Kubernetes 访问 api 网络
Kubenetes accsess api web
我是 Kub 的新手,我从 docker-compose 转换了我的环境,
我有一个带有 python 代码的 pod - 如果我在同一台主机上使用我的 docker 我可以访问
但是当它在 pod 上时没有流量进入,
kubectl 配置视图
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://10.10.10.130:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
api-service.yaml:
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: /snap/kompose/19/kompose-linux-amd64 convert --volumes hostPath
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: api
name: api
spec:
ports:
- name: "5001"
port: 5001
targetPort: 5001
selector:
io.kompose.service: api
status:
loadBalancer: {}
api-deployment.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: /snap/kompose/19/kompose-linux-amd64 convert --volumes hostPath
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: api
name: api
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: api
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: /snap/kompose/19/kompose-linux-amd64 convert --volumes hostPath
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: api
spec:
containers:
- image: 127.0.0.1:5000/api:latest
imagePullPolicy: "Never"
name: api
ports:
- containerPort: 5001
resources: {}
volumeMounts:
- mountPath: /base
name: api-hostpath0
restartPolicy: Always
serviceAccountName: ""
volumes:
- hostPath:
path: /root/ansible/api/base
name: api-hostpath0
status: {}
pod 日志:
* Serving Flask app 'server' (lazy loading)
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: on
* Running on all addresses.
WARNING: This is a development server. Do not use it in a production deployment.
* Running on http://10.244.0.17:5001/ (Press CTRL+C to quit)
* Restarting with stat
* Debugger is active!
* Debugger PIN: 553-272-086
我尝试访问配置视图显示的内容,我得到了:
https://10.10.10.130:6443/
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
"reason": "Forbidden",
"details": {
},
"code": 403
}
通过容器到达的路径是:
https://10.10.10.130:5001/
它没有到达容器并说像网站不存在 -
这再次适用于 docker 容器,所以我缺少什么?
谢谢
--编辑--
如果我从我进入的主机 curl http://10.244.0.17:5001/(api pod 的地址),为什么我不能从外面进入?
还尝试添加 nginx + api pod 部署
template:
spec:
hostNetwork: true
还是联系不上请帮忙
找到解决方案!
我需要将 externalIPs 添加到我的 pods service.yaml(api 和 nginx)
spec:
ports:
- name: "8443"
port: 8443
targetPort: 80
externalIPs:
- 10.10.10.130
我是 Kub 的新手,我从 docker-compose 转换了我的环境, 我有一个带有 python 代码的 pod - 如果我在同一台主机上使用我的 docker 我可以访问 但是当它在 pod 上时没有流量进入,
kubectl 配置视图
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://10.10.10.130:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
api-service.yaml:
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: /snap/kompose/19/kompose-linux-amd64 convert --volumes hostPath
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: api
name: api
spec:
ports:
- name: "5001"
port: 5001
targetPort: 5001
selector:
io.kompose.service: api
status:
loadBalancer: {}
api-deployment.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: /snap/kompose/19/kompose-linux-amd64 convert --volumes hostPath
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: api
name: api
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: api
strategy:
type: Recreate
template:
metadata:
annotations:
kompose.cmd: /snap/kompose/19/kompose-linux-amd64 convert --volumes hostPath
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: api
spec:
containers:
- image: 127.0.0.1:5000/api:latest
imagePullPolicy: "Never"
name: api
ports:
- containerPort: 5001
resources: {}
volumeMounts:
- mountPath: /base
name: api-hostpath0
restartPolicy: Always
serviceAccountName: ""
volumes:
- hostPath:
path: /root/ansible/api/base
name: api-hostpath0
status: {}
pod 日志:
* Serving Flask app 'server' (lazy loading)
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: on
* Running on all addresses.
WARNING: This is a development server. Do not use it in a production deployment.
* Running on http://10.244.0.17:5001/ (Press CTRL+C to quit)
* Restarting with stat
* Debugger is active!
* Debugger PIN: 553-272-086
我尝试访问配置视图显示的内容,我得到了: https://10.10.10.130:6443/
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
"reason": "Forbidden",
"details": {
},
"code": 403
}
通过容器到达的路径是: https://10.10.10.130:5001/ 它没有到达容器并说像网站不存在 - 这再次适用于 docker 容器,所以我缺少什么?
谢谢
--编辑--
如果我从我进入的主机 curl http://10.244.0.17:5001/(api pod 的地址),为什么我不能从外面进入?
还尝试添加 nginx + api pod 部署
template:
spec:
hostNetwork: true
还是联系不上请帮忙
找到解决方案!
我需要将 externalIPs 添加到我的 pods service.yaml(api 和 nginx)
spec:
ports:
- name: "8443"
port: 8443
targetPort: 80
externalIPs:
- 10.10.10.130