0

在我的 microk8s 服务器上,我创建了一个通过 NodePort 公开的 kubernetes 服务,但它拒绝连接。我不确定为什么。无论我尝试 telnet 到 NodePort 端口(31000),它总是拒绝连接。监听端口 32000 的 microk8s 插件(注册表)提供了类似的服务。从主机本身远程登录到该端口就像从外部一样工作正常。没有防火墙正在运行,ufw 被禁用。

这是服务:

apiVersion: v1
kind: Service
metadata:
  namespace: openvpn
  name: openvpn
  labels:
    app: openvpn
spec:
  selector:
    app: openvpn
  type: NodePort
  ports:
    - name: openvpn
      nodePort: 31000
      port: 1194
      targetPort: 1194
status:
  loadBalancer: {}

这是我的部署:

apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: openvpn
  name: openvpn
  labels:
    app: openvpn
spec:
  replicas: 1
  selector:
    matchLabels:
      app: openvpn
  template:
    metadata:
      labels:
        app: openvpn
    spec:
      containers:
      - image: private.registry.com/myovpn:1
        name: openvpn-server
        imagePullPolicy: Always
        ports:
        - containerPort: 1194
        securityContext:
          capabilities:
            add:
              - NET_ADMIN

这是创建的服务:

NAME      TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
openvpn   NodePort   10.152.183.80   <none>        1194:31000/UDP   9m19s

这是它的描述:

Name:                     openvpn
Namespace:                openvpn
Labels:                   app=openvpn
                          app.kubernetes.io/managed-by=Helm
Annotations:              meta.helm.sh/release-name: openvpn
                          meta.helm.sh/release-namespace: openvpn
Selector:                 app=openvpn
Type:                     NodePort
IP Families:              <none>
IP:                       10.152.183.80
IPs:                      10.152.183.80
Port:                     openvpn  1194/UDP
TargetPort:               1194/TCP
NodePort:                 openvpn  31000/UDP
Endpoints:                10.1.246.217:1194
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

端点存在:

NAME      ENDPOINTS           AGE
openvpn   10.1.246.228:1194   110m

获取节点 - owide 输出:

NAME       STATUS   ROLES    AGE   VERSION                     INTERNAL-IP      EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION     CONTAINER-RUNTIME
hostname   Ready    <none>   24d   v1.20.7-34+df7df22a741dbc   194.xxx.xxx.xxx  <none>        Ubuntu 20.04.2 LTS   5.4.0-73-generic   containerd://1.3.7

Dockerfile 非常简单。只是基础:

FROM alpine:3

ENV HOST=""
RUN apk add openvpn
RUN mkdir -p /opt/openvpn/sec

COPY ./run.sh /opt/openvpn
RUN chmod +x /opt/openvpn/run.sh

COPY ./openvpn.conf /opt/openvpn
COPY ./sec/srv.key /opt/openvpn/sec
COPY ./sec/srv.crt /opt/openvpn/sec
COPY ./sec/ca.crt /opt/openvpn/sec
COPY ./sec/dh2048.pem /opt/openvpn/sec

ENTRYPOINT ["/bin/sh", "/opt/openvpn/run.sh"]

和运行脚本:

#!/bin/sh
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
openvpn --config /opt/openvpn/openvpn.conf --local 0.0.0.0

没什么特别的。任何想法为什么它不起作用?

4

0 回答 0