将 microk8s 服务暴露给 vbox 的虚拟主机

Question

Installed microk8s on VirtualBox guest with fresh Ubuntu-Server. Exposed the kube.netes dahsboard through VirtualBox Port Forwarding but cannot connect from the VirtualBox's host machine. Service address (last):

NAMESPACE     NAME                                TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                  AGE
default       service/kubernetes                  ClusterIP   10.152.183.1     <none>        443/TCP                  11h
kube-system   service/kube-dns                    ClusterIP   10.152.183.10    <none>        53/UDP,53/TCP,9153/TCP   10h
kube-system   service/metrics-server              ClusterIP   10.152.183.103   <none>        443/TCP                  10h
kube-system   service/kubernetes-dashboard        ClusterIP   10.152.183.162   <none>        443/TCP                  10h

From the host dashboard is inaccessible:

light@brahmand:~$ curl -vks https://127.0.1.1:7071
*   Trying 127.0.1.1:7071...
* TCP_NODELAY set
* Connected to 127.0.1.1 (127.0.1.1) port 7071 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: Connection reset by peer in connection to 127.0.1.1:7071 
* Closing connection 0

However, from the guest dashboard is accessible:

root@siddhalok:/home/light# curl -k https://10.152.183.162:443
<!--...

--><!DOCTYPE html><html lang="en" dir="ltr"><head>
  <meta charset="utf-8">
...

Firewall(s) is disabled:

root@siddhalok:/home/light# systemctl status ufw
● ufw.service - Uncomplicated firewall
     Loaded: loaded (/lib/systemd/system/ufw.service; disabled; vendor preset: enabled)
     Active: inactive (dead)
       Docs: man:ufw(8)

Jan 22 04:49:17 siddhalok systemd[1]: Stopping Uncomplicated firewall...
Jan 22 04:49:17 siddhalok ufw-init[16758]: Skip stopping firewall: ufw (not enabled)
Jan 22 04:49:17 siddhalok systemd[1]: ufw.service: Succeeded.
Jan 22 04:49:17 siddhalok systemd[1]: Stopped Uncomplicated firewall.

root@siddhalok:/home/light# systemctl status firewalld
Unit firewalld.service could not be found.

Note, the other 2 ports are being forwarded fine, SSH to guest is working.

Answer 1

kubectl port-forward is a feature of Kube.netes. It is not the port-forwarding from the Virtualbox ip. A Kube.netes nodes have an Ipaddress, this should be in your case the VM where you have running Kube.netes. Inside the node Kube.netes creates it own Network on which the Pods run. This are the clusterIps. Those you camt access directly.

You have 3 choices

1. Use Kubectl port-forward svc/serviceNAme hostPort:containerport.

This is good for Testing.

2. Configure the service as type NodePort, this will create a port mapped to your containerPort which you can access with the VM Ip (Ip where Kube.netes node is running) kube.netesNodeIp:NodePort

kubectl get node

gives you the list of your nodes

kubectl describe node "nodeName"

Inside the respose you can find the Ip on which the node is running.

Ping it to be sure you do not have Network issues.

3. Configure ingress and access through a domain name, even a fake one defined in your local hosts file. This requires much effort and an ingress controller must be installed on Kube.netes.