堆栈内存溢出
  简体   繁体   English

如何在 kubernetes 中向其他 pod 公开服务?

[英]How can I expose a service to other pods in kubernetes?

 原文  2019-11-25 18:40:01       azure/ docker/ kubernetes/ azure-aks

问题描述

I have a simple service我有一个简单的服务

apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 2 # tells deployment to run 2 pods matching the template
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.7.9
        ports:
        - containerPort: 80

And here is how my cluster looks like.这是我的集群的样子。 Pretty simple.很简单。

$kubectl get pods -o wide
NAME                                READY   STATUS    RESTARTS   AGE   IP           NODE                      NOMINATED NODE   READINESS GATES
my-shell-95cb5df57-cdj4z            1/1     Running   0          23m   10.60.1.32   aks-nodepool-19248108-0   <none>           <none>
nginx-deployment-76bf4969df-58d66   1/1     Running   0          36m   10.60.1.10   aks-nodepool-19248108-0   <none>           <none>
nginx-deployment-76bf4969df-jfkq7   1/1     Running   0          36m   10.60.1.21   aks-nodepool-19248108-0   <none>           <none>
$kubectl get services -o wide
NAME               TYPE           CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE     SELECTOR
internal-ingress   LoadBalancer   10.0.0.194   10.60.1.35    80:30157/TCP   5m28s   app=nginx-deployment
kubernetes         ClusterIP      10.0.0.1     <none>        443/TCP        147m    <none>

$kubectl get rs -o wide
NAME                          DESIRED   CURRENT   READY   AGE   CONTAINERS   IMAGES        SELECTOR
my-shell-95cb5df57            1         1         1       23m   my-shell     ubuntu        pod-template-hash=95cb5df57,run=my-shell
nginx-deployment-76bf4969df   2         2         2       37m   nginx        nginx:1.7.9   app=nginx,pod-template-hash=76bf4969df

I see I have 2 pods wiht my nginx app.我看到我的 nginx 应用程序有 2 个豆荚。 I want to be able to send a request from any other new pod to either one of them.我希望能够从任何其他新 pod 向其中任何一个发送请求。 If one crashes, I want to still be able to send this request.如果一个崩溃,我希望仍然能够发送此请求。 In the past I used a load balancer for this.过去我为此使用了负载平衡器。 The problem with load balancers is that they open up a public IP and int this specific scenario, I don't want a public IP anymore.负载均衡器的问题在于它们开放了一个公共 IP,在这个特定的场景中,我不再想要一个公共 IP。 I want this service to be invoked by other pods directly, without a public IP.我希望这个服务直接被其他 pod 调用,不需要公共 IP。

I tried to use an internal load balancer.我尝试使用内部负载平衡器。

apiVersion: v1
kind: Service
metadata:
  name: internal-ingress
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
    service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "my-subnet"
spec:
  type: LoadBalancer
  loadBalancerIP: 10.60.1.45
  ports:
  - port: 80
  selector:
    app: nginx-deployment

The problem is that it does not get an IP in my 10.60.0.0/16 network like it is described here: https://docs.microsoft.com/en-us/azure/aks/internal-lb#specify-a-different-subnet I get this never ending <pending> .问题是它在我的10.60.0.0/16网络中没有像这里描述的那样获得 IP: https : 10.60.0.0/16 不同的子网我得到这个永无止境的<pending>

kubectl get services -o wide
NAME               TYPE           CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE    SELECTOR
internal-ingress   LoadBalancer   10.0.0.230   <pending>     80:30638/TCP   15s    app=nginx-deployment
kubernetes         ClusterIP      10.0.0.1     <none>        443/TCP        136m   <none>

What am I missing?我错过了什么? How to troubleshoot?如何排除故障? Is it even possible to have pod to service communication?甚至有可能让 pod 来服务通信吗?

2 个解决方案

解决方案1
 2 已采纳  2019-11-26 08:38:58

From the message you provide, it seems you want to use a special private IP address which is in the subnet that the same as the AKS cluster use.根据您提供的消息,您似乎想要使用与 AKS 群集使用的子网相同的特殊私有 IP 地址。 I think the possible reason is that the special IP address which you want to use is already assigned by the AKS, it means you cannot use it.我认为可能的原因是您要使用的特殊IP地址已经由AKS分配,这意味着您无法使用它。

Troubleshooting故障排除

So you need to guide to the Vnet which your AKS cluster used and check if the IP address is already in use.因此,您需要引导到您的 AKS 群集使用的 Vnet 并检查 IP 地址是否已在使用中。 Here is the screenshot:这是屏幕截图:

在此处输入图片说明

Solution解决方案

Choose an IP address that is not assigned by the AKS from the subnet the AKS used.从 AKS 使用的子网中选择一个不是由 AKS 分配的 IP 地址。 Or do not use a special one, let the AKS assign your load balancer dynamic.或者不使用特殊的,让 AKS 动态分配您的负载均衡器。 Then change your YAML file like below:然后更改您的 YAML 文件,如下所示:

apiVersion: v1
kind: Service
metadata:
  name: internal-ingress
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
  type: LoadBalancer
  ports:
  - port: 80
  selector:
    app: nginx-deployment

解决方案2
 0  2019-11-26 04:58:07

Use a ClusterIP Service (the default type) which creates only a cluster-internal IP and no public IP:使用仅创建集群内部 IP 而没有公共 IP 的 ClusterIP 服务(默认类型):

apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  selector:
    app: nginx
  ports:
    - port: 80
      targetPort: 80

Then you can access the Service (and thus the Pods behind it) from any other Pod in the same namespace by using the Service name as the DNS name:然后,您可以使用服务名称作为 DNS 名称,从同一命名空间中的任何其他 Pod 访问该服务(以及其背后的 Pod):

curl nginx-service

If the Pod from which you want to access the Service is in a different namespace, you have to use the fully qualified domain name of the Service:如果要从中访问 Service 的 Pod 位于不同的命名空间中,则必须使用 Service 的完全限定域名:

curl nginx-service.my-namespace.svc.cluster.local

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何将Kubernetes服务公开给互联网? - How do I expose Kubernetes service to the internet? 如何在缩小Azure Kubernetes Service(AKS)中的节点后重新安排我的pod? - How to reschedule my pods after scaling down a node in Azure Kubernetes Service (AKS)? 是否可以在 Azure kube.netes 服务中实现多个接口 pod? - Is it possible to implement multiple interface pods in Azure kubernetes service? 如何在Azure Kubernetes集群中启用服务帐户权限(已启用RBAC)? - how can i assign permission to service account in azure kubernetes cluster( RBAC is enabled )? 如何让 2 个不同的 kubernetes 集群中的 2 个服务在 azure 中安全地相互通信? - How can I make 2 services in 2 different kubernetes clusters talk to each other securely in azure? 如何在 Azure 上暴露给外部服务? - How Can I Expose to Outside My Services on Azure? 更改 Kubernetes pod 日志记录 - Change Kubernetes pods logging 如何在 Kubernetes (AKS) 中使用 Helm 注释入口控制器的 Pod? - How to annotate pods of an Ingress Controller using Helm in Kubernetes (AKS)? 如何使用 terraform 在特定命名空间中的 Azure Kubernetes 中部署 pod - How to deploy pods in Azure Kubernetes in particular namespace using terraform 如何在 Kube.netes Yaml 文件中将 pod 限制取消设置为无限制? - How to unset limit of pods to Unlimited in Kubernetes Yaml fle?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM