[英]K8s - Cannot access service/clusterIP from another node
I am trying to access(from worker node) a pod(on worker node) via a service/ClusterIP using curl http://cluster_ip:port_no
but it isn't working.我正在尝试使用
curl http://cluster_ip:port_no
通过 service/ClusterIP 访问(从工作节点)一个 pod(在工作节点上),但它不工作。
Here's some info on service这里有一些关于服务的信息
masternode@Master:/localdocker$ kubectl describe svc registry
Name: registry
Namespace: default
Labels: io.kompose.service=registry
Annotations: kompose.cmd: kompose convert -f docker-compose.yaml -o localregistry.yaml
kompose.version: 1.1.0 (36652f6)
Selector: io.kompose.service=registry
Type: ClusterIP
IP: 10.100.126.230
Port: 5000 5000/TCP
TargetPort: 5000/TCP
Endpoints: 192.168.171.74:5000
Session Affinity: None
Events: <none>```
here's some info on pod这是关于 pod 的一些信息
masternode@Master:/localdocker$ kubectl describe pod registry-7ccd695dc7-69cx4
Name: registry-7ccd695dc7-69cx4
Namespace: default
Priority: 0
Node: worker/10.0.1.5
Start Time: Sun, 19 Jul 2020 06:09:14 +0000
Labels: io.kompose.service=registry
pod-template-hash=7ccd695dc7
Annotations: cni.projectcalico.org/podIP: 192.168.171.74/32
cni.projectcalico.org/podIPs: 192.168.171.74/32
Status: Running
IP: 192.168.171.74
IPs:
IP: 192.168.171.74
Controlled By: ReplicaSet/registry-7ccd695dc7
Containers:
registry:
Container ID: docker://ca372f12ef7a1a3cb23e7d6c58337f47848f91212f6c75af6bfd04bc48ea2f27
Image: registry:2
Image ID: docker-pullable://registry@sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d
Port: 5000/TCP
Host Port: 0/TCP
State: Running
Started: Sun, 19 Jul 2020 06:09:24 +0000
Ready: True
Restart Count: 0
Environment:
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
Mounts:
/data from registry-claim0 (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-fhf5k (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
registry-claim0:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: registry-claim0
ReadOnly: false
default-token-fhf5k:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-fhf5k
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 13m default-scheduler Successfully assigned default/registry-7ccd695dc7-69cx4 to worker
Normal Pulling 13m kubelet, worker Pulling image "registry:2"
Normal Pulled 13m kubelet, worker Successfully pulled image "registry:2"
Normal Created 13m kubelet, worker Created container registry
Normal Started 13m kubelet, worker Started container registry
This is a practice exercise where I was able to do so(in their live environment) without any NodePorts.这是一个练习练习,我能够在没有任何 NodePort 的情况下(在他们的现场环境中)这样做。
Please let me know if any other info is required.如果需要任何其他信息,请告诉我。
This is an expected behavior because ClusterIP
type service is only accessible from within the kubernetes cluster ie from another pod etc.这是预期的行为,因为
ClusterIP
类型的服务只能从 kubernetes 集群内访问,即从另一个 pod 等。
If you want to access a pod via a service from outside the kubernetes cluster ie from the nodes itself then use NodePort type service.如果您想通过 kubernetes 集群外部的服务(即从节点本身)访问 pod,则使用NodePort类型的服务。
Once you expose it via NodePort
service you would be able to access it using curl http://<NODE-IP>:<NODE-PORT>
一旦通过
NodePort
服务公开它,您就可以使用curl http://<NODE-IP>:<NODE-PORT>
访问它
ClusterIP
is created on service network of the cluster and nodes are in different network. ClusterIP
是在集群的服务网络上创建的,节点在不同的网络中。 By creating a NodePort
service a Port is opened in each nodes network to forward traffic to ClusterIP
.通过创建
NodePort
服务,在每个节点网络中打开一个端口,以将流量转发到ClusterIP
。 So in essence NodePort
uses ClusterIP
internally and is an higher level abstraction built on top of ClusterIP
.所以本质上
NodePort
在内部使用ClusterIP
并且是建立在ClusterIP
之上的更高级别的抽象。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.