使用NodePort类型服务公开私有kubernetes集群 [英] expose private kubernetes cluster with NodePort type service
问题描述
我在GKE上创建了一个VPC本地群集,禁用了主授权网络.我想我做的所有事情都正确,但是我仍然无法从外部访问该应用程序.
I have created a VPC-native cluster on GKE, master authorized networks disabled on it. I think I did all things correctly but I still can't access to the app externally.
下面是我的服务清单.
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.16.0 (0c01309)
creationTimestamp: null
labels:
io.kompose.service: app
name: app
spec:
ports:
- name: '3000'
port: 80
targetPort: 3000
protocol: TCP
nodePort: 30382
selector:
io.kompose.service: app
type: NodePort
该应用程序的容器端口为 3000
,我从日志中检查它是否正常运行.我还添加了防火墙以在vpc网络中打开 30382
端口.我仍然无法访问具有指定nodePort的节点.有什么我想念的吗?
The app's container port is 3000
and I checked it is working from logs.
I added firewall to open the 30382
port in my vpc network too.
I still can't access to the node with the specified nodePort.
Is there anything I am missing?
kubectl取得ep :
NAME ENDPOINTS AGE
app 10.20.0.10:3000 6h17m
kubernetes 34.69.50.167:443 29h
kubectl get svc :
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
app NodePort 10.24.6.14 <none> 80:30382/TCP 6h25m
kubernetes ClusterIP 10.24.0.1 <none> 443/TCP 29h
推荐答案
In Kubernetes, the service is used to communicate with pods.
要在kubernetes集群之外暴露pod,您将需要 NodePort
类型.
To expose the pods outside the kubernetes cluster, you will need k8s service of NodePort
type.
NodePort
设置适用于Kubernetes服务.默认情况下,可以在ClusterIP上访问Kubernetes服务,该IP是只能从Kubernetes集群内部访问的内部 IP地址.通过ClusterIP,可以在Pod中运行的应用程序访问服务.为了使服务可以从群集外部访问,用户可以创建NodePort类型的服务.
The NodePort
setting applies to the Kubernetes services. By default Kubernetes services are accessible at the ClusterIP which is an internal IP address reachable from inside of the Kubernetes cluster only. The ClusterIP enables the applications running within the pods to access the service. To make the service accessible from outside of the cluster a user can create a service of type NodePort.
请注意,需要为集群中的一个节点分配外部 IP地址,并需要允许进入该端口的流量的防火墙规则.结果,Kubernetes节点上的kubeproxy(连接了外部IP地址)会将该端口代理到服务选择的Pod.
Please note that it is needed to have external IP address assigned to one of the nodes in cluster and a Firewall rule that allows ingress traffic to that port. As a result kubeproxy on Kubernetes node (the external IP address is attached to) will proxy that port to the pods selected by the service.
这篇关于使用NodePort类型服务公开私有kubernetes集群的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!