Kubernetes 可以连接两个集群 IP 服务吗?
Could two cluster IP services be connected in Kubernetes?
情况是我想连接一个租户内的两个集群 IP 服务,该租户已经将 Traefik 作为 NodePort,以便这两个服务中的任何一个都可以是 LoadBalancer,因为 NodePort 被 Traefik 使用。
我尝试连接的两个服务的工作方式如下。第一个,我称之为 "Master",将从客户端收到带有文本的 post,并将调用另一个名为 "slave" 的服务,后者将添加一些文本("Hola Patri") 到客户端发送的文本。这两个服务是Docker镜像中app.py定义的flask服务。您可以在下面的两张图片中看到 app.py:
master/app.py
from flask import Flask, request
import requests
app = Flask(__name__)
@app.route("/", methods = ['GET', 'POST'])
def put():
if request.method == 'POST':
text = request.get_data()
r = requests.post("http://slave:5001",data=text)
result = r.text
return result
if __name__ == '__main__':
app.run(host="0.0.0.0", port=5000, debug=True)
slave/app.py
from flask import Flask, request
app = Flask(__name__)
@app.route("/", methods = ['GET', 'POST'])
def put():
if request.method == 'POST':
text = request.get_data()
#text = request.data
texto_final = str(text) + 'Hola Patri'
return texto_final
if __name__ == '__main__':
app.run(host="0.0.0.0", port=5001, debug=True)
部署和服务的配置在两个 yaml 中定义:master_src.yaml 和 slave_src.yaml。
master_src.yaml
kind: Namespace
apiVersion: v1
metadata:
name: innovation
labels:
name: innovation
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: master
namespace: innovation
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
- name: master
imagePullPolicy: Always
securityContext:
runAsUser: 1000
runAsNonRoot: true
image: reg-dhc.app.corpintra.net/galiani/innovation:mastertest
ports:
- protocol: TCP
containerPort: 5000
imagePullSecrets:
- name: galiani-innovation-pull-secret
---
apiVersion: v1
kind: Service
metadata:
name: master
namespace: innovation
spec:
ports:
- protocol: TCP
port: 5000
targetPort: 5000
selector:
app: myapp
slave_src.yaml
kind: Namespace
apiVersion: v1
metadata:
name: innovation
labels:
name: innovation
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: slave
namespace: innovation
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
- name: slave
imagePullPolicy: Always
securityContext:
runAsUser: 1000
runAsNonRoot: true
image: reg-dhc.app.corpintra.net/galiani/innovation:slavetest
ports:
- protocol: TCP
containerPort: 5001
imagePullSecrets:
- name: galiani-innovation-pull-secret
---
apiVersion: v1
kind: Service
metadata:
name: slave
namespace: innovation
spec:
selector:
app: myapp
ports:
- protocol: TCP
port: 5001
targetPort: 5001
我还创建了一个网络策略来允许两个服务之间的流量。用于定义网络策略的 yaml 如下。
networkpolicy_src.yaml
kind: NetworkPolicy
apiVersion: extensions/v1beta1
metadata:
name: ingress-to-all
namespace: innovation
spec:
podSelector:
matchLabels:
app: myapp
ingress:
- from:
- podSelector:
matchLabels:
app: myapp
ports:
- port: 5000
protocol: TCP
- port: 5001
protocol: TCP
policyTypes:
- Ingress
主服务和从服务之间的连接不工作。我可以独立访问主从。然而,当我尝试向主服务器(使用 curl)创建 POST 并且它应该连接到从服务器时,我收到以下错误:
curl: (52) Empty reply from server
提前感谢您的帮助!
关于使用 traefik 连接的新问题。这是 trafik ingress 的 yaml:
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-innovation
namespace: innovation
annotations:
traefik.frontend.rule.type: PathPrefixStrip
spec:
rules:
- http:
paths:
- path: /master
backend:
serviceName: master
servicePort: 5000
- path: /slave
backend:
serviceName: slave
servicePort: 5001
我也更正了 networkpolicy yaml,现在是:
kind: NetworkPolicy
apiVersion: extensions/v1beta1
metadata:
name: master-to-slave
namespace: innovation
spec:
podSelector:
matchLabels:
app: app-slave
ingress:
- ports:
- port: 5000
protocol: TCP
- port: 5001
protocol: TCP
- from:
- namespaceSelector:
matchLabels:
app: app-master
再次感谢您的帮助!
问题可能是主控和从属具有相同的标签 app: myapp。将主部署和服务的标签更改为 app: master,从属部署和服务的标签更改为 app: slave。
情况是我想连接一个租户内的两个集群 IP 服务,该租户已经将 Traefik 作为 NodePort,以便这两个服务中的任何一个都可以是 LoadBalancer,因为 NodePort 被 Traefik 使用。
我尝试连接的两个服务的工作方式如下。第一个,我称之为 "Master",将从客户端收到带有文本的 post,并将调用另一个名为 "slave" 的服务,后者将添加一些文本("Hola Patri") 到客户端发送的文本。这两个服务是Docker镜像中app.py定义的flask服务。您可以在下面的两张图片中看到 app.py:
master/app.py
from flask import Flask, request
import requests
app = Flask(__name__)
@app.route("/", methods = ['GET', 'POST'])
def put():
if request.method == 'POST':
text = request.get_data()
r = requests.post("http://slave:5001",data=text)
result = r.text
return result
if __name__ == '__main__':
app.run(host="0.0.0.0", port=5000, debug=True)
slave/app.py
from flask import Flask, request
app = Flask(__name__)
@app.route("/", methods = ['GET', 'POST'])
def put():
if request.method == 'POST':
text = request.get_data()
#text = request.data
texto_final = str(text) + 'Hola Patri'
return texto_final
if __name__ == '__main__':
app.run(host="0.0.0.0", port=5001, debug=True)
部署和服务的配置在两个 yaml 中定义:master_src.yaml 和 slave_src.yaml。
master_src.yaml
kind: Namespace
apiVersion: v1
metadata:
name: innovation
labels:
name: innovation
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: master
namespace: innovation
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
- name: master
imagePullPolicy: Always
securityContext:
runAsUser: 1000
runAsNonRoot: true
image: reg-dhc.app.corpintra.net/galiani/innovation:mastertest
ports:
- protocol: TCP
containerPort: 5000
imagePullSecrets:
- name: galiani-innovation-pull-secret
---
apiVersion: v1
kind: Service
metadata:
name: master
namespace: innovation
spec:
ports:
- protocol: TCP
port: 5000
targetPort: 5000
selector:
app: myapp
slave_src.yaml
kind: Namespace
apiVersion: v1
metadata:
name: innovation
labels:
name: innovation
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: slave
namespace: innovation
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
- name: slave
imagePullPolicy: Always
securityContext:
runAsUser: 1000
runAsNonRoot: true
image: reg-dhc.app.corpintra.net/galiani/innovation:slavetest
ports:
- protocol: TCP
containerPort: 5001
imagePullSecrets:
- name: galiani-innovation-pull-secret
---
apiVersion: v1
kind: Service
metadata:
name: slave
namespace: innovation
spec:
selector:
app: myapp
ports:
- protocol: TCP
port: 5001
targetPort: 5001
我还创建了一个网络策略来允许两个服务之间的流量。用于定义网络策略的 yaml 如下。
networkpolicy_src.yaml
kind: NetworkPolicy
apiVersion: extensions/v1beta1
metadata:
name: ingress-to-all
namespace: innovation
spec:
podSelector:
matchLabels:
app: myapp
ingress:
- from:
- podSelector:
matchLabels:
app: myapp
ports:
- port: 5000
protocol: TCP
- port: 5001
protocol: TCP
policyTypes:
- Ingress
主服务和从服务之间的连接不工作。我可以独立访问主从。然而,当我尝试向主服务器(使用 curl)创建 POST 并且它应该连接到从服务器时,我收到以下错误:
curl: (52) Empty reply from server
提前感谢您的帮助!
关于使用 traefik 连接的新问题。这是 trafik ingress 的 yaml:
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-innovation
namespace: innovation
annotations:
traefik.frontend.rule.type: PathPrefixStrip
spec:
rules:
- http:
paths:
- path: /master
backend:
serviceName: master
servicePort: 5000
- path: /slave
backend:
serviceName: slave
servicePort: 5001
我也更正了 networkpolicy yaml,现在是:
kind: NetworkPolicy
apiVersion: extensions/v1beta1
metadata:
name: master-to-slave
namespace: innovation
spec:
podSelector:
matchLabels:
app: app-slave
ingress:
- ports:
- port: 5000
protocol: TCP
- port: 5001
protocol: TCP
- from:
- namespaceSelector:
matchLabels:
app: app-master
再次感谢您的帮助!
问题可能是主控和从属具有相同的标签 app: myapp。将主部署和服务的标签更改为 app: master,从属部署和服务的标签更改为 app: slave。