Windows 部署在 ACS kubernetes 集群中的容器无法使用分配的 Public IP 访问?
Windows container deployed in ACS kubernetes cluster not able to be reached using the assigned Public IP?
我已经部署了一个 windows 容器,它使用 docker 在我的本地系统中成功运行。将镜像移动到 Azure 容器注册表并将镜像从 ACR 部署到 Azure 容器服务 kubernetes 集群
簇。它说它已成功部署,但我们无法使用分配给它的 public IP 访问它。
Docker 文件
# The `FROM` instruction specifies the base image. You are
# extending the `microsoft/aspnet` image.
FROM microsoft/aspnet
# The final instruction copies the site you published earlier into the container.
COPY . /inetpub/wwwroot
清单文件 YAML
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: ewimscloudpoc-v1
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
minReadySeconds: 5
template:
metadata:
labels:
app: ewimscloudpoc-v1
spec:
containers:
- name: ewims
image: acraramsam.azurecr.io/ewims:v1
ports:
- containerPort: 80
args: ["-it"]
resources:
requests:
cpu: 250m
limits:
cpu: 500m
env:
- name: dev
value: "ewimscloudpoc-v1"
nodeSelector:
beta.kubernetes.io/os: windows
---
apiVersion: v1
kind: Service
metadata:
name: ewimscloudpoc-v1
spec:
loadBalancerIP: 104.40.9.103
type: LoadBalancer
ports:
- port: 80
selector:
app: ewimscloudpoc-v1
这是在yaml文件中编写的用于从ACR部署到ACS的代码
用于部署的命令:kubectl create -f filename.yaml
当到达浏览器中分配的 IP 时,它说未到达站点。
D:\>kubectl describe po ewimscloudpoc-v1-2192714781-hg5z3
Name: ewimscloudpoc-v1-2192714781-hg5z3
Namespace: default
Node: 54d99acs9000/10.240.0.4
Start Time: Fri, 21 Dec 2018 18:42:38 +0530
Labels: app=ewimscloudpoc-v1
pod-template-hash=2192714781
Annotations: kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"default","name":"ewimscloudpoc-v1-2192714781","uid":"170fbfeb-0522-11e9-9805-000d...
Status: Pending
IP:
Controlled By: ReplicaSet/ewimscloudpoc-v1-2192714781
Containers:
ewims:
Container ID:
Image: acraramsam.azurecr.io/ewims:v1
Image ID:
Port: 80/TCP
Host Port: 0/TCP
Args:
-it
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Limits:
cpu: 500m
Requests:
cpu: 250m
Environment:
dev: ewimscloudpoc-v1
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-8nmv0 (ro)
Conditions:
Type Status
Initialized True
Ready False
PodScheduled True
Volumes:
default-token-8nmv0:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-8nmv0
Optional: false
QoS Class: Burstable
Node-Selectors: beta.kubernetes.io/os=windows
Tolerations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 11m default-scheduler Successfully assigned ewimscloudpoc-v1-2192714781-hg5z3 to 54d99acs9000
Normal SuccessfulMountVolume 11m kubelet, 54d99acs9000 MountVolume.SetUp succeeded for volume "default-token-8nmv0"
Normal Pulling 1m (x7 over 11m) kubelet, 54d99acs9000 pulling image "acraramsam.azurecr.io/ewims:v1"
Warning FailedSync 7s (x56 over 11m) kubelet, 54d99acs9000 Error syncing pod
Normal BackOff 7s (x49 over 11m) kubelet, 54d99acs9000 Back-off pulling image "acraramsam.azurecr.io/ewims:v1"
由于您没有 ACR 的秘密,您的 pod 无法创建:
kubectrl create secret docker-registry <SECRET_NAME> --docker-server <REGISTRY_NAME>.azurecr.io --docker-email <YOUR_MAIL> --docker-username=<SERVICE_PRINCIPAL_ID> --docker-password <YOUR_PASSWORD>
https://thorsten-hans.com/how-to-use-a-private-azure-container-registry-with-kubernetes-9b86e67b93b6
如本 link - https://thorsten-hans.com/how-to-use-a-private-azure-container-registry-with-kubernetes-9b86e67b93b6 所述,添加了 ACS 访问 ACR 存储库的安全规则,并更新了我的 docker 文件,如下修复了我的问题,
FROM microsoft/iis:10.0.14393.206
SHELL ["powershell"]
RUN Install-WindowsFeature NET-Framework-45-ASPNET ; \
Install-WindowsFeature Web-Asp-Net45
COPY sampleapp sampleapp
RUN Remove-WebSite -Name 'Default Web Site'
RUN New-Website -Name 'sampleapp' -Port 80 \
-PhysicalPath 'c:\sampleapp' -ApplicationPool '.NET v4.5'
EXPOSE 80
CMD ["ping", "-t", "localhost"]
我已经部署了一个 windows 容器,它使用 docker 在我的本地系统中成功运行。将镜像移动到 Azure 容器注册表并将镜像从 ACR 部署到 Azure 容器服务 kubernetes 集群 簇。它说它已成功部署,但我们无法使用分配给它的 public IP 访问它。
Docker 文件
# The `FROM` instruction specifies the base image. You are
# extending the `microsoft/aspnet` image.
FROM microsoft/aspnet
# The final instruction copies the site you published earlier into the container.
COPY . /inetpub/wwwroot
清单文件 YAML
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: ewimscloudpoc-v1
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
minReadySeconds: 5
template:
metadata:
labels:
app: ewimscloudpoc-v1
spec:
containers:
- name: ewims
image: acraramsam.azurecr.io/ewims:v1
ports:
- containerPort: 80
args: ["-it"]
resources:
requests:
cpu: 250m
limits:
cpu: 500m
env:
- name: dev
value: "ewimscloudpoc-v1"
nodeSelector:
beta.kubernetes.io/os: windows
---
apiVersion: v1
kind: Service
metadata:
name: ewimscloudpoc-v1
spec:
loadBalancerIP: 104.40.9.103
type: LoadBalancer
ports:
- port: 80
selector:
app: ewimscloudpoc-v1
这是在yaml文件中编写的用于从ACR部署到ACS的代码 用于部署的命令:kubectl create -f filename.yaml
当到达浏览器中分配的 IP 时,它说未到达站点。
D:\>kubectl describe po ewimscloudpoc-v1-2192714781-hg5z3
Name: ewimscloudpoc-v1-2192714781-hg5z3
Namespace: default
Node: 54d99acs9000/10.240.0.4
Start Time: Fri, 21 Dec 2018 18:42:38 +0530
Labels: app=ewimscloudpoc-v1
pod-template-hash=2192714781
Annotations: kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"default","name":"ewimscloudpoc-v1-2192714781","uid":"170fbfeb-0522-11e9-9805-000d...
Status: Pending
IP:
Controlled By: ReplicaSet/ewimscloudpoc-v1-2192714781
Containers:
ewims:
Container ID:
Image: acraramsam.azurecr.io/ewims:v1
Image ID:
Port: 80/TCP
Host Port: 0/TCP
Args:
-it
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Limits:
cpu: 500m
Requests:
cpu: 250m
Environment:
dev: ewimscloudpoc-v1
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-8nmv0 (ro)
Conditions:
Type Status
Initialized True
Ready False
PodScheduled True
Volumes:
default-token-8nmv0:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-8nmv0
Optional: false
QoS Class: Burstable
Node-Selectors: beta.kubernetes.io/os=windows
Tolerations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 11m default-scheduler Successfully assigned ewimscloudpoc-v1-2192714781-hg5z3 to 54d99acs9000
Normal SuccessfulMountVolume 11m kubelet, 54d99acs9000 MountVolume.SetUp succeeded for volume "default-token-8nmv0"
Normal Pulling 1m (x7 over 11m) kubelet, 54d99acs9000 pulling image "acraramsam.azurecr.io/ewims:v1"
Warning FailedSync 7s (x56 over 11m) kubelet, 54d99acs9000 Error syncing pod
Normal BackOff 7s (x49 over 11m) kubelet, 54d99acs9000 Back-off pulling image "acraramsam.azurecr.io/ewims:v1"
由于您没有 ACR 的秘密,您的 pod 无法创建:
kubectrl create secret docker-registry <SECRET_NAME> --docker-server <REGISTRY_NAME>.azurecr.io --docker-email <YOUR_MAIL> --docker-username=<SERVICE_PRINCIPAL_ID> --docker-password <YOUR_PASSWORD>
https://thorsten-hans.com/how-to-use-a-private-azure-container-registry-with-kubernetes-9b86e67b93b6
如本 link - https://thorsten-hans.com/how-to-use-a-private-azure-container-registry-with-kubernetes-9b86e67b93b6 所述,添加了 ACS 访问 ACR 存储库的安全规则,并更新了我的 docker 文件,如下修复了我的问题,
FROM microsoft/iis:10.0.14393.206
SHELL ["powershell"]
RUN Install-WindowsFeature NET-Framework-45-ASPNET ; \
Install-WindowsFeature Web-Asp-Net45
COPY sampleapp sampleapp
RUN Remove-WebSite -Name 'Default Web Site'
RUN New-Website -Name 'sampleapp' -Port 80 \
-PhysicalPath 'c:\sampleapp' -ApplicationPool '.NET v4.5'
EXPOSE 80
CMD ["ping", "-t", "localhost"]