(The我正在做的最终目标是通过节点IP地址访问我的应用程序)
我的集群正在使用Traefik ingress控制器。Ingress规则是:
kind: Ingress
...
...
spec:
rules:
- host: my.app
http:
paths:
- pathType: ImplementationSpecific
path: /
backend:
service:
name: my-app-svc
port:
number: 3000另外还部署了一个LoadBalancer服务:
k get svc -n kube-system traefik
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
traefik LoadBalancer 10.43.58.233 192.168.10.82 80:32003/TCP,443:30554/TCP 40d如您所见,此LoadBalancer服务的外部IP是192.168.10.82。
在我的笔记本电脑上,我将该外部IPMap为/etc/hosts中的主机名:
192.168.10.82 my.app我可以通过外部IP成功访问我部署的应用程序:http://my.app
**现在,我想通过IP地址访问它。**这是我尝试在下面做的:
因此,我为控制器部署了一个NodePort服务:
apiVersion: v1
kind: Service
metadata:
name: traefik-node-port-svc
namespace: kube-system
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
nodePort: 30182
protocol: TCP
- name: https
port: 443
targetPort: 443
nodePort: 30183
protocol: TCP
selector:
app: traefik我可以看到部署了这个NodePort服务:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
traefik-node-port-svc NodePort 10.43.148.128 <none> 80:30182/TCP,443:30183/TCP 69m正如您在上面看到的,HTTP流量的暴露端口是30182。
然后,我得到节点(我只有一个节点):
k get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
testk3s01 Ready control-plane,master 40d v1.21.5+k3s2 192.168.10.82 <none> k3OS v0.21.5-k3s2r1 5.4.0-88-generic containerd://1.4.11-k3s1上面可以看到节点的内部IP是192.168.10.82。
然后我尝试通过<node internal IP>:<NodePort svc exposed port>访问我的应用程序
> curl 192.168.10.82:30182
curl: (7) Failed to connect to 192.168.10.82 port 30182 after 7 ms: Connection refused但是连接被拒绝了,为什么呢?我如何通过IP地址直接访问我的应用程序?NodePort服务详细信息如下:
> kubectl describe svc traefik-node-port-svc -n kube-system
Name: traefik-node-port-svc
Namespace: kube-system
Labels: <none>
Annotations: <none>
Selector: app=traefik
Type: NodePort
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.43.148.128
IPs: 10.43.148.128
Port: http 80/TCP
TargetPort: 80/TCP
NodePort: http 30182/TCP
Endpoints: <none>
Port: https 443/TCP
TargetPort: 443/TCP
NodePort: https 30183/TCP
Endpoints: <none>
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>===根据@Sibtain的回答更新====
我尝试了@Sibtain的答案中的选项2,为我的NodePort服务找出正确的targetPort。
我首先尝试从LoadBalancer服务中找到targetPort:
> kubectl get svc traefik -o yaml -n kube-system
...
...
ports:
- name: web
nodePort: 32003
port: 80
protocol: TCP
targetPort: web
- name: websecure
nodePort: 30554
port: 443
protocol: TCP
targetPort: websecure
selector:
app.kubernetes.io/instance: traefik
app.kubernetes.io/name: traefik
sessionAffinity: None
type: LoadBalancer正如你在上面看到的,指向应用程序pod的targetPort是80,分别用于http和443 https。我还可以看到这个服务使用的Selector部分。
因此,我更新了我的NodePort服务清单,以指向相同的targetPort:
apiVersion: v1
kind: Service
metadata:
name: traefik-node-port-svc
namespace: kube-system
spec:
type: NodePort
ports:
- name: web
port: 80
targetPort: web
nodePort: 30182
protocol: TCP
- name: websecure
port: 443
targetPort: websecure
nodePort: 30183
protocol: TCP
selector:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik我重新部署了这个NodePort服务。但是当再次检查时,它仍然有<none>端点:
> kubectl describe svc traefik-node-port-svc -n kube-system
Name: traefik-node-port-svc
Namespace: kube-system
Labels: <none>
Annotations: <none>
Selector: app.kubernetes.io/instance=traefik,app.kubernetes.io/name=traefik,app=traefik
Type: NodePort
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.43.148.128
IPs: 10.43.148.128
Port: web 80/TCP
TargetPort: web/TCP
NodePort: web 30182/TCP
Endpoints: <none>
Port: websecure 443/TCP
TargetPort: websecure/TCP
NodePort: websecure 30183/TCP
Endpoints: <none>
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>现在kube-system下的所有服务都向我展示了这一点:
kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 41d
metrics-server ClusterIP 10.43.111.166 <none> 443/TCP 41d
traefik LoadBalancer 10.43.58.233 192.168.10.82 80:32003/TCP,443:30554/TCP 40d
traefik-node-port-svc NodePort 10.43.148.128 <none> 80:30182/TCP,443:30183/TCP 19hcurl结果:
> curl 192.168.10.82:30182
curl: (7) Failed to connect to 192.168.10.82 port 30182 after 10 ms: Connection refused
> curl 192.168.10.82:80
404 page not found
> curl 192.168.10.82:30183
curl: (7) Failed to connect to 192.168.10.82 port 30183 after 860 ms: Connection refused
> curl 192.168.10.82:443
404 page not found
1条答案
按热度按时间uemypmqf1#
您的服务
traefik-node-port-svc没有附加Endpoints(注意describe输出中的<none>)这意味着没有服务可以将请求重定向到的Pod。很可能您的
TargetPort不正确,或者selector标签(app: traefik)错误。要修复
targetPort,您可以选择以下两个选项中的任何一个:1.运行
kubectl describe pod <traefik-pod-here>并记下port。这应该是traefik-node-port-svc规范中的targetPort。1.运行
kubectl describe svc traefik -n kube-system并从那里注意targetPort,因为您已经有一个正在运行的LoadBalancer Service,因此这意味着它正在将请求重定向到适当的pod。如果问题出在
selector标签上,您可以通过运行kubectl get pod <traefik-pod-here> --show-labels检查标签并添加适当的标签。编辑
创建服务并确保标签正确的更简单方法是使用声明式
kubectl expose命令,假设traefik pod在端口9000上作为名为traefik的部署运行,该命令如下所示:(* 注意:实际的nodePort将自动从30000-32767* 范围内分配)