Question

团队，

当前，我们已经设置了具有单个主节点和单个工作节点的kubernetes集群。

[root@k8s-master ~]# kubectl get nodes
NAME                                           STATUS   ROLES    AGE   VERSION
ip-172-31-18-129.ap-south-1.compute.internal   Ready    <none>   15h   v1.15.0
k8s-master                                     Ready    master   15h   v1.15.0

[root@k8s-master ~]# kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP        15h
nodeport     NodePort    10.104.192.11   <none>        80:30385/TCP   4s

[root@k8s-master ~]# kubectl get pod -o wide
NAME                     READY   STATUS    RESTARTS   AGE   IP          NODE                                           NOMINATED NODE   READINESS GATES
nginx-554b9c67f9-wcsds   1/1     Running   1          15h   10.44.0.1   ip-172-31-18-129.ap-south-1.compute.internal   <none>           <none>
[root@k8s-master ~]# curl -v 172.31.18.129:30385
* Rebuilt URL to: 172.31.18.129:30385/
*   Trying 172.31.18.129...
* TCP_NODELAY set

这里使用我的工作程序节点ip从主服务器访问我的容器。虽然我可以通过集群ip从工作节点访问，请在下面找到输出：

[root@ip-172-31-18-129 ~]# curl 10.104.192.11
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

我期望发生什么？

Nginx容器假定可以使用工作节点IP地址从主服务器进行访问，但是由于某些原因而无法这样做。

Kubernetes版本（使用kubectl版本）：

[root@k8s-master ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.0", GitCommit:"e8462b5b5dc2584fdcd18e6bcfe9f1e4d970a529", GitTreeState:"clean", BuildDate:"2019-06-19T16:40:16Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.0", GitCommit:"e8462b5b5dc2584fdcd18e6bcfe9f1e4d970a529", GitTreeState:"clean", BuildDate:"2019-06-19T16:32:14Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}

[root@k8s-master ~]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.0", GitCommit:"e8462b5b5dc2584fdcd18e6bcfe9f1e4d970a529", GitTreeState:"clean", BuildDate:"2019-06-19T16:37:41Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}

Cloud provider or hardware configuration: AWS EC2 instances

OS (e.g: cat /etc/os-release): RHEL 8
Kernel (e.g. uname -a):
[root@k8s-master ~]# uname -a
Linux k8s-master 4.18.0-80.4.2.el8_0.x86_64 #1 SMP Fri Jun 14 13:20:24 UTC 2019 x86_64 x86_64 x86_64 GNU/L

感谢您的帮助。在此先感谢!!!

Answer 1

检查下面的链接。由于您已经在云环境中托管了工作节点，因此您需要通过Ingress资源来实现这一点

https://serverfault.com/questions/946546/how-to-externally-access-a-kubernetes-service-of-type-as-nodeport-using-ec2-p

Answer 2

听起来您的云提供商防火墙可能阻止了外部访问。确保您已允许高端口 (30385)。

请注意，在生产中不建议这样做，仅用于开发和测试。否则，您将需要按照 mhsundar 的回答中的说明设置入口。

Kubernetes-无法使用节点端口访问容器

2 个答案: