我在3个虚拟机vms上安装了kubernetes集群。 3个vms都运行Ubuntu14.04并禁用ufw。 Kubernetes versin是1.6。这是我用于创建pod和服务的配置文件。
Pod pod.yaml:
apiVersion: v1
kind: ReplicationController
metadata:
name: frontend
labels:
name: frontend
spec:
replicas: 3
selector:
name: frontend
template:
metadata:
labels:
name: frontend
spec:
imagePullSecrets:
- name: regsecret
containers:
- name: frontend
image: hub.allinmoney.com/kubeguide/guestbook-php-frontend
env:
- name: GET_HOSTS_FROM
value: env
ports:
- containerPort: 80
服务service.yaml:
apiVersion: v1
kind: Service
metadata:
name: frontend
labels:
name: frontend
spec:
type: NodePort
ports:
- port: 80
targetPort: 31000
nodePort: 31000
selector:
name: frontend
我使用NodePort类型创建服务。当我运行命令kubectl create -f service.yaml时,它输出如下,我在任何kube节点中都找不到暴露的端口31000:
You have exposed your service on an external port on all nodes in your
cluster. If you want to expose this service to the external internet, you may
need to set up firewall rules for the service port(s) (tcp:31000) to serve traffic.
See http://releases.k8s.io/release-1.3/docs/user-guide/services-firewalls.md for more details.
有人能说出如何解决这个问题或给我任何提示吗?
答案 0 :(得分:2)
正如错误消息中所述,您需要为节点设置防火墙规则以接受节点端口上的流量(默认值:30000-32767)。
防火墙规则示例
Name: [firewall-rule-name]
Targets: [node-target-name, node-target2-name]
Source filters: IP ranges: 0.0.0.0/0
Protocols / ports: tcp:80,443,30000-32767
Action: Allow
Priority: 1000
Network: default
您的targetPort也不正确,它需要指向Pod(端口80)中的相应端口。