我正在尝试调试为什么完美运行的服务无法应答(连接被拒绝)。
我已将port和targetPort的匹配情况进行了两次和三次检查(容器为4180,服务为80)
当我列出端点时,我得到以下信息:
$ kubectl get endpoints
NAME ENDPOINTS AGE
kubernetes 10.40.63.79:443 82d
oauth2-proxy 10.40.34.212:4180 33s // <--this one
并从在相同名称空间中运行的Pod中获取:
# curl 10.40.34.212:4180
curl: (7) Failed to connect to 10.40.34.212 port 4180: Connection refused
(顺便说一句,如果我尝试卷曲服务,也会发生同样的事情)
但是,如果我直接转发到Pod,则会收到响应:
$ kubectl port-forward oauth2-proxy-559dd9ddf4-8z72c 4180:4180 &
$ curl -v localhost:4180
* Rebuilt URL to: localhost:4180/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 4180 (#0)
> GET / HTTP/1.1
> Host: localhost:4180
> User-Agent: curl/7.58.0
> Accept: */*
>
Handling connection for 4180
< HTTP/1.1 403 Forbidden
< Date: Tue, 25 Jun 2019 07:53:19 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
<
<!DOCTYPE html>
// more of the expected response
* Connection #0 to host localhost left intact
我还检查了使用服务中的选择器时是否得到了吊舱(我从kubectl describe svc oauth2-proxy中看到的内容复制并粘贴了它):
$ kubectl describe svc oauth2-proxy | grep Selector
Selector: app.kubernetes.io/name=oauth2-proxy,app.kubernetes.io/part-of=oauth2-proxy
$ kubectl get pods --selector=app.kubernetes.io/name=oauth2-proxy,app.kubernetes.io/part-of=oauth2-proxy
NAME READY STATUS RESTARTS AGE
oauth2-proxy-559dd9ddf4-8z72c 1/1 Running 0 74m
我不明白为什么端点在使用端口转发时拒绝连接会得到有效的响应。我还有什么需要检查的吗?
答案 0 :(得分:1)
好吧,事实证明,此特定服务默认情况下仅在localhost上侦听:
$ netstat -tunap | grep LISTEN
tcp 0 0 127.0.0.1:4180 0.0.0.0:* LISTEN 1/oauth2_proxy
我不得不添加一个参数(-http-address=0.0.0.0:4180来告诉它在0.0.0.0上监听