将在kubernetes上运行的Zookeeper实例公开到互联网上。
(底部提供配置和版本信息)
我目前有一个minikube
集群,在ubuntu 14.04
容器上运行。
我正在运行一个裸机k8s集群,并且试图将Zookeeper服务公开到互联网。鉴于我的集群未在云提供商上运行,我设置了docker
,以便为我的zookeeper服务提供网络负载均衡器实现。
启动时,一切看起来都很好,分配了一个外部IP,我可以通过curl命令从同一主机访问它。
metallb
当我卷曲上述外部IP时,我得到一个有效的响应
$ kubectl get pods -n metallb-system
NAME READY STATUS RESTARTS AGE
controller-5c9894b5cd-9gh8m 1/1 Running 0 5h59m
speaker-j2z8q 1/1 Running 0 5h59m
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.xxx.xxx.xxx <none> 443/TCP 6d19h
zk-cs LoadBalancer 10.xxx.xxx.xxx 172.1.1.x 2181:30035/TCP 56m
zk-hs LoadBalancer 10.xxx.xxx.xxx 172.1.1.x 2888:30664/TCP,3888:31113/TCP 6m15s
到目前为止,一切看起来都不错,我可以从集群外部访问LB没问题,但这就是我缺乏Kubernetes /网络知识的原因,我发现无法将此LB暴露给互联网。我曾尝试运行寄予厚望的$ curl -D- "http://172.1.1.x:2181"
curl: (52) Empty reply from server
,但对此深表失望。
在minikube隧道运行时,从另一个节点运行curl命令只会看到请求超时。
minikube tunnel
在这一点上,正如我之前提到的,我被困住了。
我有什么办法可以使这项服务在不暴露给$ curl -D- "http://172.1.1.x:2181"
curl: (28) Failed to connect to 172.1.1.x port 2181: Timed out
或AWS
的情况下暴露于互联网上?
任何帮助将不胜感激。
GCP
apiVersion: v1
kind: Service
metadata:
name: zk-hs
labels:
app: zk
spec:
selector:
app: zk
ports:
- port: 2888
targetPort: 2888
name: server
protocol: TCP
- port: 3888
targetPort: 3888
name: leader-election
protocol: TCP
clusterIP: ""
type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
name: zk-cs
labels:
app: zk
spec:
selector:
app: zk
ports:
- name: client
protocol: TCP
port: 2181
targetPort: 2181
type: LoadBalancer
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: zk-pdb
spec:
selector:
matchLabels:
app: zk
maxUnavailable: 1
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: zk
spec:
selector:
matchLabels:
app: zk
serviceName: zk-hs
replicas: 1
updateStrategy:
type: RollingUpdate
podManagementPolicy: OrderedReady
template:
metadata:
labels:
app: zk
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- zk
topologyKey: "kubernetes.io/hostname"
containers:
- name: zookeeper
imagePullPolicy: Always
image: "library/zookeeper:3.6"
resources:
requests:
memory: "1Gi"
cpu: "0.5"
ports:
- containerPort: 2181
name: client
- containerPort: 2888
name: server
- containerPort: 3888
name: leader-election
volumeMounts:
- name: datadir
mountPath: /var/lib/zookeeper
- name: zoo-config
mountPath: /conf
volumes:
- name: zoo-config
configMap:
name: zoo-config
securityContext:
fsGroup: 2000
runAsUser: 1000
runAsNonRoot: true
volumeClaimTemplates:
- metadata:
name: datadir
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: ConfigMap
metadata:
name: zoo-config
namespace: default
data:
zoo.cfg: |
tickTime=10000
dataDir=/var/lib/zookeeper
clientPort=2181
initLimit=10
syncLimit=4
minikube:apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- 172.1.1.1-172.1.1.10
码头工人:v1.13.1
答案 0 :(得分:2)
您可以使用minikube做到这一点,但是minikube的想法只是在您的本地环境中测试东西。因此,默认情况下,它没有正确的IPTable权限,是的,您可以对其进行调整,但是如果您的目标是仅在没有任何响亮的提供程序的情况下使用,那么我建议您使用kubeadm
({{ 3}})。
该工具将为您提供非常可定制的群集配置,并且您可以轻松设置网络问题。