服务不在 kubernetes 中公开

Service not exposing in kubernetes

我在 GKE 中有一个部署和一个服务。我将部署公开为负载均衡器,但无法通过服务(curl 或浏览器)访问它。我得到一个:

curl: (7) Failed to connect to <my-Ip-Address> port 443: Connection refused

我可以直接转发到 pod 并且工作正常:

kubectl --namespace=redfalcon port-forward web-service-rf-76967f9c68-2zbhm 9999:443 >> /dev/null

curl -k -v --request POST   --url https://localhost:9999/auth/login/   --header 'content-type: application/json'   --header 'x-profile-key: '   --data '{"email":"<testusername>","password":"<testpassword>"}'

我很可能错误配置了我的服务,但看不出如何。非常感谢对我所做的任何帮助。

服务 Yaml:

---
apiVersion: v1
kind: Service
metadata:
  name: red-falcon-lb
  namespace: redfalcon
spec:
  type: LoadBalancer
  ports:
  - name: https
    port: 443
    protocol: TCP
  selector:
   app: web-service-rf

部署 YAML

apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: Deployment
metadata:
  name: web-service-rf
spec:
  selector:
    matchLabels:
      app: web-service-rf
  replicas: 2 # tells deployment to run 2 pods matching the template
  template:
    metadata:
      labels:
        app: web-service-rf
    spec:
      initContainers:
        - name: certificate-init-container
          image: proofpoint/certificate-init-container:0.2.0
          imagePullPolicy: Always
          env:
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
          args:
            - "-namespace=$(NAMESPACE)"
            - "-pod-name=$(POD_NAME)"
            - "-query-k8s"
          volumeMounts:
            - name: tls
              mountPath: /etc/tls
      containers:
        - name: web-service-rf
          image: gcr.io/redfalcon-186521/redfalcon-webserver-minimal:latest
#          image: gcr.io/redfalcon-186521/redfalcon-webserver-full:latest
          command:
            - "./server"
            - "--port=443"
          imagePullPolicy: Always
          env:
            - name: GOOGLE_APPLICATION_CREDENTIALS
              value: /var/secrets/google/key.json
          ports:
            - containerPort: 443
          resources:
            limits:
              memory: "500Mi"
              cpu: "100m"
          volumeMounts:
          - mountPath: /etc/tls
            name: tls
          - mountPath: /var/secrets/google
            name: google-cloud-key
      volumes:
        - name: tls
          emptyDir: {}
        - name: google-cloud-key
          secret:
           secretName: pubsub-key

输出:kubectl describe svc red-falcon-lb

Name:                     red-falcon-lb
Namespace:                redfalcon
Labels:                   <none>
Annotations:              kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"red-falcon-lb","namespace":"redfalcon"},"spec":{"ports":[{"name":"https","port...
Selector:                 app=web-service-rf
Type:                     LoadBalancer
IP:                       10.43.245.9
LoadBalancer Ingress:     <EXTERNAL IP REDACTED>
Port:                     https  443/TCP
TargetPort:               443/TCP
NodePort:                 https  31524/TCP
Endpoints:                10.40.0.201:443,10.40.0.202:443
Session Affinity:         None
External Traffic Policy:  Cluster
Events:
  Type    Reason                Age   From                Message
  ----    ------                ----  ----                -------
  Normal  EnsuringLoadBalancer  39m   service-controller  Ensuring load balancer
  Normal  EnsuredLoadBalancer   38m   service-controller  Ensured load balancer

我明白这是什么了...

我的 golang 应用程序正在侦听本地主机而不是 0.0.0.0。这意味着 kubectl 上的端口转发有效,但任何服务公开都不起作用。

我不得不在我的 k8s 命令中添加“--host 0.0.0.0”,然后它会监听来自本地主机外部的请求。

我的命令最终是...

"./server --port 8080 --host 0.0.0.0"