我使用集群創建echo 'KUBELET_KUBEADM_ARGS="--network-plugin=kubenet --pod-cidr=10.20.0.0/24 --pod-infra-container-image=k8s.gcr.io/pause:3.6"' > /etc/default/kubelet。該設定使用 NAT 配置在 ubuntu VM 中運行。
有一個由兩個命名空間劃分的集群,每個命名空間都有一個應用程式實體的部署(想想一個應用程式用于一個客戶端)。我正在嘗試通過 nodeIP:nodePort 訪問單個應用程式實體。我可以通過訪問應用程式;但是,這樣我就無法分別訪問屬于客戶端 A 和客戶端 B 的應用程式。
如果您對所采取的確切步驟感興趣,請參閱Kubernetes 部署無法通過服務公開的瀏覽器訪問
下面是在 eramba-1 命名空間中部署的 yaml 檔案(所以對于第二次部署,我只有命名空間 = eramba-2)
apiVersion: apps/v1
kind: Deployment
metadata:
name: eramba-web
namespace: eramba-1
labels:
app.kubernetes.io/name: eramba-web
spec:
replicas: 1
selector:
matchLabels:
app: eramba-web
template:
metadata:
labels:
app: eramba-web
spec:
containers:
- name: eramba-web
image: markz0r/eramba-app:c281
imagePullPolicy: IfNotPresent
env:
- name: MYSQL_HOSTNAME
value: eramba-mariadb
- name: MYSQL_DATABASE
value: erambadb
- name: MYSQL_USER
value: root
- name: MYSQL_PASSWORD
value: eramba
- name: DATABASE_PREFIX
value: ""
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: eramba-web
namespace: eramba-1
labels:
app.kubernetes.io/name: eramba-web
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/name: eramba-web
type: NodePort
...
eramba-1 命名空間的服務輸出
root@osboxes:/home/osboxes/eramba# kubectl describe svc eramba-web -n eramba-1
Name: eramba-web
Namespace: eramba-1
Labels: app.kubernetes.io/name=eramba-web
Annotations: <none>
Selector: app.kubernetes.io/name=eramba-web
Type: NodePort
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.100.17.120
IPs: 10.100.17.120
Port: http 8080/TCP
TargetPort: 8080/TCP
NodePort: http 32370/TCP
Endpoints: <none>
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
eramba-2 輸出服務
root@osboxes:/home/osboxes/eramba# kubectl describe svc eramba-web2 -n eramba-2
Name: eramba-web2
Namespace: eramba-2
Labels: app.kubernetes.io/name=eramba-web2
Annotations: <none>
Selector: app.kubernetes.io/name=eramba-web2
Type: NodePort
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.98.240.243
IPs: 10.98.240.243
Port: http 8080/TCP
TargetPort: 8080/TCP
NodePort: http 32226/TCP
Endpoints: <none>
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
我已經驗證了 nodePorts 監聽狀態
root@osboxes:/home/osboxes/eramba# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 **0 0.0.0.0:32370** 0.0.0.0:* LISTEN 3776/kube-proxy
tcp 0 0 127.0.0.1:10259 0.0.0.0:* LISTEN 3476/kube-scheduler
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 535/systemd-resolve
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 587/cupsd
tcp 0 **0 0.0.0.0:32226** 0.0.0.0:* LISTEN 3776/kube-proxy
tcp 0 0 127.0.0.1:10248 0.0.0.0:* LISTEN 2983/kubelet
tcp 0 0 127.0.0.1:10249 0.0.0.0:* LISTEN 3776/kube-proxy
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 809/mysqld
tcp 0 0 172.16.42.135:2379 0.0.0.0:* LISTEN 3495/etcd
tcp 0 0 127.0.0.1:2379 0.0.0.0:* LISTEN 3495/etcd
tcp 0 0 172.16.42.135:2380 0.0.0.0:* LISTEN 3495/etcd
tcp 0 0 127.0.0.1:2381 0.0.0.0:* LISTEN 3495/etcd
tcp 0 0 127.0.0.1:39469 0.0.0.0:* LISTEN 2983/kubelet
tcp 0 0 127.0.0.1:10257 0.0.0.0:* LISTEN 3521/kube-controlle
tcp6 0 0 ::1:631 :::* LISTEN 587/cupsd
tcp6 0 0 :::33060 :::* LISTEN 809/mysqld
tcp6 0 0 :::10250 :::* LISTEN 2983/kubelet
tcp6 0 0 :::6443 :::* LISTEN 3485/kube-apiserver
tcp6 0 0 :::10256 :::* LISTEN 3776/kube-proxy
tcp6 0 0 :::80 :::* LISTEN 729/apache2
udp 0 0 0.0.0.0:35922 0.0.0.0:* 589/avahi-daemon: r
udp 0 0 0.0.0.0:5353 0.0.0.0:* 589/avahi-daemon: r
udp 0 0 127.0.0.53:53 0.0.0.0:* 535/systemd-resolve
udp 0 0 172.16.42.135:68 0.0.0.0:* 586/NetworkManager
udp 0 0 0.0.0.0:631 0.0.0.0:* 654/cups-browsed
udp6 0 0 :::5353 :::* 589/avahi-daemon: r
udp6 0 0 :::37750 :::* 589/avahi-daemon: r
這是 Iptables 的輸出
root@osboxes:/home/osboxes/eramba# iptables --list-rules
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-N KUBE-EXTERNAL-SERVICES
-N KUBE-FIREWALL
-N KUBE-FORWARD
-N KUBE-KUBELET-CANARY
-N KUBE-NODEPORTS
-N KUBE-PROXY-CANARY
-N KUBE-SERVICES
-A INPUT -m comment --comment "kubernetes health check service ports" -j KUBE-NODEPORTS
-A INPUT -m conntrack --ctstate NEW -m comment --comment "kubernetes externally-visible service portals" -j KUBE-EXTERNAL-SERVICES
-A INPUT -j KUBE-FIREWALL
-A FORWARD -m comment --comment "kubernetes forwarding rules" -j KUBE-FORWARD
-A FORWARD -m conntrack --ctstate NEW -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A FORWARD -m conntrack --ctstate NEW -m comment --comment "kubernetes externally-visible service portals" -j KUBE-EXTERNAL-SERVICES
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A OUTPUT -m conntrack --ctstate NEW -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A OUTPUT -j KUBE-FIREWALL
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
-A KUBE-EXTERNAL-SERVICES -p tcp -m comment --comment "eramba-2/eramba-web2:http has no endpoints" -m addrtype --dst-type LOCAL -m tcp --dport 32226 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-EXTERNAL-SERVICES -p tcp -m comment --comment "eramba-1/eramba-web:http has no endpoints" -m addrtype --dst-type LOCAL -m tcp --dport 32370 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-FIREWALL -m comment --comment "kubernetes firewall for dropping marked packets" -m mark --mark 0x8000/0x8000 -j DROP
-A KUBE-FIREWALL ! -s 127.0.0.0/8 -d 127.0.0.0/8 -m comment --comment "block incoming localnet connections" -m conntrack ! --ctstate RELATED,ESTABLISHED,DNAT -j DROP
-A KUBE-FORWARD -m conntrack --ctstate INVALID -j DROP
-A KUBE-FORWARD -m comment --comment "kubernetes forwarding rules" -m mark --mark 0x4000/0x4000 -j ACCEPT
-A KUBE-FORWARD -m comment --comment "kubernetes forwarding conntrack rule" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A KUBE-SERVICES -d 10.98.240.243/32 -p tcp -m comment --comment "eramba-2/eramba-web2:http has no endpoints" -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable
-A KUBE-SERVICES -d 10.100.17.120/32 -p tcp -m comment --comment "eramba-1/eramba-web:http has no endpoints" -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable
我確定我不知道可以訪問各個應用程式實體的其他方法,所以如果有更好的方法,請提出建議。
uj5u.com熱心網友回復:
Endpoints: <none>表示您的服務配置錯誤;它的選擇器與任何 Pod 都不匹配。如果您查看服務,它會尋找
spec:
selector:
app.kubernetes.io/name: eramba-web
但是如果你看一下 Deployment,它會生成帶有不同標簽的 Pod
spec:
template:
metadata:
labels:
app: eramba-web # not app.kubernetes.io/name: ...
我會一直在app.kubernetes.io/name任何地方使用這種格式。您必須洗掉并重新創建部署以更改其selector:值以匹配。
轉載請註明出處,本文鏈接:https://www.uj5u.com/qiye/407241.html
標籤:
上一篇:如何使這個javascript函式允許在輸入框中輸入多個值,并用空格分隔?
下一篇:找不到Minikube標志