我在k8s群集中有一个服务(LoadBalancer
)定义,即公开80
和443
个端口。
在k8s
信息中心中,它表示这些是外部端点:
(k8s已经使用牧场主部署了重要的事情)
<some_rancher_agent_public_ip>:80
<some_rancher_agent_public_ip>:443
怪异(?)部分:
从群集中产生的busybox
pod:
wget <some_rancher_agent_public_ip>:80
wget <some_rancher_agent_public_ip>:443
都成功(即他们获取index.html
文件)
从群集外部:
Connecting to <some_rancher_agent_public_ip>:80... connected.
HTTP request sent, awaiting response...
2018-01-05 17:42:51 ERROR 502: Bad Gateway.
我假设这不是安全组问题,因为:
<some_rancher_agent_public_ip>:80
<some_rancher_agent_public_ip>
的实例的sg中所有来源的所有流量属于此外,nmap
- 上述公共广告系列,在80
州显示443
和open
。
有什么建议吗?
更新:
$ kubectl describe svc ui
Name: ui
Namespace: default
Labels: <none>
Annotations: service.beta.kubernetes.io/aws-load-balancer-ssl-cert=arn:aws:acm:eu-west-1:somecertid
Selector: els-pod=ui
Type: LoadBalancer
IP: 10.43.74.106
LoadBalancer Ingress: <some_rancher_agent_public_ip>, <some_rancher_agent_public_ip>
Port: http 80/TCP
TargetPort: %!d(string=ui-port)/TCP
NodePort: http 30854/TCP
Endpoints: 10.42.179.14:80
Port: https 443/TCP
TargetPort: %!d(string=ui-port)/TCP
NodePort: https 31404/TCP
Endpoints: 10.42.179.14:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
以下是相应的广告连播说明:
kubectl describe pod <the_pod_id>
Name: <pod_id>
Namespace: default
Node: ran-agnt-02/<some_rancher_agent_public_ip>
Start Time: Fri, 29 Dec 2017 16:48:42 +0200
Labels: els-pod=ui
pod-template-hash=375086521
Annotations: kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"default","name":"ui-deployment-7c94db965","uid":"5cea65ea-eca7-11e7-b8e0-0203f78b...
Status: Running
IP: 10.42.179.14
Created By: ReplicaSet/ui-deployment-7c94db965
Controlled By: ReplicaSet/ui-deployment-7c94db965
Containers:
ui:
Container ID: docker://some-container-id
Image: docker-registry/imagename
Image ID: docker-pullable://docker-registry/imagename@sha256:some-sha
Port: 80/TCP
State: Running
Started: Fri, 05 Jan 2018 16:24:56 +0200
Last State: Terminated
Reason: Error
Exit Code: 1
Started: Fri, 05 Jan 2018 16:23:21 +0200
Finished: Fri, 05 Jan 2018 16:23:31 +0200
Ready: True
Restart Count: 5
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-8g7bv (ro)
Conditions:
Type Status
Initialized True
Ready True
PodScheduled True
Volumes:
default-token-8g7bv:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-8g7bv
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.alpha.kubernetes.io/notReady:NoExecute for 300s
node.alpha.kubernetes.io/unreachable:NoExecute for 300s
Events: <none>
答案 0 :(得分:1)
Kubernetes提供了将pod暴露给群集外部的不同方法,主要是Services
和Ingress
。我会关注Services
,因为你遇到了问题。
有不同的Services
类型,其中包括:
rancher_agent_public_ip:NodePort
的原因。创建Service
类型LoadBalancer
也会使NodePort
成为rancher_agent_public_ip:30854
。这就是为什么你可以达到LoadBalancer
。
我没有使用牧场主的经验,但似乎创建NodePort
服务部署了一个HAProxy来充当负载均衡器。 Rancher创建的HAProxy需要一个可从群集外部访问的公共IP,以及一个将请求重定向到/chat/[room_id]/
user[ user_id ] = true
的端口。
但在您的服务中,IP看起来像内部IP 10.43.74.106。 IP无法从群集外部访问。你需要一个公共IP。