我无法从主 Kubernetes 集群访问 pod

问题描述 投票:0回答:1

如果我有一组使用 NetworkPolicy 入口连接的部署。是工作!但是,如果我必须从外部连接(从 kubectl get ep 获取 IP),我必须设置另一个端点的入口?或者出口政策?

apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: nginx
  annotations:
    kompose.cmd: ./kompose convert
    kompose.version: 1.22.0 (955b78124)
  creationTimestamp: null
  labels:
    io.kompose.service: nginx
  name: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      io.kompose.service: nginx
  strategy: {}
  template:
    metadata:
      annotations:
        kompose.cmd: ./kompose convert
        kompose.version: 1.22.0 (955b78124)
      creationTimestamp: null
      labels:
        io.kompose.network/nginx: "true"
        io.kompose.service: nginx
    spec:
      containers:
        - image: nginx
          name: nginx
          ports:
            - containerPort: 8000
          resources: {}
      restartPolicy: Always
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: mariadb
  annotations:
    kompose.cmd: ./kompose convert
    kompose.version: 1.22.0 (955b78124)
  creationTimestamp: null
  labels:
    io.kompose.service: mariadb
  name: mariadb
spec:
  replicas: 1
  selector:
    matchLabels:
      io.kompose.service: mariadb
  strategy: {}
  template:
    metadata:
      annotations:
        kompose.cmd: ./kompose convert
        kompose.version: 1.22.0 (955b78124)
      creationTimestamp: null
      labels:
        io.kompose.network/nginx: "true"
        io.kompose.service: mariadb
    spec:
      containers:
        - image: mariadb
          name: mariadb
          ports:
            - containerPort: 5432
          resources: {}
      restartPolicy: Always
status: {}
...

您可以在此处查看更多代码http://pastie.org/p/2QpNHjFdAK9xj7SYuZvGPf

端点:

kubectl get ep -n nginx
NAME       ENDPOINTS             AGE
mariadb  192.168.112.203:5432  2d2h
nginx     192.168.112.204:8000  42h

服务:

NAME       TYPE       CLUSTER-IP     EXTERNAL-IP  PORT(S)         AGE
mariadb ClusterIP  10.99.76.78    <none>       5432/TCP        2d2h
nginx     NodePort   10.111.176.21  <none>       8000:31604/TCP  42h

来自服务器的测试:

If I do curl 10.111.176.21:31604 -- No answer
If I do curl 192.168.112.204:8000 -- No answer
If I do curl 192.168.112.204:31604 -- No answer
If I do curl 10.0.0.2:8000 or 31604 -- No answer
10.0.0.2 is a worker node IP.

已更新如果我这样做

kubectl port-forward nginx-PODXXX 8000:8000
我可以从 HTTP://localhost:8000 访问它

那么我哪里错了?

kubernetes nginx kubectl
1个回答
2
投票

看起来您正在使用 网络策略 作为传入流量的入口,但您可能想要使用的是 Ingress Controller 来管理 Ingress 流量。

出口用于从集群内的服务流出到外部源的流量。入口用于将外部流量定向到集群内的特定服务。

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: my-app-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: my-example.site.tld http: paths: - path: / backend: serviceName: nginx servicePort: 5432
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.