Kubernetes中是否可以连接两个集群IP服务? [英] Could two cluster IP services be connected in Kubernetes?
问题描述
这种情况是,我想连接租户内部已经有Traefik作为NodePort的两个群集IP服务,以便这两个服务中的任何一个都可以成为LoadBalancer,因为Traefik使用了NodePort.
The situation is that I want to connect two cluster IP services that are inside a tenant which already has Traefik as NodePort so that any of these two services can be a LoadBalancer because the NodePort is used by Traefik.
我尝试连接的两个服务如下.第一个,我称为主",将收到来自客户端的带有文本的帖子,并将调用另一个服务,称为从属",这将在邮件的发送文本中添加一些文本("Hola Patri")客户.这两个服务是由Docker映像中的app.py定义的flask服务.您可以在下面看到两张图片的app.py:
The two services I am trying to connect work as follows. The first one, which I called "Master", will receive a post from the client with a text and will call the other service, called "slave", which will add some text ("Hola Patri") to the text sent by the client. The two services are flask services defined by the app.py in the Docker image. You can see the app.py for both images below:
master/app.py
from flask import Flask, request
import requests
app = Flask(__name__)
@app.route("/", methods = ['GET', 'POST'])
def put():
if request.method == 'POST':
text = request.get_data()
r = requests.post("http://slave:5001",data=text)
result = r.text
return result
if __name__ == '__main__':
app.run(host="0.0.0.0", port=5000, debug=True)
从属/app.py
from flask import Flask, request
app = Flask(__name__)
@app.route("/", methods = ['GET', 'POST'])
def put():
if request.method == 'POST':
text = request.get_data()
#text = request.data
texto_final = str(text) + 'Hola Patri'
return texto_final
if __name__ == '__main__':
app.run(host="0.0.0.0", port=5001, debug=True)
部署和服务的配置在两个Yaml中定义:master_src.yaml和slave_src.yaml.
The configuration of the deployments and the services are defined in two yamls: master_src.yaml and slave_src.yaml.
master_src.yaml
kind: Namespace
apiVersion: v1
metadata:
name: innovation
labels:
name: innovation
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: master
namespace: innovation
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
- name: master
imagePullPolicy: Always
securityContext:
runAsUser: 1000
runAsNonRoot: true
image: reg-dhc.app.corpintra.net/galiani/innovation:mastertest
ports:
- protocol: TCP
containerPort: 5000
imagePullSecrets:
- name: galiani-innovation-pull-secret
---
apiVersion: v1
kind: Service
metadata:
name: master
namespace: innovation
spec:
ports:
- protocol: TCP
port: 5000
targetPort: 5000
selector:
app: myapp
slave_src.yaml
kind: Namespace
apiVersion: v1
metadata:
name: innovation
labels:
name: innovation
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: slave
namespace: innovation
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
- name: slave
imagePullPolicy: Always
securityContext:
runAsUser: 1000
runAsNonRoot: true
image: reg-dhc.app.corpintra.net/galiani/innovation:slavetest
ports:
- protocol: TCP
containerPort: 5001
imagePullSecrets:
- name: galiani-innovation-pull-secret
---
apiVersion: v1
kind: Service
metadata:
name: slave
namespace: innovation
spec:
selector:
app: myapp
ports:
- protocol: TCP
port: 5001
targetPort: 5001
我还创建了一个网络策略以允许两个服务之间的通信.以下是用于定义网络策略的Yaml.
I have also created a network policy to allow the traffic between the two services. The yaml used to define the network policy is the following.
networkpolicy_src.yaml
kind: NetworkPolicy
apiVersion: extensions/v1beta1
metadata:
name: ingress-to-all
namespace: innovation
spec:
podSelector:
matchLabels:
app: myapp
ingress:
- from:
- podSelector:
matchLabels:
app: myapp
ports:
- port: 5000
protocol: TCP
- port: 5001
protocol: TCP
policyTypes:
- Ingress
主服务和从服务之间的连接不起作用.我可以独立访问主服务器和从属服务器.但是,当我尝试向主机发送POST(使用curl)并且应该连接到从机时,出现以下错误:
The connection between the master service and the slave service is not working. I can access to the master and slave independently. Nevertheless, when I try to make a POST to the master (using curl) and it should connect to the slave, I get the following error:
curl: (52) Empty reply from server
谢谢您的帮助!
对于新问题,我有关于使用traefik的连接的问题.这是trafik入口的Yaml:
For the new question I have regarding the connection using traefik. Here is the yaml of the trafik ingress:
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-innovation
namespace: innovation
annotations:
traefik.frontend.rule.type: PathPrefixStrip
spec:
rules:
- http:
paths:
- path: /master
backend:
serviceName: master
servicePort: 5000
- path: /slave
backend:
serviceName: slave
servicePort: 5001
我还纠正了networkpolicy yaml,现在是:
I have also corrected the networkpolicy yaml and now it is:
kind: NetworkPolicy
apiVersion: extensions/v1beta1
metadata:
name: master-to-slave
namespace: innovation
spec:
podSelector:
matchLabels:
app: app-slave
ingress:
- ports:
- port: 5000
protocol: TCP
- port: 5001
protocol: TCP
- from:
- namespaceSelector:
matchLabels:
app: app-master
再次感谢您的帮助!
推荐答案
问题可能是主服务器和从服务器都具有相同的标签app: myapp
.对于主部署和服务,将标签更改为app: master
,对于从属部署和服务,将标签更改为app: slave
.
The problem could be having same label app: myapp
for both master and slave. Change the label to app: master
for master deployment and service and app: slave
for slave deployment and service.
这篇关于Kubernetes中是否可以连接两个集群IP服务?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!