通过一个IP(主节点)访问Kubernetes服务 [英] Accessing Kubernetes services through one IP (Master Node)
问题描述
我有一个Kubernetes集群安装,在centos 7机器(内部环境)中有一个主节点和两个工作节点.是否可以通过主节点的ip访问将在Kubernetes上安装的所有已部署服务(内置和我的微服务)?
I have a Kubernetes cluster installation with a master node and two worker nodes in centos 7 machine(On premise environment). Is there a way to access all deployed services(Built in and my micro service) that will be installed on Kubernetes through master node's ip?
我用过法兰绒网络.我的服务正在节点端口30011上运行.我可以从辅助节点ip和节点端口[192.23.12.X1:30011和192.23.12.X2:30011]端口访问我的服务,但无法访问同一端口主节点提供服务[192.23.19.21:30011].
I have used flannel network. My service is running on node port 30011. I am able to access my service from worker node ip and node port[192.23.12.X1:30011 and 192.23.12.X2:30011] port but I am not able to access the same service from master node[192.23.19.21:30011].
这是我的部署和服务Yaml文件
Here is my deployment and service yaml file
deployment.yaml
deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: am-profile
labels:
app: am-profile
spec:
replicas: 1
selector:
matchLabels:
app: am-profile
template:
metadata:
labels:
app: am-profile
spec:
containers:
- name: am-profile
image: 192.23.12.160:8083/am-setting:1.0.0
ports:
- containerPort: 8081
service.yaml
service.yaml
apiVersion: v1
kind: Service
metadata:
name: am-profile
labels:
app: am-profile
spec:
type: NodePort
ports:
- targetPort: 8081
port: 8081
nodePort: 30011
selector:
app: am-profile
我想访问此服务,例如 http://master-node:30011/hello . 感谢您的帮助.
I want to access this service like http://master-node:30011/hello. Every help is appreciated.
这是IP表保存了
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/subscriber-profile-service:" -m tcp --dport 30002 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/subscriber-profile-service:" -m tcp --dport 30002 -j KUBE-SVC-IUSISESM6NEI4T53
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.107.113.5/32 -p tcp -m comment --comment "default/subscriber-profile-service: cluster IP" -m tcp --dport 8082 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.107.113.5/32 -p tcp -m comment --comment "default/subscriber-profile-service: cluster IP" -m tcp --dport 8082 -j KUBE-SVC-IUSISESM6NEI4T53 [r –
推荐答案
如果Kubernetes群集没有网络问题,则可以使用群集的任何节点(包括主节点)访问NodePort服务.
If Kubernetes cluster has no network issues, you are able to access NodePort service using any node of the cluster including master node(s).
默认情况下,kube-proxy窗格创建ip-tables规则以将流量从NodeIP:NodePort转发到特定的pod:port.您可以通过在每个节点上运行以下命令来检查现有的ip-tables规则:
By default, kube-proxy pods create ip-tables rules to forward traffic from NodeIP:NodePort to specific pod:port. You can check existing ip-tables rules by running the following command on each node:
$ sudo iptables-save
# you may need to install iptables package to use this command
# yum -y install iptables
-A KUBE-NODEPORT ... -j KUBE-SVC-... # shows you port number on the node
-A KUBE-SVC-... -j KUBE-SEP-... # shows you destination rules links and balancing
-A KUBE-SEP-... ... -j DNAT --to-destination <pod-ip:port> # shows you destination for traffic that comes to NodePort
如果所有提及的规则均已到位,请检查从主节点到节点的连通性:
If all mentioned rules are in place, check the connectivity from master to node:
master-node$> curl http://<pod-ip>:<port>/path-if-needed/
如果检查失败并出现连接错误,请检查以下内容:
In case that check fails with a connection error, check the following:
- 是否存在可能会降低流量的自定义防火墙或Firewalld规则?
- 云VPC安全性是否允许节点之间的流量?
- 网络解决方案(绒布,印花棉布等)是否已安装且正常工作?
- 是否已启用SELinux?
这篇关于通过一个IP(主节点)访问Kubernetes服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
