Kubernetes,无法访问公开的服务 [英] Kubernetes, Cannot access exposed services
问题描述
Kubernetes版本: v1.10.3
Docker版本: 17.03.2-ce
Docker version: 17.03.2-ce
操作系统和内核: Centos 7
Operating system and kernel: Centos 7
复制步骤: https://kubernetes.io/docs/tasks /access-application-cluster/service-access-application-cluster/
结果:
[root @ rd07 rd]#kubectl描述服务示例服务
[root@rd07 rd]# kubectl describe services example-service
名称:example-service
命名空间:默认
标签:run = load-balancer-example
注释:
选择器:run = load-balancer-example
类型:NodePort
IP:10.108.214.162
端口:9090/TCP
TargetPort:9090/TCP
NodePort:31105/TCP
端点:192.168.1.23:9090,192.168.1.24:9090
会话亲和力:无
外部流量策略:群集
活动:
Name: example-service
Namespace: default
Labels: run=load-balancer-example
Annotations:
Selector: run=load-balancer-example
Type: NodePort
IP: 10.108.214.162
Port: 9090/TCP
TargetPort: 9090/TCP
NodePort: 31105/TCP
Endpoints: 192.168.1.23:9090,192.168.1.24:9090
Session Affinity: None
External Traffic Policy: Cluster
Events:
预期:
期望能够卷曲kubernetes服务中定义的集群ip
Expect to be able to curl the cluster ip defined in the kubernetes service
我不确定哪个是所谓的"public-node-ip",所以我尝试了每个相关的ip地址,仅当使用主ip作为"public-node-ip"时,它显示无路由".托管".
I'm not exactly sure which is the so called "public-node-ip", so I tried every related ip address, only when using the master ip as the "public-node-ip" it shows "No route to host".
我用"netstat"检查端点是否被监听.
I used "netstat" to check if the endpoint is listened.
我尝试了" https://github.com/rancher/rancher/issues/6139 "刷新我的iptables,它根本无法正常工作.
I tried "https://github.com/rancher/rancher/issues/6139" to flush my iptables, and it was not working at all.
我尝试了" https://kubernetes.io/docs /tasks/debug-application-cluster/debug-service/","nslookup hostnames.default"不起作用.
I tried "https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/", "nslookup hostnames.default" is not working.
这些服务似乎工作得很好,但是仍然无法访问这些服务.
The services seems working perfectly fine, but the services still cannot be accessed.
我正在使用印花布",并且还尝试了法兰绒".
I'm using "calico" and the "flannel" was also tried.
我尝试了很多应用服务教程,但都无法访问它们.
I tried so many tutorials of apply services, they all cannot be accessed.
如果有人可以帮助我,我是kubernetes的新手.
I'm new to kubernetes, plz if anyone could help me.
推荐答案
如果您在任何公共云上,则不应使用ip a
命令获取公共ip地址.但是,即使该端口将暴露于0.0.0.0:31105
If you are on any public cloud you are not supposed to get public ip address at ip a
command. But even though the port will be exposed to 0.0.0.0:31105
这是您可以验证其配置的示例文件:
Here is the sample file you can verify for your configuration:
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: app-name
name: bss
namespace: default
spec:
externalIPs:
- 172.16.2.2
- 172.16.2.3
- 172.16.2.4
externalTrafficPolicy: Cluster
ports:
- port: 9090
protocol: TCP
targetPort: 9090
selector:
k8s-app: bss
sessionAffinity: ClientIP
type: LoadBalancer
status:
loadBalancer: {}
只需将<private-ip>
替换为externalIPs:
,并使用节点端口卷曲公共IP.
Just replace your <private-ip>
at externalIPs:
and do curl your public ip with your node port.
如果您使用任何云来部署应用程序,还请验证来自云安全组/防火墙的配置以打开端口.
If you are using any cloud to deploy application, Also verify configuration from cloud security groups/firewall for opening port.
希望这会有所帮助.
谢谢!
这篇关于Kubernetes,无法访问公开的服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!