在我的 microk8s 服务器上,我创建了一个通过 NodePort 公开的 kubernetes 服务,但它拒绝连接。我不确定为什么。无论我尝试 telnet 到 NodePort 端口(31000),它总是拒绝连接。监听端口 32000 的 microk8s 插件(注册表)提供了类似的服务。从主机本身远程登录到该端口就像从外部一样工作正常。没有防火墙正在运行,ufw 被禁用。
这是服务:
apiVersion: v1
kind: Service
metadata:
namespace: openvpn
name: openvpn
labels:
app: openvpn
spec:
selector:
app: openvpn
type: NodePort
ports:
- name: openvpn
nodePort: 31000
port: 1194
targetPort: 1194
status:
loadBalancer: {}
这是我的部署:
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: openvpn
name: openvpn
labels:
app: openvpn
spec:
replicas: 1
selector:
matchLabels:
app: openvpn
template:
metadata:
labels:
app: openvpn
spec:
containers:
- image: private.registry.com/myovpn:1
name: openvpn-server
imagePullPolicy: Always
ports:
- containerPort: 1194
securityContext:
capabilities:
add:
- NET_ADMIN
这是创建的服务:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
openvpn NodePort 10.152.183.80 <none> 1194:31000/UDP 9m19s
这是它的描述:
Name: openvpn
Namespace: openvpn
Labels: app=openvpn
app.kubernetes.io/managed-by=Helm
Annotations: meta.helm.sh/release-name: openvpn
meta.helm.sh/release-namespace: openvpn
Selector: app=openvpn
Type: NodePort
IP Families: <none>
IP: 10.152.183.80
IPs: 10.152.183.80
Port: openvpn 1194/UDP
TargetPort: 1194/TCP
NodePort: openvpn 31000/UDP
Endpoints: 10.1.246.217:1194
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
端点存在:
NAME ENDPOINTS AGE
openvpn 10.1.246.228:1194 110m
获取节点 - owide 输出:
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
hostname Ready <none> 24d v1.20.7-34+df7df22a741dbc 194.xxx.xxx.xxx <none> Ubuntu 20.04.2 LTS 5.4.0-73-generic containerd://1.3.7
Dockerfile 非常简单。只是基础:
FROM alpine:3
ENV HOST=""
RUN apk add openvpn
RUN mkdir -p /opt/openvpn/sec
COPY ./run.sh /opt/openvpn
RUN chmod +x /opt/openvpn/run.sh
COPY ./openvpn.conf /opt/openvpn
COPY ./sec/srv.key /opt/openvpn/sec
COPY ./sec/srv.crt /opt/openvpn/sec
COPY ./sec/ca.crt /opt/openvpn/sec
COPY ./sec/dh2048.pem /opt/openvpn/sec
ENTRYPOINT ["/bin/sh", "/opt/openvpn/run.sh"]
和运行脚本:
#!/bin/sh
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
openvpn --config /opt/openvpn/openvpn.conf --local 0.0.0.0
没什么特别的。任何想法为什么它不起作用?