附加到无状态集的无头服务端口问题
Issues with Ports on headless service attached to Stateless Set
您好,我正在尝试为 statefulSet 中的 Informix 容器公开 5 个端口。它附加了一个无头服务,以允许其他内部无状态集在内部与其通信。
我可以从我的 informix-0 pod 和其他 pods ping 无头服务 informix-set-service,但是当我尝试 nmap -p 9088 informix-set-service 时,端口被列为关闭。我假设这是因为我的 yaml 是错误的,但我终生无法找出错误所在。
看来无外设服务确实已连接并指向正确的状态集,并且在 minikube 仪表板内一切看起来都是正确的。
Service minikube dash screenshot
informix@informix-0:/$ nmap -p 9088 informix-set-service
Starting Nmap 6.47 ( http://nmap.org ) at 2019-08-20 03:50 UTC
Nmap scan report for informix-set-service (172.17.0.7)
Host is up (0.00011s latency).
rDNS record for 172.17.0.7: informix-0.informix.default.svc.cluster.local
PORT STATE SERVICE
9088/tcp closed unknown
Nmap done: 1 IP address (1 host up) scanned in 0.03 seconds
informix@informix-0:/$ nmap -p 9088 localhost
Starting Nmap 6.47 ( http://nmap.org ) at 2019-08-20 03:50 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00026s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT STATE SERVICE
9088/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
有人有什么想法吗?
部署 yaml 片段:
###############################################################################
# Informix Container
###############################################################################
#
# Headless service for Informix container StatefulSet.
# Headless service with clusterIP set to NULL
# create DNS records for Informix container hosts.
#
apiVersion: v1
kind: Service
metadata:
name: informix-set-service
labels:
component: informix-set-service
provider: IBM
spec:
clusterIP: None
ports:
- port: 9088
name: informix
- port: 9089
name: informix-dr
- port: 27017
name: mongo
- port: 27018
name: rest
- port: 27883
name: mqtt
selector:
component: informix-set-service
---
#
# Service for Informix container StatefulSet service.
# This is used as an external entry point for
# the ingress controller.
#
apiVersion: v1
kind: Service
metadata:
name: informix-service
labels:
component: informix-service
provider: 4js
spec:
ports:
- port: 9088
name: informix
- port: 9089
name: informix-dr
- port: 27017
name: mongo
- port: 27018
name: rest
- port: 27883
name: mqtt
selector:
component: informix-set-service
---
#
# StatefulSet for Informix cluster.
# StatefulSet sets predictible hostnames,and external storage is bound
# to the pods within StateFulSets for the life.
# Replica count configures number of Informix Server containers.
#
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: informix
labels:
app: informix
component: db
release: "12.10"
provider: IBM
spec:
serviceName: informix
#replicas: 2 #keep it simple for now...
selector:
matchLabels:
component: informix-set-service
template:
metadata:
labels:
component: informix-set-service
spec:
containers:
- name: informix
image: ibmcom/informix-innovator-c:12.10.FC12W1IE
tty: true
securityContext:
privileged: true
env:
- name: LICENSE
value: "accept"
- name: DBDATE
value: "DMY4"
- name: SIZE
value: "custom"
- name: DB_USER
value: "db_root"
- name: DB_NAME
value: "db_main"
- name: DB_PASS
value: "db_pass123"
ports:
- containerPort: 9088
name: informix
- containerPort: 9089
name: informix-dr
- containerPort: 27017
name: mongo
- containerPort: 27018
name: rest
- containerPort: 27883
name: mqtt
volumeMounts:
- name: data
mountPath: /opt/ibm/data
- name: bind-dir-mnt
mountPath: /mnt
- name: bind-patch-informix-setup-sqlhosts
mountPath: /opt/ibm/scripts/informix_setup_sqlhosts.sh
- name: bind-file-dbexport
mountPath: /opt/ibm/informix/bin/dbexport
- name: bind-file-dbimport
mountPath: /opt/ibm/informix/bin/dbimport
- name: bind-file-ontape
mountPath: /opt/ibm/informix/bin/ontape
- name: bind-file-informix-config
mountPath: /opt/ibm/data/informix_config.custom
- name: bind-file-sqlhosts
mountPath: /opt/ibm/data/sqlhosts
volumes:
- name: data
persistentVolumeClaim:
claimName: ifx-data
- name: bind-dir-mnt
hostPath:
path: <PROJECTDIR>/resources/informix
type: DirectoryOrCreate
- name: bind-patch-informix-setup-sqlhosts
hostPath:
path: <PROJECTDIR>/containers/informix/resources/scripts/informix_setup_sqlhosts.sh
type: File
- name: bind-file-dbexport
hostPath:
path: <PROJECTDIR>/containers/informix/resources/bin/dbexport
type: File
- name: bind-file-dbimport
hostPath:
path: <PROJECTDIR>/containers/informix/resources/bin/dbimport
type: File
- name: bind-file-ontape
hostPath:
path: <PROJECTDIR>/containers/informix/resources/bin/ontape
type: File
- name: bind-file-informix-config
hostPath:
path: <PROJECTDIR>/containers/informix/resources/informix_config.custom
type: File
- name: bind-file-sqlhosts
hostPath:
path: <PROJECTDIR>/containers/informix/resources/sqlhosts.k8s
type: File
---
编辑 1:(添加 ss -lnt 的输出)
informix@informix-0:/$ ss -lnt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 0 127.0.0.1:9088 *:*
LISTEN 0 0 127.0.0.1:9089 *:*
LISTEN 0 0 172.17.0.7:27017 *:*
LISTEN 0 0 172.17.0.7:27018 *:*
LISTEN 0 0 172.17.0.7:27883 *:*
LISTEN 0 0 *:22 *:*
LISTEN 0 0 :::22 :::*
根据 ss 输出,您正在监听 127.0.0.1,而不是所有接口:
informix@informix-0:/$ ss -lnt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 0 127.0.0.1:9088 *:*
LISTEN 0 0 127.0.0.1:9089 *:*
您需要调整您的应用程序配置以侦听类似 0.0.0.0 的内容,以使其能够从 pod 外部访问。
您好,我正在尝试为 statefulSet 中的 Informix 容器公开 5 个端口。它附加了一个无头服务,以允许其他内部无状态集在内部与其通信。
我可以从我的 informix-0 pod 和其他 pods ping 无头服务 informix-set-service,但是当我尝试 nmap -p 9088 informix-set-service 时,端口被列为关闭。我假设这是因为我的 yaml 是错误的,但我终生无法找出错误所在。
看来无外设服务确实已连接并指向正确的状态集,并且在 minikube 仪表板内一切看起来都是正确的。
Service minikube dash screenshot
informix@informix-0:/$ nmap -p 9088 informix-set-service
Starting Nmap 6.47 ( http://nmap.org ) at 2019-08-20 03:50 UTC
Nmap scan report for informix-set-service (172.17.0.7)
Host is up (0.00011s latency).
rDNS record for 172.17.0.7: informix-0.informix.default.svc.cluster.local
PORT STATE SERVICE
9088/tcp closed unknown
Nmap done: 1 IP address (1 host up) scanned in 0.03 seconds
informix@informix-0:/$ nmap -p 9088 localhost
Starting Nmap 6.47 ( http://nmap.org ) at 2019-08-20 03:50 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00026s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT STATE SERVICE
9088/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
有人有什么想法吗?
部署 yaml 片段:
###############################################################################
# Informix Container
###############################################################################
#
# Headless service for Informix container StatefulSet.
# Headless service with clusterIP set to NULL
# create DNS records for Informix container hosts.
#
apiVersion: v1
kind: Service
metadata:
name: informix-set-service
labels:
component: informix-set-service
provider: IBM
spec:
clusterIP: None
ports:
- port: 9088
name: informix
- port: 9089
name: informix-dr
- port: 27017
name: mongo
- port: 27018
name: rest
- port: 27883
name: mqtt
selector:
component: informix-set-service
---
#
# Service for Informix container StatefulSet service.
# This is used as an external entry point for
# the ingress controller.
#
apiVersion: v1
kind: Service
metadata:
name: informix-service
labels:
component: informix-service
provider: 4js
spec:
ports:
- port: 9088
name: informix
- port: 9089
name: informix-dr
- port: 27017
name: mongo
- port: 27018
name: rest
- port: 27883
name: mqtt
selector:
component: informix-set-service
---
#
# StatefulSet for Informix cluster.
# StatefulSet sets predictible hostnames,and external storage is bound
# to the pods within StateFulSets for the life.
# Replica count configures number of Informix Server containers.
#
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: informix
labels:
app: informix
component: db
release: "12.10"
provider: IBM
spec:
serviceName: informix
#replicas: 2 #keep it simple for now...
selector:
matchLabels:
component: informix-set-service
template:
metadata:
labels:
component: informix-set-service
spec:
containers:
- name: informix
image: ibmcom/informix-innovator-c:12.10.FC12W1IE
tty: true
securityContext:
privileged: true
env:
- name: LICENSE
value: "accept"
- name: DBDATE
value: "DMY4"
- name: SIZE
value: "custom"
- name: DB_USER
value: "db_root"
- name: DB_NAME
value: "db_main"
- name: DB_PASS
value: "db_pass123"
ports:
- containerPort: 9088
name: informix
- containerPort: 9089
name: informix-dr
- containerPort: 27017
name: mongo
- containerPort: 27018
name: rest
- containerPort: 27883
name: mqtt
volumeMounts:
- name: data
mountPath: /opt/ibm/data
- name: bind-dir-mnt
mountPath: /mnt
- name: bind-patch-informix-setup-sqlhosts
mountPath: /opt/ibm/scripts/informix_setup_sqlhosts.sh
- name: bind-file-dbexport
mountPath: /opt/ibm/informix/bin/dbexport
- name: bind-file-dbimport
mountPath: /opt/ibm/informix/bin/dbimport
- name: bind-file-ontape
mountPath: /opt/ibm/informix/bin/ontape
- name: bind-file-informix-config
mountPath: /opt/ibm/data/informix_config.custom
- name: bind-file-sqlhosts
mountPath: /opt/ibm/data/sqlhosts
volumes:
- name: data
persistentVolumeClaim:
claimName: ifx-data
- name: bind-dir-mnt
hostPath:
path: <PROJECTDIR>/resources/informix
type: DirectoryOrCreate
- name: bind-patch-informix-setup-sqlhosts
hostPath:
path: <PROJECTDIR>/containers/informix/resources/scripts/informix_setup_sqlhosts.sh
type: File
- name: bind-file-dbexport
hostPath:
path: <PROJECTDIR>/containers/informix/resources/bin/dbexport
type: File
- name: bind-file-dbimport
hostPath:
path: <PROJECTDIR>/containers/informix/resources/bin/dbimport
type: File
- name: bind-file-ontape
hostPath:
path: <PROJECTDIR>/containers/informix/resources/bin/ontape
type: File
- name: bind-file-informix-config
hostPath:
path: <PROJECTDIR>/containers/informix/resources/informix_config.custom
type: File
- name: bind-file-sqlhosts
hostPath:
path: <PROJECTDIR>/containers/informix/resources/sqlhosts.k8s
type: File
---
编辑 1:(添加 ss -lnt 的输出)
informix@informix-0:/$ ss -lnt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 0 127.0.0.1:9088 *:*
LISTEN 0 0 127.0.0.1:9089 *:*
LISTEN 0 0 172.17.0.7:27017 *:*
LISTEN 0 0 172.17.0.7:27018 *:*
LISTEN 0 0 172.17.0.7:27883 *:*
LISTEN 0 0 *:22 *:*
LISTEN 0 0 :::22 :::*
根据 ss 输出,您正在监听 127.0.0.1,而不是所有接口:
informix@informix-0:/$ ss -lnt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 0 127.0.0.1:9088 *:*
LISTEN 0 0 127.0.0.1:9089 *:*
您需要调整您的应用程序配置以侦听类似 0.0.0.0 的内容,以使其能够从 pod 外部访问。