我无法从 Pod 访问服务,当我从 Pod 控制台运行 curl serviceIP:port
命令时,出现以下错误:
root@strongswan-deployment-7bc4c96494-qmb46:/# curl -v 10.111.107.133:80
* Trying 10.111.107.133:80...
* TCP_NODELAY set
* connect to 10.111.107.133 port 80 failed: Connection timed out
* Failed to connect to 10.111.107.133 port 80: Connection timed out
* Closing connection 0
curl: (28) Failed to connect to 10.111.107.133 port 80: Connection timed out
这是我的 yaml 文件:
apiVersion: apps/v1
kind: Deployment
metadata:
name: strongswan-deployment
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: strongswan
template:
metadata:
labels:
app: strongswan
spec:
containers:
- name: strongswan-container
image: 192.168.39.1:5000/mystrongswan
ports:
- containerPort: 80
command: ["/bin/bash", "-c", "--"]
args: ["while true; do sleep 30; done;"]
securityContext:
privileged: true
imagePullSecrets:
- name: dockerregcred
---
apiVersion: v1
kind: Service
metadata:
namespace: default
name: strongswan-service
spec:
selector:
app: strongswan
ports:
- port: 80 # Port exposed to the cluster
protocol: TCP
targetPort: 80 # Port on which the pod listens
我尝试使用 Nginx pod,这次它工作正常,我可以使用 curl 命令连接到 Nginx 服务。
我不知道问题出在哪里,因为它适用于 Nginx pod。我做错了什么?
我使用 minikube :
user@user-ThinkCentre-M91p:~/minikube$ minikube version
minikube version: v1.20.0
commit: c61663e942ec43b20e8e70839dcca52e44cd85ae
编辑
我的第二个 pod yaml 文件
apiVersion: apps/v1
kind: Deployment
metadata:
name: godart-deployment
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: godart
template:
metadata:
labels:
app: godart
spec:
containers:
- name: godart-container
image: 192.168.39.1:5000/mygodart
ports:
- containerPort: 9020
imagePullSecrets:
- name: dockerregcred
---
apiVersion: v1
kind: Service
metadata:
namespace: default
name: godart-service
spec:
selector:
app: godart
ports:
- port: 9020 # Port exposed to the cluster
protocol: TCP
targetPort: 9020 # Port on which the pod listens
错误:
[root@godart-deployment-648fb8757c-6mscv /]# curl -v 10.104.206.191:9020
* About to connect() to 10.104.206.191 port 9020 (#0)
* Trying 10.104.206.191...
* Connection timed out
* Failed connect to 10.104.206.191:9020; Connection timed out
* Closing connection 0
curl: (7) Failed connect to 10.104.206.191:9020; Connection timed out
码头文件:
FROM centos/systemd
ENV container docker
RUN yum -y update; yum clean all
RUN yum -y install systemd; yum clean all; \
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
COPY /godart* /home
RUN yum install -y /home/GoDart-3.3-b10.el7.x86_64.rpm
RUN yum install -y /home/GoDartHmi-3.3-b10.el7.x86_64.rpm
CMD ["/usr/sbin/init"]
编辑编辑:
我通过添加一个可以响应 http 请求的文件解决了我的问题,这是该文件:
var http = require('http');
var handleRequest = function(request, response) {
console.log('Received request for URL: ' + request.url);
response.writeHead(200);
response.end('Hello World!');
};
var www = http.createServer(handleRequest);
www.listen(9020, "0.0.0.0");
要使其工作,您必须安装 Node js 环境。
使用以下命令运行脚本:node filename.js
之后,我可以卷曲我的服务。
我真的不明白为什么它现在有效,有没有人解释一下?
谢谢
答案 0 :(得分:0)
您的 strongswan-container
容器正在使用 bash -c -- "while true; do sleep 30; done;"
作为命令。
sleep 命令显然不监听任何端口。
当您尝试在端口 80 上 curl 服务时,会尝试在端口 80 上与 Pod 建立 TCP 连接,但由于 Pod 中没有此类端口侦听,因此连接尝试失败。
答案 1 :(得分:0)
如何在不使用 sleep 命令的情况下修复此错误?
如果我很好地理解您的问题,我知道您的问题的 2 个解决方案。首先,您可以了解CrashLoopBackOff 的工作原理。然后您可以更改Container restart policy。最重要的字段应该是:lastProbeTime
。这意味着 Timestamp of when the Pod condition was last probed.
第二个解决方案应该是创建一个 readiness probe。您也可以here阅读更多相关信息。