Kubernetes:如果nodePort是随机的，如何访问服务? [英] Kubernetes: how to access service if nodePort is random?

查看：278 发布时间：2020/4/26 13:32:15 kubernetes kubernetes-service

本文介绍了Kubernetes:如果nodePort是随机的，如何访问服务?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我是K8的新手，目前正在使用Minikube体验该平台.如何为服务配置公共(即群集外部)端口?我遵循了 nginx示例，以及K8s服务教程.就我而言，我是这样创建服务的:

I'm new to K8s and am currently using Minikube to play around with the platform. How do I configure a public (i.e. outside the cluster) port for the service? I followed the nginx example, and K8s service tutorials. In my case, I created the service like so:

kubectl expose deployment/mysrv --type=NodePort --port=1234

对于尝试从INSIDE群集访问它的任何人，该服务的端口为1234. minikube教程说，我需要直接通过随机的nodePort访问该服务，该服务可用于手动测试:

The service's port is 1234 for anyone trying to access it from INSIDE the cluster. The minikube tutorials say I need to access the service directly through it's random nodePort, which works for manual testing purposes:

kubectl describe service mysrv | grep NodePort
...
NodePort:                 <unset>  32387/TCP
# curl "http://`minikube ip`:32387/"

但是我不明白在一个真正的集群中，该服务如何具有固定的世界可访问端口. nginx示例描述了有关使用LoadBalancer服务类型的某些内容，但它们甚至没有在其中指定端口...

But I don't understand how, in a real cluster, the service could have a fixed world-accessible port. The nginx examples describe something about using the LoadBalancer service kind, but they don't even specify ports there...

有什么想法如何为整个服务修复外部端口吗?

Any ideas how to fix the external port for the entire service?

推荐答案

minikube教程说，我需要通过它的随机nodePort直接访问该服务，该端口可用于手动测试:

The minikube tutorials say I need to access the service directly through it's random nodePort, which works for manual testing purposes:

使用$ kubectl expose命令创建类型为NodePort的服务对象时，无法选择NodePort端口.要选择一个NodePort端口，您将需要为其创建一个YAML定义.

When you create service object of type NodePort with a $ kubectl expose command you cannot choose your NodePort port. To choose a NodePort port you will need to create a YAML definition of it.

您可以使用以下示例在类型为Nodeport的服务对象中手动指定端口:

You can manually specify the port in service object of type Nodeport with below example:

apiVersion: v1
kind: Service
metadata:
  name: example-nodeport
spec:
  type: NodePort
  selector:
    app: hello # selector for deployment
  ports:
  - name: example-port
    protocol: TCP
    port: 1234 # CLUSTERIP PORT
    targetPort: 50001 # POD PORT WHICH APPLICATION IS RUNNING ON 
    nodePort: 32222 # HERE!

您可以通过调用以下命令来应用以上YAML定义: $ kubectl apply -f FILE_NAME.yaml

You can apply above YAML definition by invoking command: $ kubectl apply -f FILE_NAME.yaml

上面的服务对象.

但是我不明白在真正的群集中，该服务如何不具有固定的世界可访问端口.

But I don't understand how, in a real cluster, the service could not have a fixed world-accessible port.

在由云提供商(例如GKE)管理的群集中，您可以使用类型为LoadBalancer的服务对象，该服务对象将具有固定的外部IP和固定的端口.

In clusters managed by cloud providers (for example GKE) you can use a service object of type LoadBalancer which will have a fixed external IP and fixed port.

具有带有公共IP的节点的集群可以使用类型为NodePort的服务对象将流量定向到群集中.

Clusters that have nodes with public IP's can use service object of type NodePort to direct traffic into the cluster.

在minikube环境中，您可以使用类型为LoadBalancer的服务对象，但是将在上一段中进行一些说明.

In minikube environment you can use a service object of type LoadBalancer but it will have some caveats described in last paragraph.

Nodeport在静态端口上的每个节点IP上公开服务.它允许外部流量通过NodePort端口进入.该端口将在30000至32767的范围内自动分配.

Nodeport is exposing the service on each node IP at a static port. It allows external traffic to enter with the NodePort port. This port will be automatically assigned from range of 30000 to 32767.

您可以通过遵循NodePort端口范围. "nofollow noreferrer>本手册.

You can change the default NodePort port range by following this manual.

通过查看此 answer ，您可以检查创建类型为NodePort的服务对象时到底发生了什么.

You can check what is exactly happening when creating a service object of type NodePort by looking on this answer.

想象一下:

您的节点具有IP:
- 192.168.0.100
- 192.168.0.101
- 192.168.0.102
- Your nodes have IP's:
  - 192.168.0.100
  - 192.168.0.101
  - 192.168.0.102
  - 10.244.1.10
  - 10.244.1.11
  - 10.244.1.12
  - 10.244.1.10
  - 10.244.1.11
  - 10.244.1.12
  - NodePort(端口32222)具有:
    - ClusterIP:
      - IP:10.96.0.100
      - port:7654
      - targetPort:50001
      - NodePort (port 32222) with:
        
        ClusterIP:
        
        IP: 10.96.0.100
        
        port:7654
        
        targetPort:50001
        
        关于targetPort的字词.这是 pod 上端口的定义，例如Web服务器.
        
        A word about targetPort. It's a definition for port on the pod that is for example a web server.
        
        根据上面的示例，您将获得hello响应，并带有:
        
        According to above example you will get hello response with:
        
        NodeIP:NodePort(所有Pod均可使用hello进行响应):
        
        192.168.0.100:32222
        
        192.168.0.101:32222
        
        192.168.0.102:32222
        
        NodeIP:NodePort (all the pods could respond with hello):
        
        192.168.0.100:32222
        
        192.168.0.101:32222
        
        192.168.0.102:32222
        
        10.0.96.100:7654
        
        10.244.1.10:50001
        
        10.244.1.11:50001
        
        10.244.1.12:50001
        
        10.244.1.10:50001
        
        10.244.1.11:50001
        
        10.244.1.12:50001
        
        您可以使用curl命令检查访问权限，如下所示:
        
        You can check access with curl command as below:
        
        $ curl http://NODE_IP:NODEPORT
        
        在您提到的示例中:
        
        $ kubectl expose deployment/mysrv --type=NodePort --port=1234
        
        会发生什么:
        
        它将在您的minikube实例上为30000到32767范围分配一个随机端口，将进入此端口的流量引导到Pod.
        
        此外，它将创建端口为1234
        的ClusterIP
        
        It will assign a random port from range of 30000 to 32767 on your minikube instance directing traffic entering this port to pods.
        
        Additionally it will create a ClusterIP with port of 1234
        
        在上面的示例中，没有参数targetPort.如果未提供targetPort，则它将与命令中的port相同.
        
        In the example above there was no parameter targetPort. If targetPort is not provided it will be the same as port in the command.
        
        输入NodePort的流量将直接路由到广告连播，不会转到ClusterIP.
        
        Traffic entering a NodePort will be routed directly to pods and will not go to the ClusterIP.
        
        从minikube角度来看，NodePort将是您的minikube实例上的端口.它的IP地址将取决于所使用的管理程序.将其暴露在本地计算机之外将在很大程度上取决于操作系统.
        
        From the minikube perspective a NodePort will be a port on your minikube instance. It's IP address will be dependent on the hypervisor used. Exposing it outside your local machine will be heavily dependent on operating system.
        
        类型LoadBalancer(1)的服务对象和外部LoadBalancer(2)之间的区别:
        
        There is a difference between a service object of type LoadBalancer(1) and an external LoadBalancer(2):
        
        类型为LoadBalancer(1)的
        服务对象允许使用云提供商的LoadBalancer(2)在外部公开服务.这是Kubernetes环境中的一项服务，它可以通过服务控制器安排外部LoadBalancer(2)的创建.
        
        外部LoadBalancer(2)是云提供商提供的负载平衡器.它将在第4层上运行.
        
        Service object of type LoadBalancer(1) allows to expose a service externally using a cloud provider’s LoadBalancer(2). It's a service within Kubernetes environment that through service controller can schedule a creation of external LoadBalancer(2).
        
        External LoadBalancer(2) is a load balancer provided by cloud provider. It will operate at Layer 4.
        
        LoadBalancer(1)类型的服务的示例定义:
        
        Example definition of service of type LoadBalancer(1):
        
        apiVersion: v1 kind: Service metadata: name: example-loadbalancer spec: type: LoadBalancer selector: app: hello ports: - port: 1234 # LOADBALANCER PORT targetPort: 50001 # POD PORT WHICH APPLICATION IS RUNNING ON nodePort: 32222 # PORT ON THE NODE
        
        在YAML上应用将创建类型为LoadBalancer(1)
        
        Applying above YAML will create a service of type LoadBalancer(1)
        
        具体看一下:
        
        ports: - port: 1234 # LOADBALANCER PORT
        
        此定义将同时:
        
        将外部LoadBalancer(2)port指定为1234
        
        将ClusterIP port指定为1234
        
        specify external LoadBalancer(2) port as 1234
        
        specify ClusterIP port as 1234
        
        想象一下:
        
        您的外部LoadBalancer(2)具有:
        
        ExternalIP:34.88.255.5
        
        port:7654
        
        Your external LoadBalancer(2) have:
        
        ExternalIP: 34.88.255.5
        
        port:7654
        
        192.168.0.100
        
        192.168.0.101
        
        192.168.0.102
        
        192.168.0.100
        
        192.168.0.101
        
        192.168.0.102
        
        10.244.1.10
        
        10.244.1.11
        
        10.244.1.12
        
        10.244.1.10
        
        10.244.1.11
        
        10.244.1.12
        
        NodePort(端口32222)具有:
        
        ClusterIP:
        
        IP:10.96.0.100
        
        port:7654
        
        targetPort:50001
        
        NodePort (port 32222) with:
        
        ClusterIP:
        
        IP: 10.96.0.100
        
        port:7654
        
        targetPort:50001
        
        根据上面的示例，您将获得hello响应，并带有:
        
        According to above example you will get hello response with:
        
        ExternalIP:port(所有Pod均可使用hello进行响应):
        
        34.88.255.5:7654
        
        ExternalIP:port (all the pods could respond with hello):
        
        34.88.255.5:7654
        
        192.168.0.100:32222
        
        192.168.0.101:32222
        
        192.168.0.102:32222
        
        192.168.0.100:32222
        
        192.168.0.101:32222
        
        192.168.0.102:32222
        
        10.0.96.100:7654
        
        10.244.1.10:50001
        
        10.244.1.11:50001
        
        10.244.1.12:50001
        
        10.244.1.10:50001
        
        10.244.1.11:50001
        
        10.244.1.12:50001
        
        ExternalIP可以使用以下命令检查:$ kubectl get services
        
        ExternalIP can be checked with command: $ kubectl get services
        
        流量: 客户端-> LoadBalancer:port(2)-> NodeIP:NodePort-> Pod:targetPort
        
        Flow of the traffic: Client -> LoadBalancer:port(2) -> NodeIP:NodePort -> Pod:targetPort
        
        注意:该功能仅适用于支持外部负载平衡器的云提供商或环境.
        
        Note: This feature is only available for cloud providers or environments which support external load balancers.
        
        - Kubernetes.io :创建外部LoadBalancer
        
        在支持负载平衡器的云提供商上，将提供一个外部IP地址来访问服务.在Minikube上，LoadBalancer类型使服务可以通过minikube service命令访问.
        
        On cloud providers that support load balancers, an external IP address would be provisioned to access the Service. On Minikube, the LoadBalancer type makes the Service accessible through the minikube service command.
        
        - Kubernetes.io:您好，minikube
        
        Minikube可以创建类型为LoadBalancer(1)的服务对象，但不会创建外部LoadBalancer(2).
        
        Minikube can create service object of type LoadBalancer(1) but it will not create an external LoadBalancer(2).
        
        命令$ kubectl get services中的ExternalIP将处于挂起状态.
        
        The ExternalIP in command $ kubectl get services will have pending status.
        
        要解决没有外部LoadBalancer(2)的问题，可以调用$ minikube tunnel，这将创建从主机到minikube环境的路由，以直接访问ClusterIP的CIDR.
        
        To address that there is no external LoadBalancer(2) you can invoke $ minikube tunnel which will create a route from host to minikube environment to access the CIDR of ClusterIP directly.
        
        这篇关于Kubernetes:如果nodePort是随机的，如何访问服务?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

Kubernetes:如果nodePort是随机的，如何访问服务? [英] Kubernetes: how to access service if nodePort is random?

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

Kubernetes:如果nodePort是随机的，如何访问服务? [英] Kubernetes: how to access service if nodePort is random?

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭