我创建了一个Kubernetes 服务,其后端节点不是集群的一部分,而是一组固定的节点(具有固定的IP),因此,我还创建了一个 Endpoints 具有相同名称的资源:
$ kubectl describe svc/hive
Name: hive
Namespace: default
Labels: <none>
Annotations: <none>
Selector: <none>
Type: ClusterIP
IP: 10.0.192.103
Port: http 80/TCP
TargetPort: 10002/TCP
Endpoints:
Session Affinity: None
Events: <none>
$
$ kubectl describe ep/hive
Name: hive
Namespace: default
Labels: <none>
Annotations: <none>
Subsets:
Addresses: 10.52.7.28,10.52.7.29
NotReadyAddresses: <none>
Ports:
Name Port Protocol
---- ---- --------
<unset> 10002 TCP
Events: <none>
服务和端点的描述:
# telnet 10.52.7.28 10002
Trying 10.52.7.28...
Connected to 10.52.7.28.
Escape character is '^]'.
^CConnection closed by foreign host.
#
# telnet 10.52.7.29 10002
Trying 10.52.7.29...
Connected to 10.52.7.29.
Escape character is '^]'.
^CConnection closed by foreign host.
#
# telnet hive 80
Trying 10.0.192.103...
telnet: Unable to connect to remote host: Connection refused
#
如果我直接执行Pod和telnet之一到Endpoint子集地址,则可以连接,但如果通过Service访问它,则连接被拒绝。为了完整起见,Service和Pod在同一个名称空间中:
Endpoints
有人知道为什么我可以直接连接到IP但不能通过Kubernetes Service吗?我认为这不是因为防火墙规则,因为那样它也应该阻止直接请求。
编辑:我怀疑这与运行kubectl describe svc/hive
时{{1}}为空有关,但是我可以在仪表板中看到Endpoints(在Service页面下)显示了这些内容。端点。
答案 0 :(得分:1)
端口名称必须在Service
和Endpoint
之间匹配。要么在服务中删除端口名,要么在端点中添加它。
apiVersion: v1
kind: Service
metadata:
name: hive
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 10002
---
apiVersion: v1
kind: Endpoints
metadata:
name: hive
subsets:
- addresses:
- ip: 10.52.7.28
- ip: 10.52.7.29
ports:
- name: http
port: 10002