Kubernetes:如果 nodePort 是随机的,如何访问服务? [英] Kubernetes: how to access service if nodePort is random?
问题描述
我是 K8s 的新手,目前正在使用 Minikube 来玩这个平台.如何为服务配置公共(即集群外)端口?我遵循了 nginx 示例, 以及 K8s 服务教程.就我而言,我创建了这样的服务:
I'm new to K8s and am currently using Minikube to play around with the platform. How do I configure a public (i.e. outside the cluster) port for the service? I followed the nginx example, and K8s service tutorials. In my case, I created the service like so:
kubectl expose deployment/mysrv --type=NodePort --port=1234
该服务的端口是 1234,供任何试图从集群内部访问它的人使用.minikube 教程说我需要通过它的随机 nodePort 直接访问服务,这适用于手动测试目的:
The service's port is 1234 for anyone trying to access it from INSIDE the cluster. The minikube tutorials say I need to access the service directly through it's random nodePort, which works for manual testing purposes:
kubectl describe service mysrv | grep NodePort
...
NodePort: <unset> 32387/TCP
# curl "http://`minikube ip`:32387/"
但我不明白,在真正的集群中,该服务如何拥有一个固定的世界可访问端口.nginx 示例描述了有关使用 LoadBalancer 服务种类的一些内容,但它们甚至没有在那里指定端口...
But I don't understand how, in a real cluster, the service could have a fixed world-accessible port. The nginx examples describe something about using the LoadBalancer service kind, but they don't even specify ports there...
任何想法如何修复整个服务的外部端口?
Any ideas how to fix the external port for the entire service?
推荐答案
minikube 教程说我需要通过它的随机 nodePort 直接访问服务,这适用于手动测试目的:
The minikube tutorials say I need to access the service directly through it's random nodePort, which works for manual testing purposes:
当您使用 $ kubectl Expose
命令创建 NodePort
类型的服务对象时,您无法选择您的 NodePort
端口.要选择 NodePort
端口,您需要为其创建 YAML
定义.
When you create service object of type NodePort
with a $ kubectl expose
command you cannot choose your NodePort
port. To choose a NodePort
port you will need to create a YAML
definition of it.
您可以在Nodeport
类型的服务对象中手动指定端口,示例如下:
You can manually specify the port in service object of type Nodeport
with below example:
apiVersion: v1
kind: Service
metadata:
name: example-nodeport
spec:
type: NodePort
selector:
app: hello # selector for deployment
ports:
- name: example-port
protocol: TCP
port: 1234 # CLUSTERIP PORT
targetPort: 50001 # POD PORT WHICH APPLICATION IS RUNNING ON
nodePort: 32222 # HERE!
您可以通过调用命令来应用上述 YAML
定义:$ kubectl apply -f FILE_NAME.yaml
You can apply above YAML
definition by invoking command:
$ kubectl apply -f FILE_NAME.yaml
仅当 nodePort
端口可用时,才会创建上述服务对象.
Above service object will be created only if nodePort
port is available to use.
但我不明白,在真正的集群中,该服务如何没有具有固定的全球可访问端口.
But I don't understand how, in a real cluster, the service could not have a fixed world-accessible port.
在由云提供商(例如 GKE)管理的集群中,您可以使用 LoadBalancer
类型的服务对象,该对象将具有固定的外部 IP 和固定端口.
In clusters managed by cloud providers (for example GKE) you can use a service object of type LoadBalancer
which will have a fixed external IP and fixed port.
具有公共 IP 节点的集群可以使用 NodePort
类型的服务对象将流量引导到集群中.
Clusters that have nodes with public IP's can use service object of type NodePort
to direct traffic into the cluster.
在 minikube
环境中,您可以使用 LoadBalancer
类型的服务对象,但它会有一些警告,如上一段所述.
In minikube
environment you can use a service object of type LoadBalancer
but it will have some caveats described in last paragraph.
Nodeport
将每个节点 IP 上的服务暴露在一个静态端口上.它允许外部流量通过 NodePort
端口进入.此端口将自动从 30000
范围分配到 32767
.
Nodeport
is exposing the service on each node IP at a static port. It allows external traffic to enter with the NodePort
port. This port will be automatically assigned from range of 30000
to 32767
.
您可以按照 本手册.
You can change the default NodePort
port range by following this manual.
您可以通过查看此 answer 来检查在创建 NodePort
类型的服务对象时究竟发生了什么.
You can check what is exactly happening when creating a service object of type NodePort
by looking on this answer.
想象一下:
- 您的节点具有以下 IP:
192.168.0.100
192.168.0.101
192.168.0.102
10.244.1.10
10.244.1.11
10.244.1.12
NodePort
(port32222
) 与:ClusterIP
:- IP:
10.96.0.100
端口
:7654
targetPort
:50001
NodePort
(port32222
) with:ClusterIP
:- IP:
10.96.0.100
port
:7654
targetPort
:50001
关于
targetPort
的一句话.它是 pod 上端口的定义,例如 Web 服务器.A word about
targetPort
. It's a definition for port on the pod that is for example a web server.根据上面的例子你会得到
hello
响应:According to above example you will get
hello
response with:NodeIP:NodePort
(所有 Pod 都可以用hello
响应):192.168.0.100:32222
192.168.0.101:32222
192.168.0.102:32222
NodeIP:NodePort
(all the pods could respond withhello
):192.168.0.100:32222
192.168.0.101:32222
192.168.0.102:32222
10.0.96.100:7654
10.244.1.10:50001
10.244.1.11:50001
10.244.1.12:50001
您可以使用
curl
命令检查访问,如下所示:You can check access with
curl
command as below:$ curl http://NODE_IP:NODEPORT
在你提到的例子中:
$ kubectl expose deployment/mysrv --type=NodePort --port=1234
会发生什么:
- 它会在您的
minikube
实例上分配一个范围从30000
到32767
的随机端口,将进入该端口的流量引导至 Pod.莉> - 另外它会创建一个
ClusterIP
,端口为1234
- It will assign a random port from range of
30000
to32767
on yourminikube
instance directing traffic entering this port to pods. - Additionally it will create a
ClusterIP
with port of1234
在上面的例子中没有参数
targetPort
.如果未提供targetPort
,它将与命令中的port
相同.In the example above there was no parameter
targetPort
. IftargetPort
is not provided it will be the same asport
in the command.进入
NodePort
的流量将被直接路由到 Pod,不会转到ClusterIP
.Traffic entering a
NodePort
will be routed directly to pods and will not go to theClusterIP
.从
minikube
的角度来看,NodePort
将是您的minikube
实例上的端口.它的 IP 地址将取决于所使用的管理程序.将其暴露在本地机器之外将严重依赖于操作系统.From the
minikube
perspective aNodePort
will be a port on yourminikube
instance. It's IP address will be dependent on the hypervisor used. Exposing it outside your local machine will be heavily dependent on operating system.LoadBalancer
(1) 类型的服务对象和外部LoadBalancer
(2) 类型之间的区别:There is a difference between a service object of type
LoadBalancer
(1) and an externalLoadBalancer
(2):LoadBalancer
(1) 类型的服务对象允许使用云提供商的LoadBalancer
(2) 向外部公开服务.它是 Kubernetes 环境中的一项服务,通过服务控制器可以安排创建外部LoadBalancer
(2).- 外部
LoadBalancer
(2) 是云提供商提供的负载均衡器.它将在第 4 层运行.
- Service object of type
LoadBalancer
(1) allows to expose a service externally using a cloud provider’sLoadBalancer
(2). It's a service within Kubernetes environment that through service controller can schedule a creation of externalLoadBalancer
(2). - External
LoadBalancer
(2) is a load balancer provided by cloud provider. It will operate at Layer 4.
类型
LoadBalancer
(1)的服务定义示例:Example definition of service of type
LoadBalancer
(1):apiVersion: v1 kind: Service metadata: name: example-loadbalancer spec: type: LoadBalancer selector: app: hello ports: - port: 1234 # LOADBALANCER PORT targetPort: 50001 # POD PORT WHICH APPLICATION IS RUNNING ON nodePort: 32222 # PORT ON THE NODE
应用上述
YAML
将创建一个LoadBalancer
(1)Applying above
YAML
will create a service of typeLoadBalancer
(1)具体看:
ports: - port: 1234 # LOADBALANCER PORT
这个定义将同时:
- 指定外部
LoadBalancer
(2)port
为1234 - 指定
ClusterIP
port
为1234
- specify external
LoadBalancer
(2)port
as 1234 - specify
ClusterIP
port
as 1234
想象一下:
- 您的外部
LoadBalancer
(2) 具有:外部IP
:34.88.255.5
端口
:7654
- Your external
LoadBalancer
(2) have:ExternalIP
:34.88.255.5
port
:7654
192.168.0.100
192.168.0.101
192.168.0.102
10.244.1.10
10.244.1.11
10.244.1.12
NodePort
(port32222
) 与:ClusterIP
:- IP:
10.96.0.100
端口
:7654
targetPort
:50001
NodePort
(port32222
) with:ClusterIP
:- IP:
10.96.0.100
port
:7654
targetPort
:50001
根据上面的例子你会得到
hello
响应:According to above example you will get
hello
response with:ExternalIP
:port
(所有 Pod 都可以用hello
响应):34.88.255.5:7654
ExternalIP
:port
(all the pods could respond withhello
):34.88.255.5:7654
192.168.0.100:32222
192.168.0.101:32222
192.168.0.102:32222
10.0.96.100:7654
10.244.1.10:50001
10.244.1.11:50001
10.244.1.12:50001
ExternalIP
可以通过命令查看:$ kubectl get services
交通流:客户端 ->
LoadBalancer:port
(2) ->NodeIP:NodePort
->Pod:targetPort
Flow of the traffic: Client ->
LoadBalancer:port
(2) ->NodeIP:NodePort
->Pod:targetPort
注意:此功能仅适用于支持外部负载平衡器的云提供商或环境.
Note: This feature is only available for cloud providers or environments which support external load balancers.
在支持负载平衡器的云提供商上,将提供外部 IP 地址来访问服务.在 Minikube 上,
LoadBalancer
类型使 Service 可以通过minikube service
命令访问.On cloud providers that support load balancers, an external IP address would be provisioned to access the Service. On Minikube, the
LoadBalancer
type makes the Service accessible through theminikube service
command.Minikube
可以创建LoadBalancer
(1) 类型的服务对象,但不会创建外部LoadBalancer
(2).Minikube
can create service object of typeLoadBalancer
(1) but it will not create an externalLoadBalancer
(2).命令
$ kubectl get services
中的ExternalIP
将处于pending状态.The
ExternalIP
in command$ kubectl get services
will have pending status.要解决没有外部
LoadBalancer
(2)的问题,您可以调用$ minikube tunnel
,这将创建从主机到minikube
的路由环境直接访问ClusterIP
的CIDR
.To address that there is no external
LoadBalancer
(2) you can invoke$ minikube tunnel
which will create a route from host tominikube
environment to access theCIDR
ofClusterIP
directly.这篇关于Kubernetes:如果 nodePort 是随机的,如何访问服务?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
- IP:
- IP:
- IP:
- IP: