使用节点端口方法无法从集群外部访问从集群部署的kubernetes服务 [英] Deployed kubernetes service from cluster is not accessible outside the cluster using node port method
问题描述
我正在尝试访问Kubernetes集群部署的Spring Boot微服务,并试图测试REST API.我在部署脚本中配置了节点端口方法.但是,当我尝试使用Postman工具进行访问时,只会得到无法获得任何响应"的响应.
我按照以下结构配置了 service.yaml 脚本,
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
type: NodePort
ports:
- port: 7100
targetPort: 7100
protocol: TCP
name: http
nodePort: 31007
selector:
app: my-deployment
我的 deployment.yaml 如下,
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
labels:
app: my-deployment
spec:
replicas: 1
selector:
matchLabels:
app: my-deployment
template:
metadata:
labels:
app: my-deployment
annotations:
date: "+%H:%M:%S %d/%m/%y"
spec:
imagePullSecrets:
- name: "regcred"
containers:
- name: my-deployment-container
image: spacestudymilletech010/spacestudysecurityauthcontrol:latest
imagePullPolicy: Always
ports:
- name: http
containerPort: 8065
protocol: TCP
tolerations:
- key: "dedicated-app"
operator: "Equal"
value: "my-dedi-app-a"
effect: "NoSchedule"
当我服用kubectl describe service
时,输出如下:
并且我正尝试通过以下方式访问已部署的api,
http://<my-cluster-Worker-NodeIP-Address:31007/<my-deployed-ReST-API-end-point>
更新
当我为自己的部署运行kubectl describe pod
命令时,我得到如下响应,
docker@MILDEVKUB010:~$ kubectl describe pod spacestudycontrolalerts-
deployment-8644449c58-x4zd6
Name: spacestudycontrolalerts-deployment-8644449c58-x4zd6
Namespace: default
Priority: 0
Node: <none>
Labels: app=spacestudycontrolalerts-deployment
pod-template-hash=8644449c58
Annotations: date: +%H:%M:%S %d/%m/%y
Status: Pending
IP:
IPs: <none>
Controlled By: ReplicaSet/spacestudycontrolalerts-deployment-8644449c58
Containers:
spacestudycontrolalerts-deployment-container:
Image: spacestudymilletech010/spacestudycontrolalerts:latest
Port: 7102/TCP
Host Port: 0/TCP
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-6s55b (ro)
Conditions:
Type Status
PodScheduled False
Volumes:
default-token-6s55b:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-6s55b
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling <unknown> default-scheduler 0/2 nodes are available: 2 node(s) had taints that the pod didn't tolerate.
如上所述,我从0/2 nodes are available: 2 node(s) had taints that the pod didn't tolerate.
之类的pod指令中获取了事件消息.
当我运行kubectl get nodes
命令时,我将得到以下内容,
NAME STATUS ROLES AGE VERSION
mildevkub020 Ready master 5d v1.17.0
mildevkub040 Ready master 5d v1.17.0
我在哪里遇到了错误的服务访问权限?
是否存在事件消息,即0/2 nodes are available: 2 node(s) had taints that the pod didn't tolerate
.这意味着您的节点有一个污染.
步骤1:-要验证是否有污染
kubectl describe node | grep -i taint
第2步:-去除污渍,确认其已被去除.
请注意,密钥使用的末尾带有减号.
kubectl taint nodes --all node-role.kubernetes.io/master-
kubectl taint nodes --all node-role.kubernetes.io/not-ready-
kubectl taint nodes --all node-role.kubernetes.io/unreachable-
步骤3:-然后根据您的 deployment.yaml 文件,我们需要创建污染区.
kubectl taint nodes node1 dedicated-app:my-dedi-app-a:NoSchedule
第4步:-要验证是否有污染
kubectl describe node | grep -i taint
第5步:-部署.yaml文件
kubectl apply -f deployment.yaml
您可以在PodSpec中指定容器的公差.以下两个容差都匹配"上面的kubectl污点线创建的污点,因此具有任一容忍度的Pod都可以将其调度到 node1
上https://kubernetes.io/docs/concepts/configuration/taint -and-tolerance/
此外,您的describe pod
显示您的部署名称为spacestudycontrolalerts-deployment
.这使我们对您的 deployment.yaml文件(即 metadata.Name:我的部署)感到困惑. Make sure you describe pod with respective deployment name
.
我希望这将对大家有所帮助,以备将来参考.
I am trying to access Kubernetes cluster deployed Spring Boot microservices and trying to test the REST API. I configured the node port method in my deployment scripts. But when I am trying to access using Postman tool, I am only getting the response that "Could not get any response".
I configured the service.yaml script like the following structure,
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
type: NodePort
ports:
- port: 7100
targetPort: 7100
protocol: TCP
name: http
nodePort: 31007
selector:
app: my-deployment
My deployment.yaml like the following ,
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
labels:
app: my-deployment
spec:
replicas: 1
selector:
matchLabels:
app: my-deployment
template:
metadata:
labels:
app: my-deployment
annotations:
date: "+%H:%M:%S %d/%m/%y"
spec:
imagePullSecrets:
- name: "regcred"
containers:
- name: my-deployment-container
image: spacestudymilletech010/spacestudysecurityauthcontrol:latest
imagePullPolicy: Always
ports:
- name: http
containerPort: 8065
protocol: TCP
tolerations:
- key: "dedicated-app"
operator: "Equal"
value: "my-dedi-app-a"
effect: "NoSchedule"
When I am taking kubectl describe service
, output is like the following,
And I am trying to access my deployed api Like the following way,
http://<my-cluster-Worker-NodeIP-Address:31007/<my-deployed-ReST-API-end-point>
Updates
When I am running the kubectl describe pod
command for my deployment I am getting the response like the following,
docker@MILDEVKUB010:~$ kubectl describe pod spacestudycontrolalerts-
deployment-8644449c58-x4zd6
Name: spacestudycontrolalerts-deployment-8644449c58-x4zd6
Namespace: default
Priority: 0
Node: <none>
Labels: app=spacestudycontrolalerts-deployment
pod-template-hash=8644449c58
Annotations: date: +%H:%M:%S %d/%m/%y
Status: Pending
IP:
IPs: <none>
Controlled By: ReplicaSet/spacestudycontrolalerts-deployment-8644449c58
Containers:
spacestudycontrolalerts-deployment-container:
Image: spacestudymilletech010/spacestudycontrolalerts:latest
Port: 7102/TCP
Host Port: 0/TCP
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-6s55b (ro)
Conditions:
Type Status
PodScheduled False
Volumes:
default-token-6s55b:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-6s55b
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling <unknown> default-scheduler 0/2 nodes are available: 2 node(s) had taints that the pod didn't tolerate.
I am getting the event message from describe pod command like 0/2 nodes are available: 2 node(s) had taints that the pod didn't tolerate.
as shown above.
When I am running kubectl get nodes
command , I am getting like the following,
NAME STATUS ROLES AGE VERSION
mildevkub020 Ready master 5d v1.17.0
mildevkub040 Ready master 5d v1.17.0
Where have I gone wrong for service access?
If there is an event message i.e 0/2 nodes are available: 2 node(s) had taints that the pod didn't tolerate
. This means there is a Taint to your nodes.
Step 1:- To verify there is a Taint
kubectl describe node | grep -i taint
Step 2:- Remove the Taint, verify it has been removed.
Note that the key is used with a minus sign appended to the end.
kubectl taint nodes --all node-role.kubernetes.io/master-
kubectl taint nodes --all node-role.kubernetes.io/not-ready-
kubectl taint nodes --all node-role.kubernetes.io/unreachable-
Step 3:- Then as per your deployment.yaml file, we need to create the Taint.
kubectl taint nodes node1 dedicated-app:my-dedi-app-a:NoSchedule
Step 4:- To verify there is a Taint
kubectl describe node | grep -i taint
Step 5:- Deploy your .yaml file
kubectl apply -f deployment.yaml
You specify toleration for a pod in the PodSpec. Both of the following tolerations "match" the taint created by the kubectl taint line above, and thus a pod with either toleration would be able to schedule onto node1
https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
Also, your describe pod
shows that your deployment name is spacestudycontrolalerts-deployment
. which is making us a confusion with your deployment.yaml file i.e metadata.Name: my-deployment. Make sure you describe pod with respective deployment name
.
I hope this will help everyone for future reference on Taints and Tolerations.
这篇关于使用节点端口方法无法从集群外部访问从集群部署的kubernetes服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!