docker - 无法在公共 GKE 集群中的 pod 上访问互联网

Question

无法在公共 GKE 集群中的 pod 上访问互联网

我使用 gke(1.16.13-gke.1) 作为测试环境。我正在部署一个 spring-boot 应用程序，它在 gke 集群上成功运行。问题是它无法与互联网通信。

这是我的部署清单。

apiVersion: apps/v1
kind: Deployment
metadata:
  name: auth
  namespace: lms-ff
spec:
  replicas: 1
  selector:
    matchLabels:
      app: auth
  template:
    metadata:
      labels:
        app: auth
    spec:
      containers:
        - name: auth
          image: gcr.io/sams-api:0.0.1.4.ms1
          ports:
          - containerPort: 8095
          envFrom:
            - configMapRef:
                name: auth-properties 
            

---

apiVersion: v1
kind: Service
metadata:
  name: gcp-auth-service
  namespace: lms-ff  
spec:
  selector:
    app: auth
  type: ClusterIP
  ports:
  - protocol: TCP
    port: 8095
    targetPort: 8095   

这是我得到的错误。

api-556c56df4b-pdtk9:/home/misyn/app# ping 4.2.2.2
PING 4.2.2.2 (4.2.2.2): 56 data bytes
64 bytes from 4.2.2.2: seq=0 ttl=59 time=10.762 ms
64 bytes from 4.2.2.2: seq=1 ttl=59 time=10.831 ms
64 bytes from 4.2.2.2: seq=2 ttl=59 time=10.932 ms
64 bytes from 4.2.2.2: seq=3 ttl=59 time=10.798 ms
^C
--- 4.2.2.2 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 10.762/10.830/10.932 ms
api-556c56df4b-pdtk9:/home/misyn/app# telnet 220.247.246.105 9010
Connection closed by foreign host

udayanga@udayanga-PC:~/Desktop/kubernetes$ kubectl get all -n lms-ff
NAME                           READY   STATUS    RESTARTS   AGE
pod/api-556c56df4b-pdtk9       1/1     Running   0          6h27m
pod/auth-77c755b854-7bqts      1/1     Running   0          4h57m
pod/mariadb-555bcb6d95-5x6wx   1/1     Running   0          15h
pod/middle-767558df89-kc7kz    1/1     Running   0          12h
pod/portal-cf84d7845-vvxl7     1/1     Running   0          105m
pod/redis-b467466b5-ndlgb      1/1     Running   0          15h
pod/web-5b967cd44c-lbmnk       1/1     Running   0          103m

NAME                          TYPE           CLUSTER-IP    EXTERNAL-IP      PORT(S)        AGE
service/gcp-api-service       ClusterIP      10.0.13.15    <none>           8091/TCP       6h27m
service/gcp-auth-service      ClusterIP      10.0.6.154    <none>           8095/TCP       4h57m
service/gcp-mariadb-service   ClusterIP      10.0.14.196   <none>           3306/TCP       15h
service/gcp-middle-service    ClusterIP      10.0.3.26     <none>           8093/TCP       6h49m
service/gcp-portal-service    ClusterIP      10.0.1.229    <none>           8090/TCP       105m
service/gcp-redis-service     ClusterIP      10.0.2.188    <none>           6379/TCP       15h
service/gcp-web-service       LoadBalancer   10.0.3.141    static-ip  80:30376/TCP   14h

NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/api       1/1     1            1           6h27m
deployment.apps/auth      1/1     1            1           4h57m
deployment.apps/mariadb   1/1     1            1           15h
deployment.apps/middle    1/1     1            1           12h
deployment.apps/portal    1/1     1            1           105m
deployment.apps/redis     1/1     1            1           15h
deployment.apps/web       1/1     1            1           103m

NAME                                 DESIRED   CURRENT   READY   AGE
replicaset.apps/api-556c56df4b       1         1         1       6h28m
replicaset.apps/auth-77c755b854      1         1         1       4h57m
replicaset.apps/mariadb-555bcb6d95   1         1         1       15h
replicaset.apps/middle-767558df89    1         1         1       12h
replicaset.apps/portal-cf84d7845     1         1         1       105m
replicaset.apps/redis-b467466b5      1         1         1       15h
replicaset.apps/web-5b967cd44c       1         1         1       103m
udayanga@udayanga-PC:~/Desktop/kubernetes$ 

Answer 1

您的服务类型是

apiVersion: v1
kind: Service
metadata:
  name: gcp-auth-service
  namespace: lms-ff  
spec:
  selector:
    app: auth
  type: ClusterIP
  ports:
  - protocol: TCP
    port: 8095
    targetPort: 8095

如果要将服务公开到 Internet，则ClusterIP应该是 LoadBalancer 或 NodePort。

集群 IP：服务只能在集群内部访问。

负载均衡器：使用 IP 地址将服务公开到 Internet

节点端口：它通过端口向互联网公开服务并使用节点 IP。

阅读更多：https ://kubernetes.io/docs/concepts/services-networking/service/

您可以将服务类型更改为LoadBalancer并运行命令

kubectl get svc

您将看到带有 IP 地址的服务并从浏览器中点击该 IP 地址，您将能够访问该服务。

https://cloud.google.com/kubernetes-engine/docs/how-to/exposing-apps#creating_a_service_of_type_loadbalancer

Answer 2

您的服务文件定义了一个 ClusterIP 类型，该类型提供只能在 Kubernetes 集群中访问的 IP 地址。这是 Kubernetes 默认提供的内部 IP。

您应该定义一个 NodePort 类型的服务文件，它为您的节点提供一个外部 IP 地址。然后将节点的 IP 地址与服务文件中定义的 NodePort 编号结合起来。

结果地址应该是这种格式 ->EXTERNAL_IP:NodePort

不要忘记创建允许进入节点的流量的防火墙规则。

请查看此文档以获取有关如何执行此操作的详细步骤。