Kubernetes，无法访问公开的服务 [英] Kubernetes, Cannot access exposed services

问题描述

Kubernetes版本: v1.10.3

Docker版本: 17.03.2-ce

Docker version: 17.03.2-ce

操作系统和内核: Centos 7

Operating system and kernel: Centos 7

复制步骤: https://kubernetes.io/docs/tasks /access-application-cluster/service-access-application-cluster/

结果:

[root @ rd07 rd]#kubectl描述服务示例服务

[root@rd07 rd]# kubectl describe services example-service

名称:example-service
命名空间:默认
标签:run = load-balancer-example
注释:
选择器:run = load-balancer-example
类型:NodePort
IP:10.108.214.162
端口:9090/TCP
TargetPort:9090/TCP
NodePort:31105/TCP
端点:192.168.1.23:9090,192.168.1.24:9090
会话亲和力:无
外部流量策略:群集
活动:

Name: example-service
Namespace: default
Labels: run=load-balancer-example
Annotations:
Selector: run=load-balancer-example
Type: NodePort
IP: 10.108.214.162
Port: 9090/TCP
TargetPort: 9090/TCP
NodePort: 31105/TCP
Endpoints: 192.168.1.23:9090,192.168.1.24:9090
Session Affinity: None
External Traffic Policy: Cluster
Events:

预期:

期望能够卷曲kubernetes服务中定义的集群ip

Expect to be able to curl the cluster ip defined in the kubernetes service

我不确定哪个是所谓的"public-node-ip"，所以我尝试了每个相关的ip地址，仅当使用主ip作为"public-node-ip"时，它显示无路由".托管".

I'm not exactly sure which is the so called "public-node-ip", so I tried every related ip address, only when using the master ip as the "public-node-ip" it shows "No route to host".

我用"netstat"检查端点是否被监听.

I used "netstat" to check if the endpoint is listened.

我尝试了" https://github.com/rancher/rancher/issues/6139 "刷新我的iptables，它根本无法正常工作.

I tried "https://github.com/rancher/rancher/issues/6139" to flush my iptables, and it was not working at all.

我尝试了" https://kubernetes.io/docs /tasks/debug-application-cluster/debug-service/"，"nslookup hostnames.default"不起作用.

I tried "https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/", "nslookup hostnames.default" is not working.

这些服务似乎工作得很好，但是仍然无法访问这些服务.

The services seems working perfectly fine, but the services still cannot be accessed.

我正在使用印花布"，并且还尝试了法兰绒".

I'm using "calico" and the "flannel" was also tried.

我尝试了很多应用服务教程，但都无法访问它们.

I tried so many tutorials of apply services, they all cannot be accessed.

如果有人可以帮助我，我是kubernetes的新手.

I'm new to kubernetes, plz if anyone could help me.

推荐答案

如果您在任何公共云上，则不应使用ip a命令获取公共ip地址.但是，即使该端口将暴露于0.0.0.0:31105

If you are on any public cloud you are not supposed to get public ip address at ip a command. But even though the port will be exposed to 0.0.0.0:31105

这是您可以验证其配置的示例文件:

Here is the sample file you can verify for your configuration:

apiVersion: v1
kind: Service
metadata:
  labels:
    k8s-app: app-name
  name: bss
  namespace: default
spec:
  externalIPs:
  - 172.16.2.2
  - 172.16.2.3
  - 172.16.2.4
  externalTrafficPolicy: Cluster
  ports:
  - port: 9090
    protocol: TCP
    targetPort: 9090
  selector:
    k8s-app: bss
  sessionAffinity: ClientIP
  type: LoadBalancer
status:
  loadBalancer: {}

只需将<private-ip>替换为externalIPs:，并使用节点端口卷曲公共IP.

Just replace your <private-ip> at externalIPs: and do curl your public ip with your node port.

如果您使用任何云来部署应用程序，还请验证来自云安全组/防火墙的配置以打开端口.

If you are using any cloud to deploy application, Also verify configuration from cloud security groups/firewall for opening port.

希望这会有所帮助.

谢谢！

这篇关于Kubernetes，无法访问公开的服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！