-1

我试图通过负载均衡器的外部 ip 访问。但是我无法通过该 ip 连接到我的浏览器。

我在端口 80 上的连接被拒绝。我不知道我的 yaml 文件是不正确还是负载均衡器上的配置

我使用 requirements.txt 成功构建了我的 docker 映像,并将其从 GKE 加载到存储桶中,以将 docker 映像拉入 Kubernetes。

我使用以下命令部署了我的图像: kubectl create -f <filename>.yaml

使用以下 yaml 文件:

# [START kubernetes_deployment]
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: example
  labels:
    app: example
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: example
    spec:
      containers:
      - name: faxi
        image: gcr.io/<my_id_stands_here>/<bucketname>
        command: ["python3", "manage.py", "runserver"]
        env:
            # [START cloudsql_secrets]
            - name: DATABASE_USER
              valueFrom:
                secretKeyRef:
                  name: cloudsql
                  key: username
            - name: DATABASE_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: cloudsql
                  key: password
            # [END cloudsql_secrets]
        ports:
        - containerPort: 8080

      # [START proxy_container]
      - image: b.gcr.io/cloudsql-docker/gce-proxy:1.05
        name: cloudsql-proxy
        command: ["/cloud_sql_proxy", "--dir=/cloudsql",
                  "-instances=<I put here my instance name inside>",
                  "-credential_file=<my_credential_file"]
        volumeMounts:
          - name: cloudsql-oauth-credentials
            mountPath: /secrets/cloudsql
            readOnly: true
          - name: ssl-certs
            mountPath: /etc/ssl/certs
          - name: cloudsql
            mountPath: /cloudsql
      # [END proxy_container] 
      # [START volumes]
      volumes:
        - name: cloudsql-oauth-credentials
          secret:
            secretName: cloudsql-oauth-credentials
        - name: ssl-certs
          hostPath:
            path: /etc/ssl/certs
        - name: cloudsql
          emptyDir:
      # [END volumes]        
# [END kubernetes_deployment]

---

# [START service]
apiVersion: v1
kind: Service
metadata:
  name: example
  labels:
    app: example
spec:
  type: LoadBalancer
  ports:
  - port: 80
    targetPort: 8080
  selector:
    app: example
# [END service]

它工作正常我有下面的输出kubectl get pods

NAME                    READY   STATUS    RESTARTS   AGE
mypodname.            2/2     Running             0           21h

kubectl get services

NAME         TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)        AGE
example      LoadBalancer   10.xx.xxx.xxx   34.xx.xxx.xxx   80:30833/TCP   21h
kubernetes   ClusterIP      10.xx.xxx.x     <none>          443/TCP        23h

kubectl describe services example 给我以下输出

Name:                     example
Namespace:                default
Labels:                   app=example
Annotations:              <none>
Selector:                 app=example
Type:                     LoadBalancer
IP:                       10.xx.xxx.xxx
LoadBalancer Ingress:     34.xx.xxx.xxx
Port:                     <unset>  80/TCP
TargetPort:               8080/TCP
NodePort:                 <unset>  30833/TCP
Endpoints:                10.xx.x.xx:8080
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

但是我无法通过 curl 或浏览器连接到我的 rest api 我尝试连接<external_ip>:80并获得一个connection refused on this port

我用Nmap扫描了外部 ip,它显示端口 80 已关闭。但我不确定这是否是原因。我的 nmap 输出:

PORT     STATE  SERVICE
80/tcp   closed http
554/tcp  open   rtsp
7070/tcp open   realserver

谢谢你们的帮助

4

1 回答 1

0

请创建一个入口防火墙规则以允许所有节点通过端口 30833 进行流量,因为它应该可以解决问题。

于 2020-01-17T17:40:46.980 回答