NodePort 是否适用于 Azure 容器服务 (Kubernetes)

Question

I have got the following service for Kubernetes dashboard

Name:               kubernetes-dashboard
Namespace:          kube-system
Labels:             k8s-app=kubernetes-dashboard
                    kubernetes.io/cluster-service=true
Annotations:        kubectl.kubernetes.io/last-applied-configuration={"kind":"Service","apiVersion":"v1","metadata":{"name":"kubernetes-dashboard","namespace":"kube-system","creationTimestamp":null,"labels":{"k8s-app":"k...
Selector:           k8s-app=kubernetes-dashboard
Type:               NodePort
IP:                 10.0.106.144
Port:               <unset> 80/TCP
NodePort:           <unset> 30177/TCP
Endpoints:          10.244.0.11:9090
Session Affinity:   None
Events:             <none>

According to the documentation , I ran

az acs kubernetes browse

and it works on http://localhost:8001/ui

But I want to access it outside the cluster too. The describe output says that it is exposed using NodePort on port 30177.

But I'm not able to access it on http://<any node IP>:30177

Answer 1

As we know, expose the service to internet, we can use nodeport and LoadBalancer .

As far as I know, Azure does not support nodeport type now.

But I want to access it outside the cluster too.

we can use LoadBalancer to re-create the kubernetes dashboard, here are my steps:

1. Delete kubernetes-dashboard via kubernetes UI: select Namespace to kube-system , then select services , then delete it:

2. Modify Kubernetes-dashboard-service.yaml: SSH master VM, then change type from nodeport to LoadBalancer :

   root@k8s-master-47CAB7F6-0:/etc/kubernetes/addons# vi kubernetes-dashboard-service.yaml

    apiVersion: v1 kind: Service metadata: labels: kubernetes.io/cluster-service: "true" k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: ports: - port: 80 targetPort: 9090 selector: k8s-app: kubernetes-dashboard type: LoadBalancer

3. start kubernetes browse from CLI 2.0:

   C:\\Users> az acs kubernetes browse -g k8s -n containerservice-k8s

Then SSH to master VM to check the status :

Now, we can via the Public IP address to browse the UI:

Update :
The following image shows the architecture of azure container service cluster(Kubernetes), we should use Load-Balancer to expose the service to internet.

Answer 2

On second thought, this actually is expected to NOT work. The only public IP in the cluster, by default, is for the load balancer on the masters. And that load balancer obviously is not configured to forward random ports (like 30000-32767 for example). Further, none of the nodes directly have a public IP, so by definition NodePort is not going to work external to the cluster.

The only way you're going to make this work is by giving the nodes public IP addresses directly. This is not encouraged for a variety of reasons.

If you merely want to avoid waiting... then I suggest:

1. Don't delete the Service. Most dev scenarios should just be kubectl apply -f <directory> in which case you don't really need to wait for the Service to re-provision

2. Use Ingress along with 'nginx-ingress-controller' so that you only need to wait for the full LB+NSG+PublicIP provisioning once, and then can just add/remove Ingress objects in your dev scenario.

3. Use minikube for development scenarios, or manually add public ips to the nodes to make the NodePort scenario work.

Answer 3

You can't expose the service via nodeport by running the kubectl expose command, you get a VIP address outside the range of the subnets your cluster sits on... Instead, deploy a service through a yaml file and you can specify an internal load balancer as a type..., which will give you a local IP on the Master subnet, which you can connect to via the internal network...

Or, you can just expose the service with an external load balancer and get a public ip. available on the www.