无法在公共GKE集群中的Pod上访问Internet
我正在使用gke(1.16.13-gke.1)作为测试环境。我正在部署一个spring-boot应用程序,它已在gke集群上成功运行。问题是它无法与互联网通信。
这是我的部署清单。
apiVersion: apps/v1
kind: Deployment
metadata:
name: auth
namespace: lms-ff
spec:
replicas: 1
selector:
matchLabels:
app: auth
template:
metadata:
labels:
app: auth
spec:
containers:
- name: auth
image: gcr.io/sams-api:0.0.1.4.ms1
ports:
- containerPort: 8095
envFrom:
- configMapRef:
name: auth-properties
---
apiVersion: v1
kind: Service
metadata:
name: gcp-auth-service
namespace: lms-ff
spec:
selector:
app: auth
type: ClusterIP
ports:
- protocol: TCP
port: 8095
targetPort: 8095
这是我遇到的错误。
api-556c56df4b-pdtk9:/home/misyn/app# ping 4.2.2.2
PING 4.2.2.2 (4.2.2.2): 56 data bytes
64 bytes from 4.2.2.2: seq=0 ttl=59 time=10.762 ms
64 bytes from 4.2.2.2: seq=1 ttl=59 time=10.831 ms
64 bytes from 4.2.2.2: seq=2 ttl=59 time=10.932 ms
64 bytes from 4.2.2.2: seq=3 ttl=59 time=10.798 ms
^C
--- 4.2.2.2 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 10.762/10.830/10.932 ms
api-556c56df4b-pdtk9:/home/misyn/app# telnet 220.247.246.105 9010
Connection closed by foreign host
udayanga@udayanga-PC:~/Desktop/kubernetes$ kubectl get all -n lms-ff
NAME READY STATUS RESTARTS AGE
pod/api-556c56df4b-pdtk9 1/1 Running 0 6h27m
pod/auth-77c755b854-7bqts 1/1 Running 0 4h57m
pod/mariadb-555bcb6d95-5x6wx 1/1 Running 0 15h
pod/middle-767558df89-kc7kz 1/1 Running 0 12h
pod/portal-cf84d7845-vvxl7 1/1 Running 0 105m
pod/redis-b467466b5-ndlgb 1/1 Running 0 15h
pod/web-5b967cd44c-lbmnk 1/1 Running 0 103m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/gcp-api-service ClusterIP 10.0.13.15 <none> 8091/TCP 6h27m
service/gcp-auth-service ClusterIP 10.0.6.154 <none> 8095/TCP 4h57m
service/gcp-mariadb-service ClusterIP 10.0.14.196 <none> 3306/TCP 15h
service/gcp-middle-service ClusterIP 10.0.3.26 <none> 8093/TCP 6h49m
service/gcp-portal-service ClusterIP 10.0.1.229 <none> 8090/TCP 105m
service/gcp-redis-service ClusterIP 10.0.2.188 <none> 6379/TCP 15h
service/gcp-web-service LoadBalancer 10.0.3.141 static-ip 80:30376/TCP 14h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/api 1/1 1 1 6h27m
deployment.apps/auth 1/1 1 1 4h57m
deployment.apps/mariadb 1/1 1 1 15h
deployment.apps/middle 1/1 1 1 12h
deployment.apps/portal 1/1 1 1 105m
deployment.apps/redis 1/1 1 1 15h
deployment.apps/web 1/1 1 1 103m
NAME DESIRED CURRENT READY AGE
replicaset.apps/api-556c56df4b 1 1 1 6h28m
replicaset.apps/auth-77c755b854 1 1 1 4h57m
replicaset.apps/mariadb-555bcb6d95 1 1 1 15h
replicaset.apps/middle-767558df89 1 1 1 12h
replicaset.apps/portal-cf84d7845 1 1 1 105m
replicaset.apps/redis-b467466b5 1 1 1 15h
replicaset.apps/web-5b967cd44c 1 1 1 103m
udayanga@udayanga-PC:~/Desktop/kubernetes$
答案 0 :(得分:0)
您的服务文件定义了一个 ClusterIP 类型,该类型提供只能在您的 Kubernetes 集群内访问的 IP 地址。这是 Kubernetes 默认提供的内部 IP。
您应该定义一个 NodePort 类型的服务文件,它为您的节点提供一个外部 IP 地址。然后将节点的 IP 地址与服务文件中定义的 NodePort 号结合起来。
结果地址应该是这种格式 -> EXTERNAL_IP:NodePort
不要忘记创建防火墙规则,允许入口流量进入您的节点。
请查看 this documentation 以了解有关如何执行此操作的详细步骤。
答案 1 :(得分:0)
您的服务类型是
apiVersion: v1
kind: Service
metadata:
name: gcp-auth-service
namespace: lms-ff
spec:
selector:
app: auth
type: ClusterIP
ports:
- protocol: TCP
port: 8095
targetPort: 8095
ClusterIP 如果要将服务暴露给互联网,它应该是 LoadBalancer 或 NodePort。
集群 IP:服务只能在集群内部访问。
负载均衡器:使用 IP 地址将服务暴露给互联网
节点端口:它通过端口向互联网公开服务并使用节点 IP。
阅读更多信息:https://kubernetes.io/docs/concepts/services-networking/service/
您可以将服务类型更改为LoadBalancer并运行命令
kubectl get svc
您将看到带有 IP 地址的服务,并在浏览器中点击该 IP 地址,您将能够访问该服务。