从外部访问 nginx 部署时遇到问题
Trouble accessing nginx deployment externally
我可以 curl
公开 nginx
部署:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 2
selector:
matchLabels:
app: nginx
tr: frnt
template:
metadata:
labels:
app: nginx
tr: frnt
spec:
containers:
- image: nginx
name: nginx
ports:
- containerPort: 80
restartPolicy: Always
----
apiVersion: v1
kind: Service
metadata:
name: web-dep-nodeport-service
spec:
selector:
tr: frnt
ports:
- nodePort: 30000
port: 80
type: NodePort
在节点上,成功:
user@gke-cluster-1-default-pool-xxxx ~ $ curl -Lvso /dev/null http://localhost:30000
* Rebuilt URL to: http://localhost:30000/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 30000 (#0)
> GET / HTTP/1.1
> Host: localhost:30000
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.9.15
< Date: Sun, 22 Apr 2018 04:40:24 GMT
< Content-Type: text/html
< Content-Length: 612
< Last-Modified: Tue, 19 Apr 2016 17:27:46 GMT
< Connection: keep-alive
< ETag: "xxxxx"
< Accept-Ranges: bytes
<
{ [612 bytes data]
* Connection #0 to host localhost left intact
但是当在外部机器上尝试相同的命令时,使用节点 EXTERNAL_IP
(来自 gcloud compute instances list
),我得到:
$ curl -Lvso /dev/null http://x.x.x.x:30000 &> result.txt &
$ cat result.txt
* Rebuilt URL to: http://x.x.x.x:30000/
* Trying x.x.x.x...
* connect to x.x.x.x port 30000 failed: Connection timed out
* Failed to connect to x.x.x.x port 30000: Connection timed out
* Closing connection 0
我可以 ping
EXTERNAL_IP
成功:
ping -c 2 x.x.x.x
PING x.x.x.x (x.x.x.x) 56(84) bytes of data.
64 bytes from x.x.x.x: icmp_seq=1 ttl=56 time=32.4 ms
64 bytes from x.x.x.x: icmp_seq=2 ttl=56 time=33.7 ms
--- x.x.x.x ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 32.456/33.099/33.742/0.643 ms
我可以在这里做什么来将 nodePort
暴露在外部?
这已通过创建防火墙规则解决:
gcloud compute firewall-rules create nginx-rule --allow tcp:30000
我可以 curl
公开 nginx
部署:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 2
selector:
matchLabels:
app: nginx
tr: frnt
template:
metadata:
labels:
app: nginx
tr: frnt
spec:
containers:
- image: nginx
name: nginx
ports:
- containerPort: 80
restartPolicy: Always
----
apiVersion: v1
kind: Service
metadata:
name: web-dep-nodeport-service
spec:
selector:
tr: frnt
ports:
- nodePort: 30000
port: 80
type: NodePort
在节点上,成功:
user@gke-cluster-1-default-pool-xxxx ~ $ curl -Lvso /dev/null http://localhost:30000
* Rebuilt URL to: http://localhost:30000/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 30000 (#0)
> GET / HTTP/1.1
> Host: localhost:30000
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.9.15
< Date: Sun, 22 Apr 2018 04:40:24 GMT
< Content-Type: text/html
< Content-Length: 612
< Last-Modified: Tue, 19 Apr 2016 17:27:46 GMT
< Connection: keep-alive
< ETag: "xxxxx"
< Accept-Ranges: bytes
<
{ [612 bytes data]
* Connection #0 to host localhost left intact
但是当在外部机器上尝试相同的命令时,使用节点 EXTERNAL_IP
(来自 gcloud compute instances list
),我得到:
$ curl -Lvso /dev/null http://x.x.x.x:30000 &> result.txt &
$ cat result.txt
* Rebuilt URL to: http://x.x.x.x:30000/
* Trying x.x.x.x...
* connect to x.x.x.x port 30000 failed: Connection timed out
* Failed to connect to x.x.x.x port 30000: Connection timed out
* Closing connection 0
我可以 ping
EXTERNAL_IP
成功:
ping -c 2 x.x.x.x
PING x.x.x.x (x.x.x.x) 56(84) bytes of data.
64 bytes from x.x.x.x: icmp_seq=1 ttl=56 time=32.4 ms
64 bytes from x.x.x.x: icmp_seq=2 ttl=56 time=33.7 ms
--- x.x.x.x ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 32.456/33.099/33.742/0.643 ms
我可以在这里做什么来将 nodePort
暴露在外部?
这已通过创建防火墙规则解决:
gcloud compute firewall-rules create nginx-rule --allow tcp:30000