无法从外部访问nginx部署

时间:2018-04-22 04:50:08

标签: deployment kubernetes google-compute-engine google-kubernetes-engine google-cloud-networking

我可以curl展开nginx部署:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
      tr: frnt
  template:
    metadata:
      labels:
        app: nginx
        tr: frnt
    spec:
      containers:
        - image: nginx
          name: nginx
          ports:
            - containerPort: 80
      restartPolicy: Always 

----

apiVersion: v1
kind: Service
metadata:
  name: web-dep-nodeport-service
spec:
  selector:
    tr: frnt
  ports:
    - nodePort: 30000
      port: 80
  type: NodePort     

在节点上,成功:

user@gke-cluster-1-default-pool-xxxx ~ $ curl -Lvso /dev/null http://localhost:30000
* Rebuilt URL to: http://localhost:30000/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 30000 (#0)
> GET / HTTP/1.1
> Host: localhost:30000
> User-Agent: curl/7.58.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx/1.9.15
< Date: Sun, 22 Apr 2018 04:40:24 GMT
< Content-Type: text/html
< Content-Length: 612
< Last-Modified: Tue, 19 Apr 2016 17:27:46 GMT
< Connection: keep-alive
< ETag: "xxxxx"
< Accept-Ranges: bytes
< 
{ [612 bytes data]
* Connection #0 to host localhost left intact

但是当在外部机器上尝试相同的命令时,使用节点EXTERNAL_IP(来自gcloud compute instances list),我得到:

$ curl -Lvso /dev/null  http://x.x.x.x:30000 &> result.txt &
$ cat result.txt 
* Rebuilt URL to: http://x.x.x.x:30000/
*   Trying x.x.x.x...
* connect to x.x.x.x port 30000 failed: Connection timed out
* Failed to connect to x.x.x.x port 30000: Connection timed out
* Closing connection 0

我可ping成功EXTERNAL_IP

ping -c 2 x.x.x.x
PING x.x.x.x (x.x.x.x) 56(84) bytes of data.
64 bytes from x.x.x.x: icmp_seq=1 ttl=56 time=32.4 ms
64 bytes from x.x.x.x: icmp_seq=2 ttl=56 time=33.7 ms

--- x.x.x.x ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 32.456/33.099/33.742/0.643 ms

我可以在这里做些什么来公开外部的nodePort

1 个答案:

答案 0 :(得分:1)

这是通过创建防火墙规则解决的:

gcloud compute firewall-rules create nginx-rule --allow tcp:30000