堆栈内存溢出
  简体   繁体   English

如何通过 Kubernetes 中的另一个 pod 访问部署在一个 pod 上的服务?

[英]How to access the service deployed on one pod via another pod in Kubernetes?

 原文  2018-11-21 06:16:44       docker/ kubernetes/ kubectl/ kubelet

问题描述

Can anybody let me know how can we access the service deployed on one pod via another pod in a kubernetes cluster?谁能让我知道我们如何通过 kubernetes 集群中的另一个 pod 访问部署在一个 pod 上的服务?

Example:例子:

There is a nginx service which is deployed on Node1 (having pod name as nginx-12345) and another service which is deployed on Node2 (having pod name as service-23456).有一个 nginx 服务部署在 Node1 上(pod 名称为 nginx-12345)和另一个服务部署在 Node2 上(pod 名称为 service-23456)。 Now if 'service' wants to communicate with 'nginx' for some reason, then how can we access 'nginx' inside the 'service-23456' pod?现在如果'service'出于某种原因想要与'nginx'通信,那么我们如何访问'service-23456' pod中的'nginx'呢?

4 个解决方案

解决方案1
 4  2018-11-21 06:34:30

There are various ways to access the service in kubernetes, you can expose your services through NodePort or LoadBalancer and access it outside the cluster. 有多种方法可以在kubernetes中访问服务,您可以通过NodePort或LoadBalancer公开您的服务,并在集群外部访问它。

See the official documentation of how to access the services . 请参阅有关如何访问服务的官方文档。

Kubernetes official document states that: Kubernetes官方文件指出:

Some clusters may allow you to ssh to a node in the cluster. 某些群集可能允许您ssh到群集中的节点。 From there you may be able to access cluster services. 从那里,您可以访问群集服务。 This is a non-standard method, and will work on some clusters but not others. 这是一种非标准方法,适用于某些群集,但不适用于其他群集。 Browsers and other tools may or may not be installed. 浏览器和其他工具可能安装也可能不安装。 Cluster DNS may not work. 群集DNS可能无法正常工作。

So access a service directly from other node is dependent on which type of Kubernetes cluster you're using. 因此,直接从其他节点访问服务取决于您正在使用的Kubernetes集群类型。

EDIT: 编辑:

Once the service is deployed in your cluster you should be able to contact the service using its name, and Kube-DNS will answer with the correct ClusterIP to speak to your final pods. 在群集中部署服务后,您应该能够使用其名称联系该服务, Kube-DNS将使用正确的ClusterIP进行回答,以便与最终的pod进行通信。 ClusterIPs are governed by IPTables rules created by kube-proxy on Workers that NAT your request to the final container's IP. ClusterIP由在工作站上由kube-proxy创建的IPTables规则管理,这些规则将您对最终容器的IP请求NAT。

The Kube-DNS naming convention is service.namespace.svc.cluster-domain.tld and the default cluster domain is cluster.local . Kube-DNS命名约定是service.namespace.svc.cluster-domain.tld ,默认的群集域是cluster.local

For example, if you want to contact a service called mysql in the db namespace from any namespace, you can simply speak to mysql.db.svc.cluster.local . 例如,如果要从任何名称空间联系db命名空间中名为mysql的服务,只需与mysql.db.svc.cluster.local

If this is not working then there might be some issue with kube-dns in your cluster. 如果这不起作用,那么群集中的kube-dns可能存在一些问题。 Hope this helps. 希望这可以帮助。

EDIT2 : There are some known issue with dns resolution in ubuntu, Kubernetes official document states that 编辑2:在ubuntu中有一些已知的dns解决问题,Kubernetes官方文件指出

Some Linux distributions (eg Ubuntu), use a local DNS resolver by default (systemd-resolved). 某些Linux发行版(例如Ubuntu)默认使用本地DNS解析器(systemd-resolved)。 Systemd-resolved moves and replaces /etc/resolv.conf with a stub file that can cause a fatal forwarding loop when resolving names in upstream servers. Systemd-resolved移动并将/etc/resolv.conf替换为存根文件,该文件在解析上游服务器中的名称时可能导致致命的转发循环。 This can be fixed manually by using kubelet's --resolv-conf flag to point to the correct resolv.conf (With systemd-resolved, this is /run/systemd/resolve/resolv.conf). 这可以通过使用kubelet的--resolv-conf标志手动修复,指向正确的resolv.conf(使用systemd-resolved,这是/run/systemd/resolve/resolv.conf)。 kubeadm 1.11 automatically detects systemd-resolved, and adjusts the kubelet flags accordingly. kubeadm 1.11自动检测systemd-resolved,并相应地调整kubelet标志。

解决方案2
 1  2019-09-25 09:46:02

I faced a similar issue, the following link might solve your issue.我遇到了类似的问题,以下链接可能会解决您的问题。 Generally, all of the services are visible and accessible within the cluster.通常,集群中的所有服务都是可见和可访问的。 Expose your service-23456<\/code> service to type ClusterIP and to port 8080. Then you can call endpoint 'http:\/\/service-23456:8080' from nginx service.将您的service-23456<\/code>服务公开到类型 ClusterIP 和端口 8080。然后您可以从 nginx 服务调用端点“http:\/\/service-23456:8080”。

Unable to communicate between 2 node,js apps in Istio enabled GKE cluster<\/a> 无法在启用了 Istio 的 GKE 集群中的 2 个节点、js 应用程序之间进行通信<\/a>

"

解决方案3
 0  2018-11-21 07:06:25

Did you expose your deployment as a service? 您是否将部署作为服务公开? If so, simply access it by it's dns name, like http://nginx-1234 - or if it's in a different namespace: http://nginx-1234.default.svc (change "default" to the namespace the service lives in) or http://nginx-1234.default.svc.cluster.local 如果是这样,只需通过它的dns名称访问它,例如http:// nginx-1234 - 或者如果它位于不同的命名空间中: http://nginx-1234.default.svc (将“default”更改为服务所在的命名空间in)或http://nginx-1234.default.svc.cluster.local

Now if you did NOT expose a service, then you probably should. 现在,如果您没有公开服务,那么您可能应该这样做。 You don't need to expose it to the outside world, simply don't define a service type and it will only be available inside your cluster. 您不需要将它暴露给外部世界,只是不要定义服务类型,它只能在您的集群中使用。

If for some reason you don't want to expose a service (can't think of any reason), you can query the api server for the pod IP. 如果由于某种原因您不想公开服务(无法想到任何原因),您可以在api服务器中查询pod IP。 You will need to provide a token for authentication, but these are available inside the pod: 您需要提供用于身份验证的令牌,但这些令牌在pod中可用:

get the token: 得到令牌: 

TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)

call the api server: 调用api服务器: 

curl https://kubernetes.default.svc/api/v1/namespaces/default/pods--silent \
     --header "Authorization: Bearer $TOKEN" --insecure

you can refine your query by adding ?fieldSelector=spec.nodeName%3Dtargetnodename or similar (simply use a json path). 您可以通过添加?fieldSelector=spec.nodeName%3Dtargetnodename或类似(仅使用json路径)来优化查询。 the output can be parsed with https://stedolan.github.io/jq/ or any other JSON utility. 输出可以使用https://stedolan.github.io/jq/或任何其他JSON实用程序进行解析。

解决方案4
 0  2018-11-21 22:09:05

Simlar question was answered here: Kubernetes - How to acces to service from a web server in pod with a rest request 这里回答了Simlar问题: Kubernetes - 如何通过休息请求从pod中的Web服务器访问服务

Just replace "ProductWebApp" with "nginx" and "DashboardWebApp" with "service". 只需将“ProductWebApp”替换为“nginx”,将“DashboardWebApp”替换为“service”。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 控制通过Kubernetes部署的POD的主机名 - Control the hostname of the POD deployed via Kubernetes 如何通过在本地Docker-Kubernetes上运行的服务访问Kubernetes Pod - How to access a Kubernetes Pod via a Service that is running on localhost's Docker-Kubernetes 如何从 kubernetes 中新部署的网络访问 pod? - How can I access from network newly deployed pod in kubernetes? Kubernetes pod 无法访问在另一个节点上运行的服务 - Kubernetes pod cannot access service which is running on another node 如何在 Kubernetes 中查找部署的 pod 的发布? - How to find the release of the deployed pod in Kubernetes? 如何在 Docker 中访问 Kubernetes Pod? - How to access a Kubernetes Pod in Docker? 谷歌发布订阅。 从 AppEngine 到 Kubernetes pod 以及从一个 Kubernetes pod 到另一个 Kubernetes pod 的通信 - Google PubSub. Communication From AppEngine to Kubernetes pod and from one Kubernetes pod to another Kubernetes pod Kubernetes-如何在 kubernetes 中将数据从一个 Pod 发送到另一个 Pod - Kubernetes-How to send data from a pod to another pod in kubernetes Kubernetes - NodePort 服务只能在部署了 pod 的节点上访问 - Kubernetes - NodePort service can be accessed only on node where pod is deployed 在 Kubernetes 的 pod 中从另一个容器启动一个容器 - Start a container from another one in a pod in Kubernetes
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM