865a\u62df\u7f51\u7edc\u548c\u4e24\u4e2a\u5ba2\u6237\u7aef\u865a\u62df\u673a\u3002<\/p>\n
          \u521b\u5efa\u7528\u4e8e\u672c\u5730\u7cfb\u7edf\u7684\u8d44\u6e90\u7ec4\u3002<\/h2>\n
          mac:~$ <\/span>az group create --name<\/span> client --location<\/span> japaneast\r\n<\/code><\/pre>\n
          \u6211\u4f1a\u5728\u4e1c\u65e5\u672c\u5730\u533a\u521b\u5efa\u4e00\u4e2a\u7528\u4e8e\u672c\u5730\u7cfb\u7edf\u7684\u8d44\u6e90\u7ec4\u3002<\/p>\n
          \u521b\u5efa\u7528\u4e8e\u672c\u5730\u7cfb\u7edf\u7684\u865a\u62df\u7f51\u7edc<\/h2>\n
            \n
          1. \n
              \u521b\u5efavnet\u548csubnet<\/ol>\n<\/li>\n<\/ol>\n
              \u521b\u5efavnet
              \nmac:~$ az network create vnet –resource-group client –name client-vnet –address-prefix 192.168.0.0\/16 –subnet-name public –subnet-prefix 192.168.0.0\/24<\/p>\n
              \u4e3a\u4e24\u4e2a\u5ba2\u6237\u7aef\u521b\u5efa\u4e24\u4e2a\u516c\u5171IP<\/p>\n
              \u521b\u5efa\u516c\u5171IP 1
              \nmac:~$ az network public-ip create –resource-group client –name client-publicip-1 –dns-name client-1<\/p>\n
              \u521b\u5efa\u516c\u5171IP 2
              \nmac:~$ az network public-ip create –resource-group client –name client-publicip-2 –dns-name client-2<\/p>\n
              \u521b\u5efa\u5b89\u5168\u7ec4<\/p>\n
              \u521b\u5efansg
              \nmac:~$ az network nsg create –resource-group client –name client-nsg<\/p>\n
              \u5141\u8bb8\u4ecekubectl\u7ec8\u7aef\u8fdb\u884cSSH\u8fde\u63a5<\/p>\n
              \u6dfb\u52a0\u5165\u7ad9\u89c4\u5219
              \nmac:~$ az network nsg rule create –resource-group client –nsg-name client-nsg –name AllowSSHInBound –protocol tcp –destination-port-range 22 –source-address-prefixes WWW.XXX.YYY.ZZZ\/32 –access allow –priority 1000<\/p>\n
              \u521b\u5efa\u5206\u914d\u4e86\u5b89\u5168\u7ec4\u548c\u516c\u5171IP\u7684\u4e24\u4e2a\u865a\u62df\u7f51\u5361<\/p>\n
              \u521b\u5efa\u7f51\u5361 1
              \nmac:~$ az network nic create –resource-group client –name client-nic-1 –vnet-name client-vnet –subnet public –public-ip-address client-publicip-1 –network-security-group client-nsg<\/p>\n
              \u521b\u5efa\u7f51\u5361 2
              \nmac:~$ az network nic create –resource-group client –name client-nic-2 –vnet-name client-vnet –subnet public –public-ip-address client-publicip-2 –network-security-group client-nsg<\/p>\n
              \u4e3a\u4e86\u907f\u514d\u4e0eKubernetes\u8fdb\u884c\u8def\u7531\u7684CIDR\uff0810.0.0.0\/8\uff09\u51b2\u7a81\uff0c\u5728\u865a\u62df\u7f51\u7edc192.168.0.0\/16\u4e0a\u5efa\u7acb\u4e86\u4e00\u4e2a\u5b50\u7f51192.168.0.0\/24\u3002
              \n\u6b64\u5916\uff0c\u521b\u5efa\u4e86\u4e00\u4e2a\u5141\u8bb8\u6765\u81ea\u4e92\u8054\u7f51\u7684SSH\u5165\u7ad9\u8fde\u63a5\u7684\u5b89\u5168\u7ec4\uff08\u6839\u636e\u9ed8\u8ba4\u89c4\u5219\uff0c\u5141\u8bb8\u5728\u865a\u62df\u7f51\u7edc\u5185\u90e8\u8fdb\u884c\u53d1\u9001\u548c\u63a5\u6536\uff0c\u4ee5\u53ca\u4ece\u865a\u62df\u7f51\u7edc\u53d1\u9001\u5230\u4e92\u8054\u7f51\uff09\uff0c\u5e76\u521b\u5efa\u4e86\u4e00\u4e2a\u5206\u914d\u4e86\u5b89\u5168\u7ec4\u548c\u516c\u5171IP\u7684\u865a\u62df\u7f51\u5361\u3002<\/p>\n
              \u521b\u5efa\u7528\u4e8e\u672c\u5730\u7cfb\u7edf\u7684\u53ef\u7528\u6027\u96c6\u5408\u3002<\/h2>\n
              mac:~$ <\/span>az vm availability-set create --resource-group<\/span> client --name<\/span> client-as\r\n<\/code><\/pre>\n
              \u7531\u4e8e\u8fd9\u6b21\u662f\u4e00\u4e2a\u9a8c\u8bc1\uff0c\u6240\u4ee5\u53ef\u7528\u6027\u96c6\u5408\u5e76\u4e0d\u662f\u5fc5\u9700\u7684\uff0c\u4f46\u6211\u4eec\u8fd8\u662f\u4f1a\u5148\u521b\u5efa\u4e00\u4e2a\u3002<\/p>\n
              \u542f\u52a8\u4e24\u53f0\u5ba2\u6237\u7aefVM\u3002<\/h2>\n
              mac:~$ <\/span>az vm create --resource-group<\/span> client --name<\/span> ubuntu-1 --location<\/span> japaneast --availability-set<\/span> client-as --nics<\/span> client-nic-1 --image<\/span> UbuntuLTS --size<\/span> Standard_A1 --admin-username<\/span> ubuntu --ssh-key-value<\/span> $HOME<\/span>\/.ssh\/azure.pub\r\n<\/code><\/pre>\n
              mac:~$ <\/span>az vm create --resource-group<\/span> client --name<\/span> ubuntu-2 --location<\/span> japaneast --availability-set<\/span> client-as --nics<\/span> client-nic-2 --image<\/span> UbuntuLTS --size<\/span> Standard_A1 --admin-username<\/span> ubuntu --ssh-key-value<\/span> $HOME<\/span>\/.ssh\/azure.pub\r\n<\/code><\/pre>\n
              \u4f7f\u7528\u6307\u5b9a\u7684\u865a\u62df\u7f51\u5361\uff0c\u542f\u52a8\u4e24\u4e2aUbuntu 16.04 LTS\u7684\u865a\u62df\u673a\u3002<\/p>\n
              \u901a\u8fc7VPN\u8fde\u63a5\u4ece\u672c\u5730\u7cfb\u7edf\u5230Kubernetes<\/h1>\n
              \u73b0\u5728\u6211\u5df2\u7ecf\u51c6\u5907\u597d\u4e86\uff0c\u63a5\u4e0b\u6765\u6211\u5c06\u5c1d\u8bd5\u4ece\u672c\u5730\u7cfb\u7edf\u4e0a\u7684\u9a8c\u8bc1\u865a\u62df\u673a\uff08ubuntu-1\uff09\u901a\u8fc7443\/tcp\u7aef\u53e3\u8fde\u63a5\u5230Kubernetes\u7684VPN\u3002<\/p>\n
              \u5728ubuntu-1\u4e0a\u4f7f\u7528SCP\u590d\u5236OpenVPN\u5ba2\u6237\u7aef\u7684\u914d\u7f6e\u6587\u4ef6\u3002<\/h2>\n
              \u6211\u5c06\u751f\u6210\u7684 client.ovpn \u914d\u7f6e\u6587\u4ef6\u901a\u8fc7SCP\u4f20\u8f93\u5230 ubuntu-1 \u4e0a\u7684OpenVPN\u5ba2\u6237\u7aef\u3002<\/p>\n
              \u9a8c\u8bc1OpenVPN\u670d\u52a1\u7684\u5916\u90e8IP\u5e76\u8fdb\u884c\u540d\u79f0\u89e3\u6790<\/h2>\n
              mac:kubernetes-openvpn$ <\/span>kubectl get service -l<\/span> openvpn<\/span>=<\/span>vpn.example.com\r\nNAME      TYPE           CLUSTER-IP    EXTERNAL-IP    PORT(<\/span>S)<\/span>         AGE\r\nopenvpn   LoadBalancer   10.0.206.64   WW.XX.YY.ZZ    443:32041\/TCP   8m\r\n<\/code><\/pre>\n
              \u786e\u8ba4\u5728Kubernetes\u4e0a\u542f\u52a8\u7684OpenVPN\u670d\u52a1\u7684\u5916\u90e8IP\uff0c\u5e76\u786e\u4fdd\u53ef\u4ee5\u901a\u8fc7\u5728OpenVPN\u670d\u52a1\u5668\u6784\u5efa\u65f6\u6307\u5b9a\u7684vpn.example.com\u8fdb\u884c\u540d\u79f0\u89e3\u6790\u3002\u6682\u65f6\uff0c\u6211\u4eec\u5c06\u8fd9\u4e2aIP\u8bbe\u7f6e\u5728ubuntu-1\u7684\/etc\/hosts\u6587\u4ef6\u4e2d\u3002<\/p>\n
              ubuntu-1:~$ <\/span>cat<\/span> \/etc\/hosts\r\n127.0.0.1 localhost\r\nWW.XX.YY.ZZ vpn.example.com\r\n\r\n# The following lines are desirable for IPv6 capable hosts<\/span>\r\n::1 ip6-localhost ip6-loopback\r\nfe00::0 ip6-localnet\r\nff00::0 ip6-mcastprefix\r\nff02::1 ip6-allnodes\r\nff02::2 ip6-allrouters\r\nff02::3 ip6-allhosts\r\n<\/code><\/pre>\n
              \u786e\u8ba4\u4ece ubuntu-1 \u5230 Kubernetes \u7684VPN\u8fde\u63a5\u3002<\/h2>\n
                \n
              1. \n
                  \u5b89\u88c5OpenVPN\u8f6f\u4ef6\u5305<\/ol>\n<\/li>\n<\/ol>\n
                  \u5728Ubuntu\u4e0a\u5b89\u88c5OpenVPN-1
                  \nubuntu-1\uff1a~$ sudo apt update && sudo apt install openvpn -y<\/p>\n
                  \u8fde\u63a5\u5230Kubernetes\u7684OpenVPN\u670d\u52a1\u5668
                  \nconnect_openvpn
                  \nubuntu-1\uff1a~$ sudo openvpn .\/client.ovpn
                  \n…
                  \n2018\u5e744\u670817\u65e5\u661f\u671f\u4e8c 04:01:24 \u521d\u59cb\u5316\u5e8f\u5217\u5df2\u5b8c\u6210<\/p>\n
                  \u8fde\u63a5\u5230Kubernetes\u4e0a\u7684OpenVPN\u670d\u52a1\u5668\u3002\u5982\u679c\u663e\u793a\u201cInitialization Sequence Completed\u201d\uff0c\u5219\u8868\u793a\u8fde\u63a5\u6210\u529f\u3002<\/p>\n
                  \u8bf7\u786e\u8ba4eth0\u548ctun0\u7684IP\u5730\u5740\u3002<\/h2>\n
                  ubuntu-1:~$ <\/span>ip addr show dev eth0\r\n2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000\r\n    link<\/span>\/ether 00:0d:3a:50:85:26 brd ff:ff:ff:ff:ff:ff\r\n    inet 192.168.0.4\/24 brd 192.168.0.255 scope global eth0\r\n       valid_lft forever preferred_lft forever\r\n    inet6 fe80::20d:3aff:fe50:8526\/64 scope link\r\n       <\/span>valid_lft forever preferred_lft forever\r\n<\/code><\/pre>\n
                  ubuntu-1:~$ <\/span>ip addr show dev tun0\r\n3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100\r\n    link<\/span>\/none\r\n    inet 10.140.0.2\/24 brd 10.140.0.255 scope global tun0\r\n       valid_lft forever preferred_lft forever\r\n    inet6 fe80::7821:bd24:7fde:a992\/64 scope link <\/span>flags 800\r\n       valid_lft forever preferred_lft forever\r\n<\/code><\/pre>\n
                  \u6253\u5f00\u4e0e\u5df2\u8fde\u63a5VPN\u7684\u63a7\u5236\u53f0\u5206\u5f00\u7684\u53e6\u4e00\u4e2a\u63a7\u5236\u53f0\uff0c\u786e\u8ba4ubuntu-1\u7684eth0\uff08\u8fde\u63a5\u5230\u672c\u5730\u7cfb\u7edf\u865a\u62df\u7f51\u7edc\u7684\u8bbe\u5907\uff09\u7684IP\u5730\u5740\u4ee5\u53catun0\uff08\u8fde\u63a5\u5230\u901a\u8fc7OpenVPN\u521b\u5efa\u7684VPN\u96a7\u9053\u7684\u8bbe\u5907\uff09\u7684IP\u5730\u5740\u3002<\/p>\n
                  \u8fd9\u6b21\uff0ceth0\u88ab\u5206\u914d\u4e86192.168.0.4\uff0c\u800ctun0\u88ab\u5206\u914d\u4e8610.140.0.2\u3002<\/p>\n
                  \u786e\u8ba4\u8def\u7531\u8868<\/h2>\n
                  ubuntu-1:~$ <\/span>ip route show\r\ndefault via 192.168.0.1 dev eth0\r\n10.0.0.0\/8 via 10.140.0.1 dev tun0\r\n10.140.0.0\/24 dev tun0  proto kernel  scope link  <\/span>src 10.140.0.2\r\n10.244.0.0\/16 via 10.140.0.1 dev tun0\r\n168.63.129.16 via 192.168.0.1 dev eth0\r\n169.254.169.254 via 192.168.0.1 dev eth0\r\n192.168.0.0\/24 dev eth0  proto kernel  scope link  <\/span>src 192.168.0.4\r\n<\/code><\/pre>\n
                  \u6211\u4e5f\u4f1a\u68c0\u67e5\u8def\u7531\u8868\u3002\u6211\u53ef\u4ee5\u78ba\u8a8d\u7576OpenVPN\u670d\u52a1\u5668\u542f\u52a8\u65f6\uff0c\u901a\u8fc7tun0\u53ef\u4ee5\u5c0610.0.0.0\/8\u548c10.244.0.0\/16\u6307\u5b9a\u7684IP\u5730\u5740\u8def\u7531\u523010.140.0.1\u4e0a\uff0810.140.0.1\u662fKubernetes\u4e0a\u7684OpenVPN\u670d\u52a1\u5668VPN\u96a7\u9053\u51fa\u53e3\u7684IP\u5730\u5740\uff09\u3002<\/p>\n
                  \u6682\u505cVPN\u8fde\u63a5<\/h2>\n
                  \u4f7f\u7528Ctrl-C\u505c\u6b62OpenVPN\u5ba2\u6237\u7aef\u7684\u8fde\u63a5\uff0c\u5e76\u4e14\u6682\u65f6\u89e3\u9664VPN\u8fde\u63a5\u3002<\/p>\n
                  \u8fde\u63a5\u9a8c\u8bc1<\/h1>\n
                  \u5230\u76ee\u524d\u4e3a\u6b62\uff0c\u6211\u4eec\u5df2\u7ecf\u786e\u8ba4\u4e86\u5728Kubernetes\u4e0a\u7684OpenVPN\u670d\u52a1\u5668\u4e0e\u672c\u5730\u7cfb\u7edf\u901a\u8fc7OpenVPN\u8fdb\u884c\u4e86\u7f51\u7edc\u8fde\u63a5\u3002\u7136\u800c\uff0c\u4ec5\u4ec5\u8fd9\u6837\u8fd8\u4e0d\u591f\u6709\u8da3\uff0c\u6211\u4eec\u73b0\u5728\u6765\u5b9e\u9645\u5c1d\u8bd5\u4e00\u4e0b\uff0c\u4ece\u672c\u5730\u7cfb\u7edf\u8bbf\u95eeKubernetes\u7684HTTP\u670d\u52a1\uff0c\u5e76\u4e14\u53cd\u8fc7\u6765\u4eceKubernetes\u4e0a\u7684POD\u8fde\u63a5\u5230\u672c\u5730\u7cfb\u7edf\u7684HTTP\u5b88\u62a4\u8fdb\u7a0b\u3002<\/p>\n
                  \u542f\u52a8\u7528\u4e8e\u9a8c\u8bc1\u7684POD\u548c\u670d\u52a1\uff0c\u5e76\u91cd\u65b0\u8fde\u63a5VPN\u5230Kubernetes\u7aef\u3002<\/h2>\n
                  \u5411OpenVPN\u670d\u52a1\u5668\u6dfb\u52a0\u5230\u672c\u5730\u7cfb\u7edf\u7684NAT\u914d\u7f6e\u3002<\/h3>\n
                    \n
                  1. \n
                      \u6253\u5f00OpenVPN\u5ba2\u6237\u7aef\u914d\u7f6e<\/ol>\n<\/li>\n<\/ol>\n
                      add_ccd
                      \nmac\uff1akubernetes-openvpn$ kubectl\u7f16\u8f91configmap openvpn-ccd<\/p>\n
                      \u5dee\u5f02
                      \n— \/tmp\/openvpn-ccd.org 2018-04-17 13:23:32.000000000 +0900
                      \n+++ \/tmp\/openvpn-ccd 2018-04-17 13:24:14.000000000 +0900
                      \n@@ -5,6 +5,7 @@
                      \napiVersion: v1
                      \ndata:
                      \nexample: ifconfig-push 10.140.0.5 255.255.255.0
                      \n+ ubuntu-1: ifconfig-push 10.140.0.2 255.255.255.0
                      \nkind: ConfigMap
                      \nmetadata:
                      \nannotations:<\/p>\n
                      \u914d\u7f6eOpenVPN\u5ba2\u6237\u7aef\u7684\u7aef\u53e3\u6620\u5c04<\/p>\n
                      add_portmapping
                      \nmac\uff1akubernetes-openvpn$ kubectl\u7f16\u8f91configmap openvpn-portmapping<\/p>\n
                      \u5dee\u5f02
                      \n— \/tmp\/openvpn-portmapping.org 2018-04-17 13:28:40.000000000 +0900
                      \n+++ \/tmp\/openvpn-portmapping 2018-04-17 13:29:10.000000000 +0900
                      \n@@ -5,6 +5,8 @@
                      \napiVersion: v1
                      \ndata:
                      \n“20080”: example:80
                      \n+ “8081”: ubuntu-1:8081
                      \n+ “8082”: ubuntu-1:8082
                      \nkind: ConfigMap
                      \nmetadata:
                      \nannotations:<\/p>\n
                      \u5728Kubernetes\u4e0a\u7684OpenVPN\u4e2d\u6dfb\u52a0NAT\u914d\u7f6e\uff08\u53ef\u4ee5\u901a\u8fc7configmap\u8fdb\u884c\u914d\u7f6e\uff09\u3002<\/p>\n
                      \u5230\u8fbe OpenVPN \u670d\u52a1\u5668\u7684 8081 \u548c 8082 \u7aef\u53e3\u7684\u6570\u636e\u5305\u5c06\u901a\u8fc7 VPN \u901a\u9053\u8f6c\u53d1\u5230\u76f8\u5e94\u7684\u672c\u5730\u7cfb\u7edf Ubuntu-1 \u7684 tun0 IP \u5730\u5740 10.140.0.2 \u4e0a\u7684\u5bf9\u5e94\u7aef\u53e3\u3002<\/p>\n
                      \u5728Kubernetes\u4e0a\u542f\u52a8OpenVPN\u670d\u52a1\u5668\u7684ProxyService\u3002<\/h3>\n
                      mac:kubernetes-openvpn$ <\/span>kubectl apply -f<\/span> testproxy-1.yaml\r\nmac:kubernetes-openvpn$ <\/span>kubectl apply -f<\/span> testproxy-2.yaml\r\n<\/code><\/pre>\n
                      \u7531\u4e8eKubernetes\u7684\u8bbe\u8ba1\u7279\u70b9\uff0cOpenVPN\u670d\u52a1\u5668\u7684POD\u4e0e\u5176\u4ed6POD\u5e76\u4e0d\u80fd\u76f4\u63a5\u901a\u4fe1\uff0c\u800c\u662f\u901a\u8fc7\u8fde\u63a5\u5230OpenVPN\u670d\u52a1\u5668\u7684\u670d\u52a1\u4e0e\u5176\u4ed6POD\u8fdb\u884c\u901a\u4fe1\u3002\u56e0\u6b64\uff0c\u9700\u8981\u542f\u52a8\u4e00\u4e2a\u76d1\u542c8081\uff08\u62168082\uff09\u7aef\u53e3\u7684\u670d\u52a1\u4e0eOpenVPN\u670d\u52a1\u5668\u7684POD\u5efa\u7acb\u8fde\u63a5\u3002<\/p>\n
                      apiVersion<\/span>:<\/span> v1<\/span>\r\nkind<\/span>:<\/span> Service<\/span>\r\nmetadata<\/span>:<\/span>\r\n  name<\/span>:<\/span> testproxy-1<\/span>\r\n  labels<\/span>:<\/span>\r\n    app<\/span>:<\/span> testproxy-1<\/span>\r\nspec<\/span>:<\/span>\r\n  type<\/span>:<\/span> ClusterIP<\/span>\r\n  selector<\/span>:<\/span>\r\n    openvpn<\/span>:<\/span> vpn.example.com<\/span>\r\n  ports<\/span>:<\/span>\r\n  -<\/span> port<\/span>:<\/span> 8081<\/span>\r\n    targetPort<\/span>:<\/span> 8081<\/span>\r\n<\/code><\/pre>\n
                      \u5728Kubernetes\u4e0a\u542f\u52a8\u7528\u4e8e\u9a8c\u8bc1\u7684HTTP\u670d\u52a1\u3002<\/h3>\n
                      mac:kubernetes-openvpn$ <\/span>kubectl apply -f<\/span> testservice.yaml\r\n<\/code><\/pre>\n
                      \u4e3a\u4e86\u5bf9Kubernetes\u8fdb\u884c\u672c\u5730\u7cfb\u7edf\u5230\u8fbe\u9a8c\u8bc1\uff0c\u6211\u5c06\u5728Kubernetes\u4e0a\u7684\u7aef\u53e33000\u4e0a\u542f\u52a8\u4e00\u4e2a\u7528\u4e8e\u9a8c\u8bc1\u7684\u670d\u52a1\uff0c\u8be5\u670d\u52a1\u65e0\u8bba\u8bbf\u95ee\u54ea\u4e2a\u8def\u5f84\u90fd\u4f1a\u8fd4\u56de{“message”:”hello world!”}\u8fd9\u4e2aJSON\u3002<\/p>\n
                      apiVersion<\/span>:<\/span> apps\/v1beta1<\/span>\r\nkind<\/span>:<\/span> Deployment<\/span>\r\nmetadata<\/span>:<\/span>\r\n  name<\/span>:<\/span> testserver<\/span>\r\nspec<\/span>:<\/span>\r\n  replicas<\/span>:<\/span> 1<\/span>\r\n  selector<\/span>:<\/span>\r\n    matchLabels<\/span>:<\/span>\r\n      app<\/span>:<\/span> testserver<\/span>\r\n  template<\/span>:<\/span>\r\n    metadata<\/span>:<\/span>\r\n      labels<\/span>:<\/span>\r\n        app<\/span>:<\/span> testserver<\/span>\r\n    spec<\/span>:<\/span>\r\n      containers<\/span>:<\/span>\r\n      -<\/span> name<\/span>:<\/span> testserver<\/span>\r\n        image<\/span>:<\/span> nmatsui\/hello-world-api:latest<\/span>\r\n        ports<\/span>:<\/span>\r\n        -<\/span> containerPort<\/span>:<\/span> 3000<\/span>\r\n          name<\/span>:<\/span> testserver<\/span>\r\n---<\/span>\r\napiVersion<\/span>:<\/span> v1<\/span>\r\nkind<\/span>:<\/span> Service<\/span>\r\nmetadata<\/span>:<\/span>\r\n  name<\/span>:<\/span> testservice<\/span>\r\n  labels<\/span>:<\/span>\r\n    app<\/span>:<\/span> testservice<\/span>\r\nspec<\/span>:<\/span>\r\n  type<\/span>:<\/span> ClusterIP<\/span>\r\n  selector<\/span>:<\/span>\r\n    app<\/span>:<\/span> testserver<\/span>\r\n  ports<\/span>:<\/span>\r\n  -<\/span> port<\/span>:<\/span> 3000<\/span>\r\n<\/code><\/pre>\n
                      \u6211\u4f1a\u5728Kubernetes\u4e2d\u786e\u8ba4\u8fd9\u4e2atestservice\u7684\u5185\u90e8IP\u5730\u5740\u3002<\/p>\n
                      mac:kubernetes-openvpn$ <\/span>kubectl get services -l<\/span> app<\/span>=<\/span>testservice\r\n\r\nNAME          TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(<\/span>S)<\/span>    AGE\r\ntestservice   ClusterIP   10.0.19.96   <none>        3000\/TCP   24m\r\n<\/code><\/pre>\n
                      \u8fd9\u6b21\u7ed9\u5206\u914d\u4e8610.0.19.96\u3002<\/p>\n
                      \u7528Ubuntu-1\u91cd\u65b0\u5f00\u59cbVPN\u8fde\u63a5\u3002<\/h3>\n
                      ubuntu-1:~$ <\/span>sudo <\/span>openvpn .\/client.ovpn\r\n<\/code><\/pre>\n
                      \u6211\u5c06\u5728 ubuntu-1 \u4e0a\u91cd\u65b0\u542f\u52a8 VPN \u8fde\u63a5\u3002\u901a\u8fc7\u91cd\u65b0\u8fde\u63a5\uff0c\u6211\u4eec\u53ef\u4ee5\u5c06\u5728 configmap \u4e2d\u8bbe\u7f6e\u7684\u7aef\u53e3\u6620\u5c04\u53d8\u5f97\u6709\u6548\u3002<\/p>\n
                      \u9a8c\u8bc1Ubuntu-1\u4e0eKubernetes\u7684\u8fde\u63a5<\/h2>\n
                      \u90a3\u4e48\uff0c\u6211\u4eec\u5c06\u786e\u8ba4Ubuntu-1\u548cKubernetes\u4e4b\u95f4\u53ef\u4ee5\u53cc\u5411\u8fde\u63a5\u3002<\/p>\n
                      ubuntu-1\u5728Kubernetes\u4e0a\u9a8c\u8bc1\u6d4b\u8bd5\u670d\u52a1\u7684\u8fde\u901a\u6027\u3002<\/h3>\n
                      ubuntu-1:~$ <\/span>curl -i<\/span> http:\/\/10.0.19.96:3000\/\r\nHTTP\/1.1 200 OK\r\nContent-Type: application\/json\r\nDate: Tue, 17 Apr 2018 04:47:19 GMT\r\nConnection: keep-alive\r\nTransfer-Encoding: chunked\r\n\r\n{<\/span>\"message\"<\/span>:\"hello world!\"<\/span>}<\/span>\r\n<\/code><\/pre>\n
                      \u6211\u5df2\u7ecf\u786e\u8ba4\u4ece\u672c\u5730\u7cfb\u7edfubuntu-1\u901a\u8fc7VPN\u96a7\u9053\u53ef\u4ee5\u901a\u8fc7HTTP\u8fde\u63a5\u5230Kubernetes\u7684testservice\u7684IP\u5730\u5740\u3002<\/p>\n
                      \"ubuntu-1=>testservice.png\"<\/div>\n
                      \u5728Kubernetes\u4e0a\u7684POD\u4e0a\uff0c\u9a8c\u8bc1\u4e0eubuntu-1\u7684HTTP\u5b88\u62a4\u8fdb\u7a0b\u7684\u8fde\u63a5\u3002<\/h3>\n
                        \n
                      1. \n
                          \u5728ubuntu-1\u4e0a\u51c6\u5907index.html\u6587\u4ef6\u3002<\/ol>\n<\/li>\n<\/ol>\n
                          index.html\u6587\u4ef6\u5185\u5bb9\u5982\u4e0b\uff1a
                          \nubuntu-1<\/p>\n
                          \u5728ubuntu-1\u4e0a\u4f7f\u75288081\u7aef\u53e3\u542f\u52a8HTTP\u5b88\u62a4\u8fdb\u7a0b\u3002<\/p>\n
                          \u542f\u52a8HTTP\u5b88\u62a4\u8fdb\u7a0b\u547d\u4ee4\u5982\u4e0b\uff1a
                          \nubuntu-1:~$ python -m SimpleHTTPServer 8081<\/p>\n
                          \u5728Kubernetes\u4e0a\u542f\u52a8\u4e00\u4e2a\u5e26\u6709curl\u5de5\u5177\u7684POD\u3002<\/p>\n
                          \u542f\u52a8POD\u547d\u4ee4\u5982\u4e0b\uff1a
                          \nmac:kubernetes-openvpn$ kubectl run testpod –rm -it –image=yauritux\/busybox-curl<\/p>\n
                          \u4ecePOD\u8bbf\u95eetestproxy\u76848081\u7aef\u53e3\u3002<\/p>\n
                          \u4ecePOD\u8bbf\u95eetestproxy\u76848081\u7aef\u53e3\u547d\u4ee4\u5982\u4e0b\uff1a
                          \npod:~$ curl -i http:\/\/testproxy-1:8081\/
                          \nHTTP\/1.0 200 OK
                          \nServer: SimpleHTTP\/0.6 Python\/2.7.12
                          \nDate: Tue, 17 Apr 2018 05:02:06 GMT
                          \nContent-type: text\/html
                          \nContent-Length: 79
                          \nLast-Modified: Tue, 17 Apr 2018 04:57:22 GMT<\/p>\n
                          ubuntu-1<\/p>\n
                          \u786e\u8ba4\u4eceKubernetes\u7684POD\u7ecf\u8fc7OpenVPN\u670d\u52a1\u5668\u7684NAT\uff0c\u53ef\u4ee5\u901a\u8fc7HTTP\u8fde\u63a5\u5230ubuntu-1\u4e0a\u7684HTTP\u5b88\u62a4\u7a0b\u5e8f\u3002<\/p>\n
                          \"testpod=>ubuntu-1.png\"<\/div>\n
                          \u9a8c\u8bc1Ubuntu-2\u4e0eKubernetes\u7684\u8fde\u63a5<\/h2>\n
                          \u6700\u540e\uff0c\u6211\u4eec\u5c06\u901a\u8fc7\u5728 ubuntu-1 \u4e0a\u8fdb\u884c\u7f51\u7edc\u5730\u5740\u8f6c\u6362\uff08NAT\uff09\uff0c\u4ee5\u786e\u4fdd\u4e0e Kubernetes \u76f4\u63a5\u8fde\u63a5\u7684 ubuntu-2 \u548c Kubernetes \u4e4b\u95f4\u53ef\u4ee5\u5b9e\u73b0\u53cc\u5411\u8fde\u63a5\u3002<\/p>\n
                          \u5728Ubuntu-1\u4e0a\u914d\u7f6eNAT<\/h3>\n
                            \n
                          1. \n
                              \u5141\u8bb8ubuntu-1\u7684\u5305\u8f6c\u53d1<\/ol>\n<\/li>\n<\/ol>\n
                              \u542f\u7528IP\u8f6c\u53d1
                              \nubuntu-1:\u301c$ sudo sysctl -w net.ipv4.ip_forward=1<\/p>\n
                              ubuntu-1\u7684eth0\uff08192.168.0.4\uff09\u76843000\u7aef\u53e3\u8f6c\u53d1\u5230Kubernetes\u7684testservice\u76843000\u7aef\u53e3<\/p>\n
                              \u4ece\u672c\u5730\u7f51\u7edc\u5230testservice
                              \nubuntu-1:\u301c$ sudo iptables -t nat -A PREROUTING -m tcp -p tcp –dst 192.168.0.4 –dport 3000 -j DNAT –to-destination 10.0.19.96:3000
                              \nubuntu-1:\u301c$ sudo iptables -t nat -A POSTROUTING -m tcp -p tcp –dst 10.0.19.96 –dport 3000 -j SNAT –to-source 10.140.0.2<\/p>\n
                              ubuntu-1\u7684tun0\uff0810.140.0.2\uff09\u76848082\u7aef\u53e3\u8f6c\u53d1\u5230ubuntu-2\u76848082\u7aef\u53e3<\/p>\n
                              \u4eceVPN\u5230ubuntu-2
                              \nubuntu-1:\u301c$ sudo iptables -t nat -A PREROUTING -m tcp -p tcp –dst 10.140.0.2 –dport 8082 -j DNAT –to-destination 192.168.0.5:8082
                              \nubuntu-1:\u301c$ sudo iptables -t nat -A POSTROUTING -m tcp -p tcp –dst 192.168.0.5 –dport 8082 -j SNAT –to-source 192.168.0.4<\/p>\n
                              \u68c0\u67e5NAT\u8868<\/p>\n
                              \u663e\u793aNAT
                              \nubuntu-1:\u301c$ sudo iptables -L -t nat
                              \nChain PREROUTING\uff08\u7b56\u7565ACCEPT\uff09
                              \ntarget prot opt source destination
                              \nDNAT tcp — anywhere 192.168.0.4 tcp dpt:3000 to:10.0.19.96:3000
                              \nDNAT tcp — anywhere 10.140.0.2 tcp dpt:8082 to:192.168.0.5:8082<\/p>\n
                              Chain INPUT\uff08\u7b56\u7565ACCEPT\uff09
                              \ntarget prot opt source destination<\/p>\n
                              Chain OUTPUT\uff08\u7b56\u7565ACCEPT\uff09
                              \ntarget prot opt source destination<\/p>\n
                              Chain POSTROUTING\uff08\u7b56\u7565ACCEPT\uff09
                              \ntarget prot opt source destination
                              \nSNAT tcp — anywhere 10.0.19.96 tcp dpt:3000 to:10.140.0.2
                              \nSNAT tcp — anywhere 192.168.0.5 tcp dpt:8082 to:192.168.0.4<\/p>\n
                              \u68c0\u67e5\u8fc7\u6ee4\u8868<\/p>\n
                              \u672c\u6765\u306fFORWARD\u30d5\u30a3\u30eb\u30bf\u3082\u8a2d\u5b9a\u3057\u306a\u3051\u308c\u3070\u306a\u308a\u307e\u305b\u3093\u304c\u3001Azure\u306eVM\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u30d5\u30a3\u30eb\u30bf\u30eb\u30fc\u30eb\u304c\u5168\u3066ACCEPT\u306a\u306e\u3067\u5272\u611b\u3057\u307e\u3059\u3002<\/p>\n
                              \u663e\u793a\u8fc7\u6ee4\u5668
                              \nubuntu-1:\u301c$ sudo iptables -L -t filter
                              \nChain INPUT\uff08\u7b56\u7565ACCEPT\uff09
                              \ntarget prot opt source destination<\/p>\n
                              Chain FORWARD\uff08\u7b56\u7565ACCEPT\uff09
                              \ntarget prot opt source destination<\/p>\n
                              Chain OUTPUT\uff08\u7b56\u7565ACCEPT\uff09
                              \ntarget prot opt source destination<\/p>\n
                              \uff08\u9009\u9879\uff09\u6dfb\u52a0FORWARD\u8fc7\u6ee4\u5668<\/p>\n
                              \u5982\u679c\u60a8\u9ed8\u8ba4\u5c06FORWARD\u8bbe\u7f6e\u4e3aDROP\uff0c\u8bf7\u6dfb\u52a0\u4ee5\u4e0bFORWARD\u8fc7\u6ee4\u5668\u3002<\/p>\n
                              forward_rule
                              \nubuntu-1:\u301c$ sudo iptables -A FORWARD -m tcp -p tcp –dst 10.0.19.96 –dport 3000 -j ACCEPT
                              \nubuntu-1:\u301c$ sudo iptables -A FORWARD -m tcp -p tcp –dst 192.168.0.5 –dport 8082 -j ACCEPT
                              \nubuntu-1:\u301c$ sudo iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT<\/p>\n
                              \u663e\u793a\u8f6c\u53d1\u8fc7\u6ee4\u5668
                              \nubuntu-1:\u301c$ sudo iptables -nL FORWARD
                              \nChain FORWARD\uff08\u7b56\u7565DROP\uff09
                              \ntarget prot opt source destination
                              \nACCEPT tcp — 0.0.0.0\/0 10.0.19.96 tcp dpt:3000
                              \nACCEPT tcp — 0.0.0.0\/0 192.168.0.5 tcp dpt:8082
                              \nACCEPT all — 0.0.0.0\/0 0.0.0.0\/0 state RELATED,ESTABLISHED<\/p>\n
                              \u5728Ubuntu-1\u7684iptables\u4e2d\uff0c\u8bbe\u7f6e\u4e00\u4e2aNAT\u5b9a\u4e49\uff0c\u5c06\u672c\u5730\u7cfb\u7edf\u7684\u865a\u62df\u7f51\u7edc\u4e2d\u7684testservice\uff0810.0.19.96\uff09\u7684\u7aef\u53e33000\u8f6c\u53d1\uff0c\u5e76\u8bbe\u7f6e\u53e6\u4e00\u4e2aNAT\u5b9a\u4e49\uff0c\u5c06VPN\u7f51\u7edc\u4e2d\u7684\u7aef\u53e38082\u8f6c\u53d1\u5230Ubuntu-2\uff08192.168.0.5\uff09\u3002<\/p>\n
                              \u5728Kubernetes\u4e0a\u9a8c\u8bc1testservice\u7684\u8fde\u901a\u6027<\/h3>\n
                              ubuntu-2:~$ <\/span>curl -i<\/span> http:\/\/192.168.0.4:3000\r\nHTTP\/1.1 200 OK\r\nContent-Type: application\/json\r\nDate: Tue, 17 Apr 2018 05:28:33 GMT\r\nConnection: keep-alive\r\nTransfer-Encoding: chunked\r\n\r\n{<\/span>\"message\"<\/span>:\"hello world!\"<\/span>}<\/span>\r\n<\/code><\/pre>\n
                              \u7531\u4e8eubuntu-2\u6ca1\u6709\u4e0eKubernetes\u8fde\u63a5\uff0c\u5e76\u4e14\u4e5f\u6ca1\u6709\u8fdb\u884c\u7279\u522b\u7684\u8def\u7531\u8bbe\u7f6e\uff0c\u56e0\u6b64\u65e0\u6cd5\u76f4\u63a5\u5c06\u6570\u636e\u5305\u4eceubuntu-2\u53d1\u9001\u81f3testservice\u7684IP\u5730\u574010.0.19.96\u3002\u7136\u800c\uff0c\u901a\u8fc7\u5c06\u7aef\u53e33000\u5728ubuntu-1\uff08192.168.0.4\uff09\u4e0a\u8fdb\u884cNAT\u8f6c\u53d1\u81f3testservice\uff0810.0.19.96\uff09\uff0c\u53ef\u4ee5\u901a\u8fc7ubuntu-1\u8bbf\u95eeKubernetes\u7684testservice\u8fdb\u884cHTTP\u8fde\u63a5\u3002<\/p>\n
                              \"ubuntu-2=>testservice.png\"<\/div>\n
                              \u5728Kubernetes\u4e0a\uff0c\u5bf9\u4e8eubuntu-2\u7684HTTP\u5b88\u62a4\u8fdb\u7a0b\u8fdb\u884c\u8fde\u901a\u6027\u786e\u8ba4\u3002<\/h3>\n
                                \n
                              1. \n
                                  \u5728Ubuntu-2\u4e0a\u51c6\u5907index.html\u6587\u4ef6\u3002<\/ol>\n<\/li>\n<\/ol>\n
                                  index.html\u6587\u4ef6\u5185\u5bb9\uff1a
                                  \nUbuntu-2<\/p>\n
                                  \u5728Ubuntu-2\u4e0a\u4ee58082\u7aef\u53e3\u542f\u52a8HTTP\u5b88\u62a4\u8fdb\u7a0b\u3002<\/p>\n
                                  \u542f\u52a8HTTP\u5b88\u62a4\u8fdb\u7a0b\u547d\u4ee4\uff1a
                                  \nubuntu-2:~$ python -m SimpleHTTPServer 8082<\/p>\n
                                  \u5728Kubernetes\u4e0a\u542f\u52a8\u4e00\u4e2a\u53ef\u4ee5\u4f7f\u7528curl\u547d\u4ee4\u7684POD\u3002<\/p>\n
                                  \u542f\u52a8POD\u547d\u4ee4\uff1a
                                  \nmac:kubernetes-openvpn$ kubectl run testpod –rm -it –image=yauritux\/busybox-curl<\/p>\n
                                  \u4ecePOD\u8bbf\u95eeTestproxy\u76848082\u7aef\u53e3\u3002<\/p>\n
                                  \u4ecePOD\u8bbf\u95eeUbuntu-2\u7684\u547d\u4ee4\uff1a
                                  \npod:~$ curl -i http:\/\/testproxy-2:8082\/
                                  \nHTTP\/1.0 200 OK
                                  \nServer: SimpleHTTP\/0.6 Python\/2.7.12
                                  \nDate: Tue, 17 Apr 2018 05:45:23 GMT
                                  \nContent-type: text\/html
                                  \nContent-Length: 79
                                  \nLast-Modified: Tue, 17 Apr 2018 05:35:00 GMT<\/p>\n
                                  Ubuntu-2<\/p>\n
                                  \u901a\u8fc7Kubernetes\u7684POD\uff0c\u7ecf\u8fc7OpenVPN\u670d\u52a1\u5668\u7684NAT\u548cubuntu-1\u7684NAT\uff0c\u5df2\u786e\u8ba4\u53ef\u4ee5\u901a\u8fc7HTTP\u8fde\u63a5\u5230ubuntu-2\u7684HTTP\u5b88\u62a4\u7a0b\u5e8f\u3002<\/p>\n
                                  \"testpod=>ubuntu-2.png\"<\/div>\n
                                  \u6700\u540e
                                  \n\u6700\u7ec8
                                  \n\u6700\u540e
                                  \n\u6700\u540e
                                  \n\u6700\u540e
                                  \n\u6700\u540e
                                  \n\u6700\u540e
                                  \n\u6700\u540e
                                  \n\u6700\u540e
                                  \n\u6700\u540e<\/h1>\n
                                  \u8fd9\u6837\u4e00\u6765\uff0c\u6211\u4eec\u901a\u8fc7\u5728Kubernetes\u4e0a\u642d\u5efa\u7684OpenVPN\u670d\u52a1\u5668\u6210\u529f\u8fde\u63a5\u4e86Kubernetes\u548c\u672c\u5730\u7cfb\u7edf\u7684\u865a\u62df\u7f51\u7edc\uff08\u76ee\u524dOpenVPN Pod\u8fd8\u662f\u5355\u70b9\u6545\u969c\u2026\u2026\uff09\u3002
                                  \n\u867d\u7136OpenVPN\u5ba2\u6237\u7aefVM\u7684NAT\u8bbe\u7f6e\u6709\u4e9b\u9ebb\u70e6\uff0c\u4f46\u662f\u6211\u4eec\u4e0d\u9700\u8981\u5bf9\u672c\u5730\u7cfb\u7edf\u7684\u5176\u4ed6VM\u8fdb\u884c\u7279\u522b\u914d\u7f6e\uff0c\u5c31\u53ef\u4ee5\u4e0eKubernetes\u8fdb\u884c\u534f\u4f5c\uff0c\u6240\u4ee5\u6211\u4eec\u53ea\u9700\u8981\u5fcd\u8010\u4e00\u4e0b\u8fd9\u4e00\u70b9\u3002
                                  \n\u8ba9\u6211\u4eec\u5de7\u5999\u5730\u5229\u7528\u5b83\uff0c\u5ea6\u8fc7\u6109\u5feb\u7684Kubernetes\u751f\u6d3b\u5427\uff01<\/p>\n","protected":false},"excerpt":{"rendered":"
                                  \u9996\u5148 \u5927\u5bb6\u6709\u4f7f\u7528 Kubernetes \u5417\uff1f\u5b83\u662f\u4e00\u4e2a\u53ef\u7231\u7684\u5bb6\u4f19\uff0c\u53ea\u9700\u58f0\u660e\u5f0f\u5730\u63cf\u8ff0\u6240\u9700\u7684\u5bb9\u5668\u7ec4\uff0c\u800c\u65e0\u9700\u8003\u8651\u670d\u52a1\u5668 […]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-36006","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n\u4f7f\u7528Azure AKS\u6765\u5c06Kubernetes\u4e0e\u672c\u5730\u7f51\u7edc\u901a\u8fc7OpenVPN\uff08443\/tcp\uff09\u8fde\u63a5\u8d77\u6765 - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528azure-aks\u6765\u5c06kubernetes\u4e0e\u672c\u5730\u7f51\u7edc\u901a\u8fc7openvpn\uff08443-tcp\uff09\u8fde\u63a5\u8d77\u6765\u3002\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u4f7f\u7528Azure AKS\u6765\u5c06Kubernetes\u4e0e\u672c\u5730\u7f51\u7edc\u901a\u8fc7OpenVPN\uff08443\/tcp\uff09\u8fde\u63a5\u8d77\u6765\" \/>\n<meta property=\"og:description\" content=\"\u9996\u5148 \u5927\u5bb6\u6709\u4f7f\u7528 Kubernetes \u5417\uff1f\u5b83\u662f\u4e00\u4e2a\u53ef\u7231\u7684\u5bb6\u4f19\uff0c\u53ea\u9700\u58f0\u660e\u5f0f\u5730\u63cf\u8ff0\u6240\u9700\u7684\u5bb9\u5668\u7ec4\uff0c\u800c\u65e0\u9700\u8003\u8651\u670d\u52a1\u5668 […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528azure-aks\u6765\u5c06kubernetes\u4e0e\u672c\u5730\u7f51\u7edc\u901a\u8fc7openvpn\uff08443-tcp\uff09\u8fde\u63a5\u8d77\u6765\u3002\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-01T20:13:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-03T20:59:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d268b37434c4406c381f6\/6-0.png\" \/>\n<meta name=\"author\" content=\"\u79d1, \u9896\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u79d1, \u9896\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8azure-aks%e6%9d%a5%e5%b0%86kubernetes%e4%b8%8e%e6%9c%ac%e5%9c%b0%e7%bd%91%e7%bb%9c%e9%80%9a%e8%bf%87openvpn%ef%bc%88443-tcp%ef%bc%89%e8%bf%9e%e6%8e%a5%e8%b5%b7%e6%9d%a5%e3%80%82\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8azure-aks%e6%9d%a5%e5%b0%86kubernetes%e4%b8%8e%e6%9c%ac%e5%9c%b0%e7%bd%91%e7%bb%9c%e9%80%9a%e8%bf%87openvpn%ef%bc%88443-tcp%ef%bc%89%e8%bf%9e%e6%8e%a5%e8%b5%b7%e6%9d%a5%e3%80%82\/\",\"name\":\"\u4f7f\u7528Azure AKS\u6765\u5c06Kubernetes\u4e0e\u672c\u5730\u7f51\u7edc\u901a\u8fc7OpenVPN\uff08443\/tcp\uff09\u8fde\u63a5\u8d77\u6765 - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-12-01T20:13:54+00:00\",\"dateModified\":\"2024-05-03T20:59:17+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8azure-aks%e6%9d%a5%e5%b0%86kubernetes%e4%b8%8e%e6%9c%ac%e5%9c%b0%e7%bd%91%e7%bb%9c%e9%80%9a%e8%bf%87openvpn%ef%bc%88443-tcp%ef%bc%89%e8%bf%9e%e6%8e%a5%e8%b5%b7%e6%9d%a5%e3%80%82\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8azure-aks%e6%9d%a5%e5%b0%86kubernetes%e4%b8%8e%e6%9c%ac%e5%9c%b0%e7%bd%91%e7%bb%9c%e9%80%9a%e8%bf%87openvpn%ef%bc%88443-tcp%ef%bc%89%e8%bf%9e%e6%8e%a5%e8%b5%b7%e6%9d%a5%e3%80%82\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8azure-aks%e6%9d%a5%e5%b0%86kubernetes%e4%b8%8e%e6%9c%ac%e5%9c%b0%e7%bd%91%e7%bb%9c%e9%80%9a%e8%bf%87openvpn%ef%bc%88443-tcp%ef%bc%89%e8%bf%9e%e6%8e%a5%e8%b5%b7%e6%9d%a5%e3%80%82\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u4f7f\u7528Azure AKS\u6765\u5c06Kubernetes\u4e0e\u672c\u5730\u7f51\u7edc\u901a\u8fc7OpenVPN\uff08443\/tcp\uff09\u8fde\u63a5\u8d77\u6765\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e\",\"name\":\"\u79d1, \u9896\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g\",\"caption\":\"\u79d1, \u9896\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/keying\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8azure-aks%e6%9d%a5%e5%b0%86kubernetes%e4%b8%8e%e6%9c%ac%e5%9c%b0%e7%bd%91%e7%bb%9c%e9%80%9a%e8%bf%87openvpn%ef%bc%88443-tcp%ef%bc%89%e8%bf%9e%e6%8e%a5%e8%b5%b7%e6%9d%a5%e3%80%82\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u4f7f\u7528Azure AKS\u6765\u5c06Kubernetes\u4e0e\u672c\u5730\u7f51\u7edc\u901a\u8fc7OpenVPN\uff08443\/tcp\uff09\u8fde\u63a5\u8d77\u6765 - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528azure-aks\u6765\u5c06kubernetes\u4e0e\u672c\u5730\u7f51\u7edc\u901a\u8fc7openvpn\uff08443-tcp\uff09\u8fde\u63a5\u8d77\u6765\u3002\/","og_locale":"zh_CN","og_type":"article","og_title":"\u4f7f\u7528Azure AKS\u6765\u5c06Kubernetes\u4e0e\u672c\u5730\u7f51\u7edc\u901a\u8fc7OpenVPN\uff08443\/tcp\uff09\u8fde\u63a5\u8d77\u6765","og_description":"\u9996\u5148 \u5927\u5bb6\u6709\u4f7f\u7528 Kubernetes \u5417\uff1f\u5b83\u662f\u4e00\u4e2a\u53ef\u7231\u7684\u5bb6\u4f19\uff0c\u53ea\u9700\u58f0\u660e\u5f0f\u5730\u63cf\u8ff0\u6240\u9700\u7684\u5bb9\u5668\u7ec4\uff0c\u800c\u65e0\u9700\u8003\u8651\u670d\u52a1\u5668 […]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528azure-aks\u6765\u5c06kubernetes\u4e0e\u672c\u5730\u7f51\u7edc\u901a\u8fc7openvpn\uff08443-tcp\uff09\u8fde\u63a5\u8d77\u6765\u3002\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-12-01T20:13:54+00:00","article_modified_time":"2024-05-03T20:59:17+00:00","og_image":[{"url":"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d268b37434c4406c381f6\/6-0.png"}],"author":"\u79d1, \u9896","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u79d1, \u9896","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"8 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8azure-aks%e6%9d%a5%e5%b0%86kubernetes%e4%b8%8e%e6%9c%ac%e5%9c%b0%e7%bd%91%e7%bb%9c%e9%80%9a%e8%bf%87openvpn%ef%bc%88443-tcp%ef%bc%89%e8%bf%9e%e6%8e%a5%e8%b5%b7%e6%9d%a5%e3%80%82\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8azure-aks%e6%9d%a5%e5%b0%86kubernetes%e4%b8%8e%e6%9c%ac%e5%9c%b0%e7%bd%91%e7%bb%9c%e9%80%9a%e8%bf%87openvpn%ef%bc%88443-tcp%ef%bc%89%e8%bf%9e%e6%8e%a5%e8%b5%b7%e6%9d%a5%e3%80%82\/","name":"\u4f7f\u7528Azure AKS\u6765\u5c06Kubernetes\u4e0e\u672c\u5730\u7f51\u7edc\u901a\u8fc7OpenVPN\uff08443\/tcp\uff09\u8fde\u63a5\u8d77\u6765 - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-12-01T20:13:54+00:00","dateModified":"2024-05-03T20:59:17+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8azure-aks%e6%9d%a5%e5%b0%86kubernetes%e4%b8%8e%e6%9c%ac%e5%9c%b0%e7%bd%91%e7%bb%9c%e9%80%9a%e8%bf%87openvpn%ef%bc%88443-tcp%ef%bc%89%e8%bf%9e%e6%8e%a5%e8%b5%b7%e6%9d%a5%e3%80%82\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8azure-aks%e6%9d%a5%e5%b0%86kubernetes%e4%b8%8e%e6%9c%ac%e5%9c%b0%e7%bd%91%e7%bb%9c%e9%80%9a%e8%bf%87openvpn%ef%bc%88443-tcp%ef%bc%89%e8%bf%9e%e6%8e%a5%e8%b5%b7%e6%9d%a5%e3%80%82\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8azure-aks%e6%9d%a5%e5%b0%86kubernetes%e4%b8%8e%e6%9c%ac%e5%9c%b0%e7%bd%91%e7%bb%9c%e9%80%9a%e8%bf%87openvpn%ef%bc%88443-tcp%ef%bc%89%e8%bf%9e%e6%8e%a5%e8%b5%b7%e6%9d%a5%e3%80%82\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u4f7f\u7528Azure AKS\u6765\u5c06Kubernetes\u4e0e\u672c\u5730\u7f51\u7edc\u901a\u8fc7OpenVPN\uff08443\/tcp\uff09\u8fde\u63a5\u8d77\u6765"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e","name":"\u79d1, \u9896","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g","caption":"\u79d1, \u9896"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/keying\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8azure-aks%e6%9d%a5%e5%b0%86kubernetes%e4%b8%8e%e6%9c%ac%e5%9c%b0%e7%bd%91%e7%bb%9c%e9%80%9a%e8%bf%87openvpn%ef%bc%88443-tcp%ef%bc%89%e8%bf%9e%e6%8e%a5%e8%b5%b7%e6%9d%a5%e3%80%82\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36006","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=36006"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36006\/revisions"}],"predecessor-version":[{"id":96258,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36006\/revisions\/96258"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=36006"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=36006"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=36006"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}