Digital Ocean Kubernetes:无法从浏览器访问 Nodeport
Digital Ocean Kubernetes: Nodeport not accessible from browser
我已经使用 DOKS 设置了一个 k8s 集群(1 节点集群)。该服务 运行 使用 nodeport 配置没问题。但是,我无法使用 http://${NodeIP}:${NodePort} 从浏览器访问它。我什至尝试添加防火墙规则,但在尝试添加新的入站 TCP 规则时出现 error response from backend。不是有用的错误消息!
Curl 和 Telnet 也失败了。
请在下面找到我的 dockerfile、部署和服务 yaml 文件。
Dockerfile
FROM nginx:1.21.1
COPY build/ /usr/share/nginx/html
RUN rm /etc/nginx/conf.d/default.conf
COPY nginx/nginx.conf /etc/nginx/conf.d
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]
服务 YAML 文件
kind: Service
apiVersion: v1
metadata:
name: int
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
protocol: TCP
nodePort: 31000
selector:
app: int
部署 YAML
kind: Deployment
apiVersion: apps/v1
metadata:
name: int
spec:
replicas: 2
selector:
matchLabels:
app: int
template:
metadata:
labels:
app: int
spec:
containers:
- name: int
image: registry.digitalocean.com/xxxxx/int:latest
imagePullPolicy: Always
ports:
- containerPort: 80
restartPolicy: Always
Kubectl 获取 pods 输出
root@ast-a1:~# kubectl get pods
NAME READY STATUS RESTARTS AGE
int-7cc5445c7-hnwvp 1/1 Running 0 3h14m
int-7cc5445c7-qtr6n 1/1 Running 0 3h14m
Kubectl 获取 svc 输出
root@ast-a1:~# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
int NodePort 10.xxx.xx.xx <none> 80:31000/TCP 152m
kubernetes ClusterIP 10.xxx.x.x <none> 443/TCP 3d3h
回应
我是不是哪里弄错了?我只是在试用 DOKS。
编辑:
添加了 tracert 输出。
C:\Users\ck5>tracert 1xx.xx.xx.xxx
Tracing route to 1xx.xx.xx.xxx over a maximum of 30 hops
1 * * * Request timed out.
2 * * * Request timed out.
3 4 ms 2 ms 3 ms 1x.1xx.xx.xx.static-hydrabad.vsnl.net.in [1x.1xx.xx.xx]
4 * * * Request timed out.
5 49 ms 52 ms 12 ms 2xx.6x.xxx.xxx.static-bangalore.vsnl.net.in [2xx.xx.xxx.xxx]
6 13 ms 12 ms 110 ms 1xx.1xx.2xx.15
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
看起来像是安全组或防火墙问题。 运行 使用浏览器从机器到目标 IP 的跟踪路由。
如果在最后一跳停止,很可能是安全组不允许从源子网连接到您的端口。
如果 traceroute 在中间停止,则更有可能是防火墙问题。
首先尝试使用端口转发命令
验证您的服务是否正常运行&运行
kubectl port-forward svc/int -n <Namepsace name> 8080:80
在浏览器中打开localhost:8080
这样你可以先验证运行是否为运行并给出输出。
我也希望你在 Nginx docker 图像中添加的配置是正确的,也检查 pod 的日志一次以验证 POD 中没有问题。
现在,如果服务正在提供输出,Nodeport 端或 firewall 端就会出现问题。
我已经使用 DOKS 设置了一个 k8s 集群(1 节点集群)。该服务 运行 使用 nodeport 配置没问题。但是,我无法使用 http://${NodeIP}:${NodePort} 从浏览器访问它。我什至尝试添加防火墙规则,但在尝试添加新的入站 TCP 规则时出现 error response from backend。不是有用的错误消息!
Curl 和 Telnet 也失败了。
请在下面找到我的 dockerfile、部署和服务 yaml 文件。
Dockerfile
FROM nginx:1.21.1
COPY build/ /usr/share/nginx/html
RUN rm /etc/nginx/conf.d/default.conf
COPY nginx/nginx.conf /etc/nginx/conf.d
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]
服务 YAML 文件
kind: Service
apiVersion: v1
metadata:
name: int
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
protocol: TCP
nodePort: 31000
selector:
app: int
部署 YAML
kind: Deployment
apiVersion: apps/v1
metadata:
name: int
spec:
replicas: 2
selector:
matchLabels:
app: int
template:
metadata:
labels:
app: int
spec:
containers:
- name: int
image: registry.digitalocean.com/xxxxx/int:latest
imagePullPolicy: Always
ports:
- containerPort: 80
restartPolicy: Always
Kubectl 获取 pods 输出
root@ast-a1:~# kubectl get pods
NAME READY STATUS RESTARTS AGE
int-7cc5445c7-hnwvp 1/1 Running 0 3h14m
int-7cc5445c7-qtr6n 1/1 Running 0 3h14m
Kubectl 获取 svc 输出
root@ast-a1:~# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
int NodePort 10.xxx.xx.xx <none> 80:31000/TCP 152m
kubernetes ClusterIP 10.xxx.x.x <none> 443/TCP 3d3h
回应
我是不是哪里弄错了?我只是在试用 DOKS。
编辑:
添加了 tracert 输出。
C:\Users\ck5>tracert 1xx.xx.xx.xxx
Tracing route to 1xx.xx.xx.xxx over a maximum of 30 hops
1 * * * Request timed out.
2 * * * Request timed out.
3 4 ms 2 ms 3 ms 1x.1xx.xx.xx.static-hydrabad.vsnl.net.in [1x.1xx.xx.xx]
4 * * * Request timed out.
5 49 ms 52 ms 12 ms 2xx.6x.xxx.xxx.static-bangalore.vsnl.net.in [2xx.xx.xxx.xxx]
6 13 ms 12 ms 110 ms 1xx.1xx.2xx.15
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
看起来像是安全组或防火墙问题。 运行 使用浏览器从机器到目标 IP 的跟踪路由。
如果在最后一跳停止,很可能是安全组不允许从源子网连接到您的端口。
如果 traceroute 在中间停止,则更有可能是防火墙问题。
首先尝试使用端口转发命令
验证您的服务是否正常运行&运行kubectl port-forward svc/int -n <Namepsace name> 8080:80
在浏览器中打开localhost:8080
这样你可以先验证运行是否为运行并给出输出。
我也希望你在 Nginx docker 图像中添加的配置是正确的,也检查 pod 的日志一次以验证 POD 中没有问题。
现在,如果服务正在提供输出,Nodeport 端或 firewall 端就会出现问题。