使用NodePort类型服务公开私有kubernetes集群 [英] expose private kubernetes cluster with NodePort type service

问题描述

我在GKE上创建了一个VPC本地群集，禁用了主授权网络.我想我做的所有事情都正确，但是我仍然无法从外部访问该应用程序.

I have created a VPC-native cluster on GKE, master authorized networks disabled on it. I think I did all things correctly but I still can't access to the app externally.

下面是我的服务清单.

apiVersion: v1
kind: Service
metadata:
    annotations:
        kompose.cmd: kompose convert
        kompose.version: 1.16.0 (0c01309)
    creationTimestamp: null
    labels:
        io.kompose.service: app
    name: app
spec:
    ports:
        - name: '3000'
          port: 80
          targetPort: 3000
          protocol: TCP
          nodePort: 30382
    selector:
        io.kompose.service: app
    type: NodePort

该应用程序的容器端口为 3000 ，我从日志中检查它是否正常运行.我还添加了防火墙以在vpc网络中打开 30382 端口.我仍然无法访问具有指定nodePort的节点.有什么我想念的吗?

The app's container port is 3000 and I checked it is working from logs. I added firewall to open the 30382port in my vpc network too. I still can't access to the node with the specified nodePort. Is there anything I am missing?

kubectl取得ep :

NAME         ENDPOINTS          AGE
app          10.20.0.10:3000    6h17m
kubernetes   34.69.50.167:443   29h

kubectl get svc :

NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
app          NodePort    10.24.6.14   <none>        80:30382/TCP   6h25m
kubernetes   ClusterIP   10.24.0.1    <none>        443/TCP        29h

推荐答案

在Kubernetes中，

In Kubernetes, the service is used to communicate with pods.

要在kubernetes集群之外暴露pod，您将需要 NodePort 类型.

To expose the pods outside the kubernetes cluster, you will need k8s service of NodePort type.

NodePort 设置适用于Kubernetes服务.默认情况下，可以在ClusterIP上访问Kubernetes服务，该IP是只能从Kubernetes集群内部访问的内部 IP地址.通过ClusterIP，可以在Pod中运行的应用程序访问服务.为了使服务可以从群集外部访问，用户可以创建NodePort类型的服务.

The NodePort setting applies to the Kubernetes services. By default Kubernetes services are accessible at the ClusterIP which is an internal IP address reachable from inside of the Kubernetes cluster only. The ClusterIP enables the applications running within the pods to access the service. To make the service accessible from outside of the cluster a user can create a service of type NodePort.

请注意，需要为集群中的一个节点分配外部 IP地址，并需要允许进入该端口的流量的防火墙规则.结果，Kubernetes节点上的kubeproxy(连接了外部IP地址)会将该端口代理到服务选择的Pod.

Please note that it is needed to have external IP address assigned to one of the nodes in cluster and a Firewall rule that allows ingress traffic to that port. As a result kubeproxy on Kubernetes node (the external IP address is attached to) will proxy that port to the pods selected by the service.

这篇关于使用NodePort类型服务公开私有kubernetes集群的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！