无法通过具有指定端点的 Kubernetes 服务访问服务
Can't access Service via Kubernetes Service with specified endpoints
我创建了一个 Kubernetes Service,其后端节点不是集群的一部分,而是一组固定的节点(具有固定的 IP),因此我还创建了具有相同名称的 Endpoints 资源:
apiVersion: v1
kind: Service
metadata:
name: hive
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 10002
---
apiVersion: v1
kind: Endpoints
metadata:
name: hive
subsets:
- addresses:
- ip: 10.52.7.28
- ip: 10.52.7.29
ports:
- port: 10002
服务和端点的描述:
$ kubectl describe svc/hive
Name: hive
Namespace: default
Labels: <none>
Annotations: <none>
Selector: <none>
Type: ClusterIP
IP: 10.0.192.103
Port: http 80/TCP
TargetPort: 10002/TCP
Endpoints:
Session Affinity: None
Events: <none>
$
$ kubectl describe ep/hive
Name: hive
Namespace: default
Labels: <none>
Annotations: <none>
Subsets:
Addresses: 10.52.7.28,10.52.7.29
NotReadyAddresses: <none>
Ports:
Name Port Protocol
---- ---- --------
<unset> 10002 TCP
Events: <none>
如果我执行 pods 之一并直接通过 telnet 连接到端点子集地址,我可以连接,但是如果我通过服务访问它,我会收到连接被拒绝的信息。为了完整起见,Service 和 pod 在同一个命名空间中:
# telnet 10.52.7.28 10002
Trying 10.52.7.28...
Connected to 10.52.7.28.
Escape character is '^]'.
^CConnection closed by foreign host.
#
# telnet 10.52.7.29 10002
Trying 10.52.7.29...
Connected to 10.52.7.29.
Escape character is '^]'.
^CConnection closed by foreign host.
#
# telnet hive 80
Trying 10.0.192.103...
telnet: Unable to connect to remote host: Connection refused
#
知道为什么我可以直接连接到 IP 但不能通过 Kubernetes 服务吗?我相信这不是因为防火墙规则,因为它也应该阻止直接请求。
编辑: 我怀疑这与 运行 kubectl describe svc/hive 时 Endpoints 为空有关,但我可以在仪表板中看到端点(在服务页面下)显示了这些端点。
端口名称必须在 Service 和 Endpoint 之间匹配。删除服务中的端口名称或将其添加到端点中。
apiVersion: v1
kind: Service
metadata:
name: hive
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 10002
---
apiVersion: v1
kind: Endpoints
metadata:
name: hive
subsets:
- addresses:
- ip: 10.52.7.28
- ip: 10.52.7.29
ports:
- name: http
port: 10002
我创建了一个 Kubernetes Service,其后端节点不是集群的一部分,而是一组固定的节点(具有固定的 IP),因此我还创建了具有相同名称的 Endpoints 资源:
apiVersion: v1
kind: Service
metadata:
name: hive
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 10002
---
apiVersion: v1
kind: Endpoints
metadata:
name: hive
subsets:
- addresses:
- ip: 10.52.7.28
- ip: 10.52.7.29
ports:
- port: 10002
服务和端点的描述:
$ kubectl describe svc/hive
Name: hive
Namespace: default
Labels: <none>
Annotations: <none>
Selector: <none>
Type: ClusterIP
IP: 10.0.192.103
Port: http 80/TCP
TargetPort: 10002/TCP
Endpoints:
Session Affinity: None
Events: <none>
$
$ kubectl describe ep/hive
Name: hive
Namespace: default
Labels: <none>
Annotations: <none>
Subsets:
Addresses: 10.52.7.28,10.52.7.29
NotReadyAddresses: <none>
Ports:
Name Port Protocol
---- ---- --------
<unset> 10002 TCP
Events: <none>
如果我执行 pods 之一并直接通过 telnet 连接到端点子集地址,我可以连接,但是如果我通过服务访问它,我会收到连接被拒绝的信息。为了完整起见,Service 和 pod 在同一个命名空间中:
# telnet 10.52.7.28 10002
Trying 10.52.7.28...
Connected to 10.52.7.28.
Escape character is '^]'.
^CConnection closed by foreign host.
#
# telnet 10.52.7.29 10002
Trying 10.52.7.29...
Connected to 10.52.7.29.
Escape character is '^]'.
^CConnection closed by foreign host.
#
# telnet hive 80
Trying 10.0.192.103...
telnet: Unable to connect to remote host: Connection refused
#
知道为什么我可以直接连接到 IP 但不能通过 Kubernetes 服务吗?我相信这不是因为防火墙规则,因为它也应该阻止直接请求。
编辑: 我怀疑这与 运行 kubectl describe svc/hive 时 Endpoints 为空有关,但我可以在仪表板中看到端点(在服务页面下)显示了这些端点。
端口名称必须在 Service 和 Endpoint 之间匹配。删除服务中的端口名称或将其添加到端点中。
apiVersion: v1
kind: Service
metadata:
name: hive
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 10002
---
apiVersion: v1
kind: Endpoints
metadata:
name: hive
subsets:
- addresses:
- ip: 10.52.7.28
- ip: 10.52.7.29
ports:
- name: http
port: 10002