无法通过具有指定端点的Kubernetes服务访问服务

时间:2020-01-16 11:49:38

标签: networking kubernetes service tcp connection-refused

我创建了一个Kubernetes 服务,其后端节点不是集群的一部分,而是一组固定的节点(具有固定的IP),因此,我还创建了一个 Endpoints 具有相同名称的资源:

$ kubectl describe svc/hive
Name:              hive
Namespace:         default
Labels:            <none>
Annotations:       <none>
Selector:          <none>
Type:              ClusterIP
IP:                10.0.192.103
Port:              http  80/TCP
TargetPort:        10002/TCP
Endpoints:
Session Affinity:  None
Events:            <none>
$ 
$ kubectl describe ep/hive
Name:         hive
Namespace:    default
Labels:       <none>
Annotations:  <none>
Subsets:
  Addresses:          10.52.7.28,10.52.7.29
  NotReadyAddresses:  <none>
  Ports:
    Name     Port   Protocol
    ----     ----   --------
    <unset>  10002  TCP

Events:  <none>

服务和端点的描述:

# telnet 10.52.7.28 10002
Trying 10.52.7.28...
Connected to 10.52.7.28.
Escape character is '^]'.
^CConnection closed by foreign host.
#
# telnet 10.52.7.29 10002
Trying 10.52.7.29...
Connected to 10.52.7.29.
Escape character is '^]'.
^CConnection closed by foreign host.
#
# telnet hive 80
Trying 10.0.192.103...
telnet: Unable to connect to remote host: Connection refused
#

如果我直接执行Pod和telnet之一到Endpoint子集地址,则可以连接,但如果通过Service访问它,则连接被拒绝。为了完整起见,Service和Pod在同一个名称空间中:

Endpoints

有人知道为什么我可以直接连接到IP但不能通过Kubernetes Service吗?我认为这不是因为防火墙规则,因为那样它也应该阻止直接请求。

编辑:我怀疑这与运行kubectl describe svc/hive时{{1}}为空有关,但是我可以在仪表板中看到Endpoints(在Service页面下)显示了这些内容。端点。

1 个答案:

答案 0 :(得分:1)

端口名称必须在ServiceEndpoint之间匹配。要么在服务中删除端口名,要么在端点中添加它。

apiVersion: v1
kind: Service
metadata:
  name: hive
spec:
  type: ClusterIP
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 10002
---
apiVersion: v1
kind: Endpoints
metadata:
  name: hive
subsets:
  - addresses:
      - ip: 10.52.7.28
      - ip: 10.52.7.29
    ports:
      - name: http
        port: 10002