[英]Access pod from another pod with kubernetes url
I have two pods created with deployment and service.我有两个使用部署和服务创建的 pod。 my problem is as follows the pod "my-gateway" accesses the url "adm-contact" of "http://127.0.0.1:3000/adm-contact" which accesses another pod called "my-adm-contact" as can i make this work?
我的问题如下 pod “my-gateway”访问了“http://127.0.0.1:3000/adm-contact”的 url “adm-contact” ,它访问了另一个名为“my-adm-contact”的 pod我做这个工作? I tried the following command: kubectl port-forward my-gateway-5b85498f7d-5rwnn 3000:3000 8879:8879 but it gives this error:
我尝试了以下命令: kubectl port-forward my-gateway-5b85498f7d-5rwnn 3000:3000 8879:8879但它给出了这个错误:
E0526 21:56:34.024296 12428 portforward.go:400] an error occurred forwarding 3000 -> 3000: error forwarding port 3000 to pod 2d5811c20c3762c6c249a991babb71a107c5dd6b080c3c6d61b4a275b5747815, uid : exit status 1: 2022/05/27 00:56:35 socat[2494] E connect(16, AF=2 127.0.0.1:3000, 16): Connection refused
Remembering that the images created with dockerfile are with EXPOSE 3000 8879 follow my yamls:请记住,使用dockerfile创建的图像使用EXPOSE 3000 8879跟随我的 yamls:
Deployment my-adm-contact :部署my-adm-contact :
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-adm-contact
labels:
app: my-adm-contact
spec:
selector:
matchLabels:
run: my-adm-contact
template:
metadata:
labels:
run: my-adm-contact
spec:
containers:
- name: my-adm-contact
image: my-contact-adm
imagePullPolicy: Never
ports:
- containerPort: 8879
hostPort: 8879
name: admcontact8879
readinessProbe:
httpGet:
path: /adm-contact
port: 8879
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
Sevice my-adm-contact :服务my-adm-contact :
apiVersion: v1
kind: Service
metadata:
name: my-adm-contact
labels:
run: my-adm-contact
spec:
selector:
app: my-adm-contact
ports:
- name: 8879-my-adm-contact
port: 8879
protocol: TCP
targetPort: 8879
type: LoadBalancer
status:
loadBalancer: {}
Deployment my-gateway :部署我的网关:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-gateway
labels:
app: my-gateway
spec:
selector:
matchLabels:
run: my-gateway
template:
metadata:
labels:
run: my-gateway
spec:
containers:
- name: my-gateway
image: api-gateway
imagePullPolicy: Never
ports:
- containerPort: 3000
hostPort: 3000
name: home
#- containerPort: 8879
# hostPort: 8879
# name: adm
readinessProbe:
httpGet:
path: /adm-contact
port: 8879
path: /
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 6
Service my-gateway :服务我的网关:
apiVersion: v1
kind: Service
metadata:
name: my-gateway
labels:
run: my-gateway
spec:
selector:
app: my-gateway
ports:
- name: 3000-my-gateway
port: 3000
protocol: TCP
targetPort: 3000
- name: 8879-my-gateway
port: 8879
protocol: TCP
targetPort: 8879
type: LoadBalancer
status:
loadBalancer: {}
What k8s-cluster environment are you running this in?你在什么 k8s-cluster 环境中运行它? I ask because the
service.type
of LoadBalancer is a special kind: at pod initialisation your cloud provider's admission controller will spot this and add in a loadbalancer config See https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer我问是因为 LoadBalancer 的
service.type
是一种特殊类型:在 pod 初始化时,您的云提供商的准入控制器会发现这一点并添加负载平衡器配置,请参阅https://kubernetes.io/docs/concepts/services-networking/service/ #负载均衡器
If you're not deploying this in a suitable cloud environment, your services won't do anything.如果您没有在合适的云环境中部署它,您的服务将不会做任何事情。
I had a quick look at your SO profile and - sorry if this is presumptious, I don't mean to be - it looks like you're relatively new to k8s.我快速查看了您的 SO 个人资料 - 抱歉,如果这是冒昧的,我不是故意的 - 看起来您对 k8s 比较陌生。 You shouldn't need to do any port-forwarding/kubectl proxying, and this should be a lot simpler than you might think.
您不需要做任何端口转发/kubectl 代理,这应该比您想象的要简单得多。
When you create a service k8s will 'create' a DNS entry for you which points to the pod(s) specified by your selector.当您创建服务时,k8s 将为您“创建”一个 DNS 条目,该条目指向您的选择器指定的 pod。
I think you're trying to reach a setup where code running in my-gateway
pod can connect to http://adm-contact
on port 3000 and reach a listening service on the adm-contact
pod.我认为您正在尝试设置在
my-gateway
pod 中运行的代码可以连接到端口 3000 上的http://adm-contact
并到达adm-contact
pod 上的侦听服务。 Is that correct?那是对的吗?
If so, the outline solution is to expose tcp/3000 in the adm-contact pod, and create a service called adm-contact that has a selector for adm-contact pod.如果是这样,大致的解决方案是在 adm-contact pod 中公开 tcp/3000,并创建一个名为 adm-contact 的服务,该服务具有 adm-contact pod 的选择器。
This is a sample manifest I've just created which runs nginx and then creates a service for it, allowing any pod on the cluster to connect to it eg curl http://nginx-service.default.svc In this example I'm exposing port 80 because I didn't want to have to modify the nginx config, but the principle is the same.这是我刚刚创建的一个示例清单,它运行 nginx,然后为它创建一个服务,允许集群上的任何 pod 连接到它,例如 curl http://nginx-service.default.svc在这个例子中,我是暴露 80 端口是因为我不想修改 nginx 配置,但原理是一样的。
apiVersion: v1
kind: Pod
metadata:
labels:
app: nginx
name: nginx
spec:
containers:
- image: nginx
imagePullPolicy: Always
name: nginx
ports:
- containerPort: 80
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
type: ClusterIP
The k8s docs on Services are pretty helpful if you want more https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/如果您想要更多https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/ ,服务上的 k8s 文档非常有用
a service can be reached on it's own name from pods in it's namespace:可以从其命名空间中的 pod 以自己的名称访问服务:
so a service foo
in namespace bar
can be reached at http://foo
from a pod in namespace bar
所以命名空间
bar
的服务foo
可以从命名空间bar
的 pod 访问http://foo
from other namespaces that service is reachable at http://foo.bar.svc.cluster.local
.在
http://foo.bar.svc.cluster.local
可以从其他命名空间访问该服务。 Change out the servicename and namespace for your usecase.更改用例的服务名称和命名空间。
k8s dns is explained here in the docs: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ k8s dns 在文档中进行了解释: https ://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
I have taken the YAML you provided and assembled it here.我已经拿走了你提供的 YAML 并在这里组装。
From another comment I see the URL you're trying to connect to is: http://gateway-service.default.svc.cluster.local:3000/my-adm-contact-service
从另一条评论中,我看到您尝试连接的 URL 是:
http://gateway-service.default.svc.cluster.local:3000/my-adm-contact-service
The ability to resolve service names to pods only functions inside the cluster: coredns (a k8s pod) is the part which recognises when a service has been created and what IP(s) it's available at.将服务名称解析为 pod 的能力仅在集群内部起作用:coredns(一个 k8s pod)是识别服务何时创建以及它可用的 IP 的部分。
So another pod in the cluster eg one created by kubectl run bb --image=busybox -it -- sh
would be able to resolve the command ping gateway-service
, but pinging gateway-service from your desktop will fail because they're not both seeing the same DNS.因此集群中的另一个 pod,例如由
kubectl run bb --image=busybox -it -- sh
创建的一个 pod 将能够解析命令ping gateway-service
,但是从您的桌面 ping gateway-service 将失败,因为它们不是两者都看到相同的 DNS。
The api-gateway container will be able to make a connect to my-adm-contact-service on ports 3000 or 8879, and the my-adm-contact container will equally be able to connect to gateway-service on port 3000 - but only when those containers are running inside the cluster . api-gateway 容器将能够连接到端口 3000 或 8879 上的 my-adm-contact-service,并且 my-adm-contact 容器同样能够连接到端口 3000 上的网关服务 -但仅限当这些容器在集群内运行时。
I think you're trying to access this from outside the cluster, so now the port/service types are correct you could re-try a kubectl port-forward svc/gateway-service 3000:3000
This will let you connect to 127.0.0.1:3000 and the traffic will be routed to port 3000 on the api-gateway container.我认为您正在尝试从集群外部访问它,所以现在端口/服务类型正确,您可以重新尝试
kubectl port-forward svc/gateway-service 3000:3000
这将让您连接到 127.0.0.1 :3000 并且流量将被路由到 api-gateway 容器上的 3000 端口。
If you need to proxy to the other my-adm-contact-service then you'll have to issue similar kubectl commands in other shells, one per service:port combination.如果您需要代理到另一个 my-adm-contact-service,那么您必须在其他 shell 中发出类似的 kubectl 命令,每个 service:port 组合一个。 For completeness, if you wanted to route traffic from your local machine to all three container/port sets, you'd run:
为了完整起见,如果您想将流量从本地机器路由到所有三个容器/端口集,您可以运行:
# format kubectl port-forward svc/name src:dest (both TCP)
kubectl port-forward svc/gateway-service 3000:3000
kubectl port-forward svc/my-adm-contact-service 8879:8879
kubectl port-forward svc/my-adm-contact-service 3001:3000 #NOTE the changed local port, because localhost:3000 is already used
You will need a new shell for each kubectl, or run it as a background job.每个 kubectl 都需要一个新的 shell,或者将其作为后台作业运行。
apiVersion: v1
kind: Pod
metadata:
name: my-adm-contact
labels:
app: my-adm-contact
spec:
containers:
- image: my-contact-adm
imagePullPolicy: Never
name: my-adm-contact
ports:
- containerPort: 8879
protocol: TCP
- containerPort: 3000
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: my-adm-contact-service
spec:
ports:
- port: 8879
protocol: TCP
targetPort: 8879
name: adm8879
- port: 3000
protocol: TCP
targetPort: 3000
name: adm3000
selector:
app: my-adm-contact
type: ClusterIP
---
apiVersion: v1
kind: Pod
metadata:
name: my-gateway
labels:
app: my-gateway
spec:
containers:
- image: api-gateway
imagePullPolicy: Never
name: my-gateway
ports:
- containerPort: 3000
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: gateway-service
spec:
ports:
- port: 3000
protocol: TCP
targetPort: 3000
selector:
app: my-gateway
type: ClusterIP
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.