无法通过外部网络访问kubernetes服务 [英] Cannot access kubernetes service via outside network

问题描述

我用kubernetes 1.3.0设置了kubernetes环境，并在同一主机上运行master和node，我运行了一个带有RC的tomcat Web应用程序，一个带有docker的Service，一切似乎运行良好，我可以通过内部网络访问该服务使用curl命令，但是当我尝试使用公共IP从Internet访问服务时，它是失败的.

I setup kubernetes environment with kubernetes 1.3.0, and running master and node on same host, I run a tomcat web application with one RC, one Service with docker, all seems running fine, I can access the service via internal network with curl command, but when I try to access the Service from Internet with public IP, it is failure.

RC配置为:

apiVersion: v1
kind: ReplicationController
metadata:
  name: myweb
spec:
    replicas: 2
    selector:
      app: myweb
    template:
      metadata:
        labels:
          app: myweb
      spec:
        containers:
        - name: myweb
          image: kubeguide/tomcat-app:v1
          ports:
          - containerPort: 8080
          env:
          - name: MYSQL_SERVICE_HOST
            value: "mysql"
          - name: MYSQL_SERVICE_PORT
            value: '3306'

服务配置为:

apiVersion: v1
kind: Service
metadata:
  name: myweb
spec:
  type: NodePort
  ports:
    - port: 8080
      nodePort: 30001
  selector:
    app: myweb

如您所见，该服务侦听30001端口，当Kubernetes服务侦听该端口时，无法通过Internet访问它，但是当我使用 nc -l 30001 命令在同一主机上，则可以通过Internet进行访问，这意味着在系统层上可以进行网络配置.

As you see, the Service listen the 30001 Port, when the port listen by Kubernetes Service, it cannot be accessed via Internet, but when I use nc -l 30001 command on same host, it can be accessed via Internet, so that means the networking configure is fine on system layer.

对于主机的iptables设置，我接受所有连接，但问题仍然存在.

For the iptables setting of host, I accept all connections, but the issue is still appeared.

那我为什么可以用kubernetes服务访问它?我想念任何配置吗?

then why can I access it with kubernetes service? is there any configure I miss?

推荐答案

要使用主机网络公开kubernetes服务，可以使用Ingress规则.

To expose the kubernetes service using the host network you can use Ingress rules.

请参考: https://kubernetes.io/docs/concepts/services -networking/ingress/

根据您的情况，进入规则如下. apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-test spec: rules: - host: test.example.com http: paths: - backend: serviceName: myweb servicePort: 30001 path: /

In your case the ingress rule will be as follows. apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-test spec: rules: - host: test.example.com http: paths: - backend: serviceName: myweb servicePort: 30001 path: /

这篇关于无法通过外部网络访问kubernetes服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！