GCP GCE不允许进入K8S上由节点端口打开的端口的入口流量

时间:2020-04-24 11:49:37

标签: kubernetes google-cloud-platform 

ytong@master:~$ kubectl get service
NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP      10.96.0.1        <none>        443/TCP        4h11m
nginx        LoadBalancer   10.111.227.218   <pending>     80:31371/TCP   75m

请忽略LoadBalancer的暂挂状态。 由于我不使用GKE,而是将GCE与kubeadm一起安装的K8S一起用于在LoadBalancer服务中创建服务,因此它将永远处于PENDING状态。

ytong@master:~$ kubectl get node -o wide
NAME     STATUS   ROLES    AGE     VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION   CONTAINER-RUNTIME
master   Ready    master   4h12m   v1.18.1   10.2.0.3      <none>        Ubuntu 18.04.4 LTS   5.0.0-1034-gcp   docker://19.3.6
worker   Ready    <none>   3h41m   v1.18.1   10.2.0.4      <none>        Ubuntu 18.04.4 LTS   5.0.0-1034-gcp   docker://19.3.6

master  us-central1-f           10.2.0.3 (nic0) 35.222.140.199      
worker  us-central1-f           10.2.0.4 (nic0) 34.67.101.1     

ytong@master:~$ curl http://10.2.0.3:31371
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

ytong@master:~$ curl http://35.222.140.199:31371
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

我可以使用节点端口打开的31371端口来访问nginx服务,该服务最终映射到GCP GCE VM上的Pod上的端口80或GCP上的跳转服务器。

但是我无法通过Internet从桌面访问它。

ytong@L-AUN-11021501 MINGW64 ~
$ curl http://35.222.140.199:31371
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (56) Recv failure: Connection was reset

我认为GCP阻止了与31371端口的连接,但是我试图允许默认VPC和我创建的VPC的所有流量都容纳GCE VM,这是行不通的。

继续更新线程。

我添加了2条防火墙规则,并尝试允许tcp:31371通信流到在其上运行k8s节点端口服务的GCE VM。 enter image description here

0 个答案:

没有答案
相关问题
最新问题