Kubernetes:如果nodePort是随机的,如何访问服务? [英] Kubernetes: how to access service if nodePort is random?
问题描述
我是K8的新手,目前正在使用Minikube体验该平台.如何为服务配置公共(即群集外部)端口?我遵循了 nginx示例 ,以及K8s服务教程.就我而言,我是这样创建服务的:
I'm new to K8s and am currently using Minikube to play around with the platform. How do I configure a public (i.e. outside the cluster) port for the service? I followed the nginx example, and K8s service tutorials. In my case, I created the service like so:
kubectl expose deployment/mysrv --type=NodePort --port=1234
对于尝试从INSIDE群集访问它的任何人,该服务的端口为1234. minikube教程说,我需要直接通过随机的nodePort访问该服务,该服务可用于手动测试:
The service's port is 1234 for anyone trying to access it from INSIDE the cluster. The minikube tutorials say I need to access the service directly through it's random nodePort, which works for manual testing purposes:
kubectl describe service mysrv | grep NodePort
...
NodePort: <unset> 32387/TCP
# curl "http://`minikube ip`:32387/"
但是我不明白在一个真正的集群中,该服务如何具有固定的世界可访问端口. nginx示例描述了有关使用LoadBalancer服务类型的某些内容,但它们甚至没有在其中指定端口...
But I don't understand how, in a real cluster, the service could have a fixed world-accessible port. The nginx examples describe something about using the LoadBalancer service kind, but they don't even specify ports there...
有什么想法如何为整个服务修复外部端口吗?
Any ideas how to fix the external port for the entire service?
推荐答案
minikube教程说,我需要通过它的随机nodePort直接访问该服务,该端口可用于手动测试:
The minikube tutorials say I need to access the service directly through it's random nodePort, which works for manual testing purposes:
使用$ kubectl expose
命令创建类型为NodePort
的服务对象时,无法选择NodePort
端口.要选择一个NodePort
端口,您将需要为其创建一个YAML
定义.
When you create service object of type NodePort
with a $ kubectl expose
command you cannot choose your NodePort
port. To choose a NodePort
port you will need to create a YAML
definition of it.
您可以使用以下示例在类型为Nodeport
的服务对象中手动指定端口:
You can manually specify the port in service object of type Nodeport
with below example:
apiVersion: v1
kind: Service
metadata:
name: example-nodeport
spec:
type: NodePort
selector:
app: hello # selector for deployment
ports:
- name: example-port
protocol: TCP
port: 1234 # CLUSTERIP PORT
targetPort: 50001 # POD PORT WHICH APPLICATION IS RUNNING ON
nodePort: 32222 # HERE!
您可以通过调用以下命令来应用以上YAML
定义:
$ kubectl apply -f FILE_NAME.yaml
You can apply above YAML
definition by invoking command:
$ kubectl apply -f FILE_NAME.yaml
上面的服务对象.
但是我不明白在真正的群集中,该服务如何不具有固定的世界可访问端口.
But I don't understand how, in a real cluster, the service could not have a fixed world-accessible port.
在由云提供商(例如GKE)管理的群集中,您可以使用类型为LoadBalancer
的服务对象,该服务对象将具有固定的外部IP和固定的端口.
In clusters managed by cloud providers (for example GKE) you can use a service object of type LoadBalancer
which will have a fixed external IP and fixed port.
具有带有公共IP的节点的集群可以使用类型为NodePort
的服务对象将流量定向到群集中.
Clusters that have nodes with public IP's can use service object of type NodePort
to direct traffic into the cluster.
在minikube
环境中,您可以使用类型为LoadBalancer
的服务对象,但是将在上一段中进行一些说明.
In minikube
environment you can use a service object of type LoadBalancer
but it will have some caveats described in last paragraph.
Nodeport
在静态端口上的每个节点IP上公开服务.它允许外部流量通过NodePort
端口进入.该端口将在30000
至32767
的范围内自动分配.
Nodeport
is exposing the service on each node IP at a static port. It allows external traffic to enter with the NodePort
port. This port will be automatically assigned from range of 30000
to 32767
.
您可以通过遵循NodePort端口范围. "nofollow noreferrer>本手册.
You can change the default NodePort
port range by following this manual.
通过查看此 answer ,您可以检查创建类型为NodePort
的服务对象时到底发生了什么.
You can check what is exactly happening when creating a service object of type NodePort
by looking on this answer.
想象一下:
- 您的节点具有IP:
-
192.168.0.100
-
192.168.0.101
-
192.168.0.102
- Your nodes have IP's:
192.168.0.100
192.168.0.101
192.168.0.102
-
10.244.1.10
-
10.244.1.11
-
10.244.1.12
10.244.1.10
10.244.1.11
10.244.1.12
-
NodePort
(端口32222
)具有:-
ClusterIP
:- IP:
10.96.0.100
-
port
:7654
-
targetPort
:50001
NodePort
(port32222
) with:ClusterIP
:- IP:
10.96.0.100
port
:7654
targetPort
:50001
关于
targetPort
的字词.这是 pod 上端口的定义,例如Web服务器.A word about
targetPort
. It's a definition for port on the pod that is for example a web server.根据上面的示例,您将获得
hello
响应,并带有:According to above example you will get
hello
response with:-
NodeIP:NodePort
(所有Pod均可使用hello
进行响应):-
192.168.0.100:32222
-
192.168.0.101:32222
-
192.168.0.102:32222
NodeIP:NodePort
(all the pods could respond withhello
):192.168.0.100:32222
192.168.0.101:32222
192.168.0.102:32222
-
10.0.96.100:7654
-
10.244.1.10:50001
-
10.244.1.11:50001
-
10.244.1.12:50001
10.244.1.10:50001
10.244.1.11:50001
10.244.1.12:50001
您可以使用
curl
命令检查访问权限,如下所示:You can check access with
curl
command as below:$ curl http://NODE_IP:NODEPORT
在您提到的示例中:
$ kubectl expose deployment/mysrv --type=NodePort --port=1234
会发生什么:
- 它将在您的
minikube
实例上为30000
到32767
范围分配一个随机端口,将进入此端口的流量引导到Pod. - 此外,它将创建端口为
1234
的
ClusterIP
- It will assign a random port from range of
30000
to32767
on yourminikube
instance directing traffic entering this port to pods. - Additionally it will create a
ClusterIP
with port of1234
在上面的示例中,没有参数
targetPort
.如果未提供targetPort
,则它将与命令中的port
相同.In the example above there was no parameter
targetPort
. IftargetPort
is not provided it will be the same asport
in the command.输入
NodePort
的流量将直接路由到广告连播,不会转到ClusterIP
.Traffic entering a
NodePort
will be routed directly to pods and will not go to theClusterIP
.从
minikube
角度来看,NodePort
将是您的minikube
实例上的端口.它的IP地址将取决于所使用的管理程序.将其暴露在本地计算机之外将在很大程度上取决于操作系统.From the
minikube
perspective aNodePort
will be a port on yourminikube
instance. It's IP address will be dependent on the hypervisor used. Exposing it outside your local machine will be heavily dependent on operating system.类型
LoadBalancer
(1)的服务对象和外部LoadBalancer
(2)之间的区别:There is a difference between a service object of type
LoadBalancer
(1) and an externalLoadBalancer
(2):-
类型为
- 服务对象允许使用云提供商的
LoadBalancer
(2)在外部公开服务.这是Kubernetes环境中的一项服务,它可以通过服务控制器安排外部LoadBalancer
(2)的创建. - 外部
LoadBalancer
(2)是云提供商提供的负载平衡器.它将在第4层上运行.
LoadBalancer
(1)的- Service object of type
LoadBalancer
(1) allows to expose a service externally using a cloud provider’sLoadBalancer
(2). It's a service within Kubernetes environment that through service controller can schedule a creation of externalLoadBalancer
(2). - External
LoadBalancer
(2) is a load balancer provided by cloud provider. It will operate at Layer 4.
LoadBalancer
(1)类型的服务的示例定义:Example definition of service of type
LoadBalancer
(1):apiVersion: v1 kind: Service metadata: name: example-loadbalancer spec: type: LoadBalancer selector: app: hello ports: - port: 1234 # LOADBALANCER PORT targetPort: 50001 # POD PORT WHICH APPLICATION IS RUNNING ON nodePort: 32222 # PORT ON THE NODE
在
YAML
上应用将创建类型为LoadBalancer
(1)Applying above
YAML
will create a service of typeLoadBalancer
(1)具体看一下:
ports: - port: 1234 # LOADBALANCER PORT
此定义将同时:
- 将外部
LoadBalancer
(2)port
指定为1234 - 将
ClusterIP
port
指定为1234
- specify external
LoadBalancer
(2)port
as 1234 - specify
ClusterIP
port
as 1234
想象一下:
- 您的外部
LoadBalancer
(2)具有:-
ExternalIP
:34.88.255.5
-
port
:7654
- Your external
LoadBalancer
(2) have:ExternalIP
:34.88.255.5
port
:7654
-
192.168.0.100
-
192.168.0.101
-
192.168.0.102
192.168.0.100
192.168.0.101
192.168.0.102
-
10.244.1.10
-
10.244.1.11
-
10.244.1.12
10.244.1.10
10.244.1.11
10.244.1.12
-
NodePort
(端口32222
)具有:-
ClusterIP
:- IP:
10.96.0.100
-
port
:7654
-
targetPort
:50001
NodePort
(port32222
) with:ClusterIP
:- IP:
10.96.0.100
port
:7654
targetPort
:50001
根据上面的示例,您将获得
hello
响应,并带有:According to above example you will get
hello
response with:-
ExternalIP
:port
(所有Pod均可使用hello
进行响应):-
34.88.255.5:7654
ExternalIP
:port
(all the pods could respond withhello
):34.88.255.5:7654
-
192.168.0.100:32222
-
192.168.0.101:32222
-
192.168.0.102:32222
192.168.0.100:32222
192.168.0.101:32222
192.168.0.102:32222
-
10.0.96.100:7654
-
10.244.1.10:50001
-
10.244.1.11:50001
-
10.244.1.12:50001
10.244.1.10:50001
10.244.1.11:50001
10.244.1.12:50001
ExternalIP
可以使用以下命令检查:$ kubectl get services
ExternalIP
can be checked with command:$ kubectl get services
流量: 客户端->
LoadBalancer:port
(2)->NodeIP:NodePort
->Pod:targetPort
Flow of the traffic: Client ->
LoadBalancer:port
(2) ->NodeIP:NodePort
->Pod:targetPort
注意:该功能仅适用于支持外部负载平衡器的云提供商或环境.
Note: This feature is only available for cloud providers or environments which support external load balancers.
- Kubernetes.io :创建外部LoadBalancer
在支持负载平衡器的云提供商上,将提供一个外部IP地址来访问服务.在Minikube上,
LoadBalancer
类型使服务可以通过minikube service
命令访问.On cloud providers that support load balancers, an external IP address would be provisioned to access the Service. On Minikube, the
LoadBalancer
type makes the Service accessible through theminikube service
command.Minikube
可以创建类型为LoadBalancer
(1)的服务对象,但不会创建外部LoadBalancer
(2).Minikube
can create service object of typeLoadBalancer
(1) but it will not create an externalLoadBalancer
(2).命令
$ kubectl get services
中的ExternalIP
将处于挂起状态.The
ExternalIP
in command$ kubectl get services
will have pending status.要解决没有外部
LoadBalancer
(2)的问题,可以调用$ minikube tunnel
,这将创建从主机到minikube
环境的路由,以直接访问ClusterIP
的CIDR
.To address that there is no external
LoadBalancer
(2) you can invoke$ minikube tunnel
which will create a route from host tominikube
environment to access theCIDR
ofClusterIP
directly.这篇关于Kubernetes:如果nodePort是随机的,如何访问服务?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
-
- IP:
- IP:
-
-
-
- IP:
- IP:
-
-