configmap 端口转发在 kubernetes 多容器 pod 中不起作用
[英]configmap port forward doesn't work in kubernetes multicontainer pod
问题描述
Below is configMap file for the pod containing multiple container.
下面是包含多个容器的 pod 的 configMap 文件。 Port number 80 is exposed to external world and it will then redirect to port 5000 of another container running in the pod.端口号 80 暴露给外部世界,然后它将重定向到在 pod 中运行的另一个容器的端口 5000。
apiVersion: v1
kind: ConfigMap
metadata:
name: mc3-nginx-conf
data:
nginx.conf: |-
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream webapp {
server 127.0.0.1:5000;
}
server {
listen 80;
location / {
proxy_pass http://webapp;
proxy_redirect off;
}
}
}
$kubectl apply -f confimap.yaml
The pod configuration:吊舱配置:
apiVersion: v1
kind: Pod
metadata:
name: mc3
labels:
app: mc3
spec:
containers:
- name: webapp
image: training/webapp
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
volumeMounts:
- name: nginx-proxy-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
volumes:
- name: nginx-proxy-config
configMap:
name: mc3-nginx-conf
Step 3. Expose the Pod using the NodePort service:步骤 3. 使用 NodePort 服务公开 Pod:
$ kubectl expose pod mc3 --type=NodePort --port=80
service "mc3" exposed
Step 4. Identify port on the node that is forwarded to the Pod:步骤 4. 识别转发到 Pod 的节点上的端口:
$ kubectl describe service mc3
Name: mc3
Namespace: default
Labels: app=mc3
Annotations: <none>
Selector: app=mc3
Type: NodePort
IP: 100.68.152.108
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 32636/TCP
Endpoints: 100.96.2.3:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
But i am unable to perform curl但我无法执行 curl
$ curl 100.96.2.3:80
$ curl http://100.96.2.3:80
$ curl http://100.96.2.3:32636
So,i want to know why this redirection doesn't work.所以,我想知道为什么这个重定向不起作用。
Source: https://www.mirantis.co.jp/blog/multi-container-pods-and-container-communication-in-kubernetes/资料来源: https://www.mirantis.co.jp/blog/multi-container-pods-and-container-communication-in-kubernetes/
Its written on the page that we can access using url它写在我们可以使用 url 访问的页面上
http://myhost : http://myhost :
Now,what is myhost here?现在,这里的 myhost 是什么? and,i understood that port exposed is 32636而且,我知道暴露的端口是 32636
But,i am not able to access from browser or curl /wget command.但是,我无法从浏览器或 curl /wget 命令访问。
1 个解决方案
解决方案1
0 2019-10-16 09:52:08
Try:尝试:
Kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master Ready master 30m v1.14.0 {{Node_IP}} <none> Ubuntu 16.04.6 LTS 4.4.0-157-generic docker://18.9.7
Use one of the ips of your nodes like this:像这样使用节点的 ip 之一:
curl NODE_IP:32636
解决方案2
0 2019-10-25 08:38:40
From what I see you're having trouble connecting with your application over the NodePort .据我所知,您无法通过NodePort与您的应用程序连接。
In the comments you posted: I am executing on google cloud shell , so I assume you are running on GKE.在您发布的评论中: I am executing on google cloud shell ,所以我假设您在 GKE 上运行。
You also posted in comments:你还在评论中发帖:
XXXXX@cloudshell:~ (pubsub-quickstart-XXXXX)$ curl -v 10.59.242.245:31357 * Rebuilt URL to: 10.59.242.245:31357 * Trying 10.59.242.245... * TCP_NODELAY set * connect to 10.59.242.245 port 31357 failed: Connection timed out * Failed to connect to 10.59.242.245 port 31357: Connection timed out * Closing connection 0 curl: (7)`
So I see you are trying to curl private ip address of your cluster node from cloudshell and that will not work.所以我看到你正在尝试curl私有 ip 从cloudshell的集群节点地址,这将不起作用。
It is impossible to connect to a node over private addresses from cloudshell as these instances are in different networks (separated from each other).由于这些实例位于不同的网络中(彼此分离),因此无法通过cloudshell的私有地址连接到节点。
To connect to your application from external network you need to use EXTERNAL-IP 's of your nodes which can be found running kubectl get no -owide要从外部网络连接到您的应用程序,您需要使用节点的EXTERNAL-IP ,可以在运行kubectl get no -owide找到这些节点
Second thing (very important) is to create a firewall rule to allow ingress traffic to this port eg using gcloud cli:第二件事(非常重要)是创建防火墙规则以允许进入此端口的流量,例如使用 gcloud cli:
gcloud compute firewall-rules create test-node-port --allow tcp:[NODE_PORT]
More information on exposing application on GKE can be found in GKE documentation here .有关在 GKE 上公开应用程序的更多信息,请参阅此处的 GKE 文档。
Let me know if that helped.让我知道这是否有帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.