spring-boot kubernetes无法访问GKE中部署的控制器端点
[英]spring-boot kubernetes cannot access the controller endpoint deployed in GKE
问题描述
I am trying to deploy spring-boot application in kubernetes using Google Kontainer engine(GKE=>version 1.7.8-gke.0).I have created the replication controller and service. 
我正在尝试使用Google Kontainer引擎(GKE => version 1.7.8-gke.0)在kubernetes中部署spring-boot应用程序。我已经创建了复制控制器和服务。 The replication controller and service was created successfully. 复制控制器和服务已成功创建。 Please find the below output for reference, 请找到以下输出作为参考,
Describe service 描述服务
kubectl describe svc spring-boot-k8-service
Name: spring-boot-k8-service
Namespace: default
Labels: <none>
Annotations: <none>
Selector: app=spring-boot-k8
Type: NodePort
IP: 10.59.249.64
Port: <unset> 9085/TCP
TargetPort: 9085/TCP
NodePort: <unset> 30726/TCP
Endpoints: 10.56.0.5:9085,10.56.1.3:9085,10.56.2.7:9085
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
I have couple of issues here, 我这里有几个问题,
Cluster Details 群集详细信息
$ gcloud container clusters list
NAME ZONE MASTER_VERSION MASTER_IP MACHINE_TYPE
NODE_VERSION NUM_NODES STATUS
spring europe-west1-d 1.7.8-gke.0 XX.XXX.XXX.XXX g1-small
1.7.8-gke.0 3 RUNNING
When i hit the ** https://xx.xxx.xxx.xxx ** It is not popping the username/password dialog instead getting following error, 当我点击** https://xx.xxx.xxx.xxx **时,它不会弹出用户名/密码对话框,而是出现以下错误,
User "system:anonymous" cannot get path "/".: "No policy matched.\\nUnknown user \\"system:anonymous\\""
The other issue is, Using which IP address i can access the service? 另一个问题是,我可以使用哪个IP地址访问服务? the one in the describe response is the internal IP. 描述响应中的一个是内部IP。 I also tried with cluster master IP but no luck it is not working. 我也尝试过使用群集主IP,但是运气不好。
Inside the instance, I did a SSH and curl it was working fine, 在实例内部,我执行了SSH并将curl正常运行,
curl -X GET -H "Cache-Control: no-cache" "http://localhost:32432/sayHello"
Hello.Welcome to our site!!!!
But don't know which IP i have to use to access the above endpoint externally. 但是不知道我必须使用哪个IP来从外部访问上述端点。
Any help or pointers should will be appreciable. 任何帮助或指示都应该是可理解的。
1 个解决方案
解决方案1
0 2017-11-07 04:50:48
The other issue is, Using which IP address i can access the service?
That part I can help you with, I think. 我想那部分我可以为您提供帮助。 The type: NodePort of your Service implies that it is listening inside the cluster on the IP address (and port) you see: 10.59.249.64:9085 but it is only accessible outside the cluster on the IP address of every Node on port 30726 type: NodePort服务的type: NodePort表示它正在群集内部的IP地址(和端口)上侦听,您将看到:10.59.249.64:9085,但只能在群集外部的30726端口上每个节点的IP地址上访问它
If you wish it to be accessible to the Internet, you will need to create a load balancer, assign every Node to said load balancer, directing traffic to port 30726 of those Nodes. 如果希望Internet可以访问它,则需要创建一个负载均衡器,将每个节点分配给所述负载均衡器,将流量定向到那些节点的端口30726。 Or, as most people would do in that circumstance, use type: LoadBalancer to have GKE perform those exact steps for you, as described in the documentation 或者,就像大多数人在这种情况下所做的那样,使用以下type: LoadBalancer让GKE为您执行这些确切步骤, 如文档中所述
Separately, if you are using the same XX.XXX.XXX.XXX from your gcloud container cluster list as in your https://XX.XXX.XXX.XXX then no wonder you are getting system:anonymous errors: that is the API URL of your Kubernetes master, which (with very, very few exceptions) does not accept unauthenticated requests. 另外,如果您从gcloud container cluster list中使用的XX.XXX.XXX.XXX与https://XX.XXX.XXX.XXX gcloud container cluster list相同,那么也难怪您会遇到system:anonymous错误:那就是API您的Kubernetes主服务器的URL(很少例外)不接受未经身份验证的请求。 It is designed to respond to kubectl actions, very similar to how you created your Service and ReplicationController that you said in the beginning. 它旨在响应kubectl动作,这与您在一开始所说的创建Service和ReplicationController非常相似。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.