[Question] Master node in internal network

[tiezhuoyu]

What happened:
Hi, we want to deploy master node in an internal network where edge nodes cannot directly access master node.

For example, master node ip w.x.y.z, gate way ip l.m.n.o, edge node ip a.b.c.d. Mapping w.x.y.z:6443 (apiserver port) to l.m.n.o:5555. Later, edge node a.b.c.d will execute with command join l.m.n.o:5555.

What ports of openyurt componoent (such as port 10262, tunnel-server) need to be mapped?

Thanks!

What you expected to happen:
Openyurt components work properly.

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

• OpenYurt version:v0.4.0
• Kubernetes version (use kubectl version):v1.18.2
• OS (e.g: cat /etc/os-release):Centos7.6 & Ubuntu20.04
• Kernel (e.g. uname -a):
• Install tools:
• Others:

others
/kind question

[rambohe-ch]

@tiezhuoyu Thank you for raising issue.

What ports of openyurt componoent (such as port 10262, tunnel-server) need to be mapped?

The type of tunnel-server service x-tunnel-server-svc is NodePort, and the port is fixed as 31008(and you can modify as you want in service template), so you can map one port on gateway to {nodeIP:31008}.

btw:

1. you need to configure the gateway address for yurt-tunnel-agent --tunnelserver-addr parameter.
2. you also need to configure gateway ip address for yurt-tunnel-server --cert-ips parameter

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.