0

我已经使用 DOKS 建立了一个 k8s 集群(1 个节点集群)。该服务在 nodeport 配置下运行良好。但是,我无法使用http://${NodeIP}:${NodePort}浏览器访问它。我什至尝试添加防火墙规则,但我error response from backend在尝试添加新的入站 TCP 规则时遇到了问题。不是有用的错误信息!

Curl 和 Telnet 也失败了。

请在下面找到我的 dockerfile、部署和服务 yaml 文件。

Dockerfile

FROM nginx:1.21.1
COPY build/ /usr/share/nginx/html
RUN rm /etc/nginx/conf.d/default.conf
COPY nginx/nginx.conf /etc/nginx/conf.d
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]

服务 YAML 文件

kind: Service
apiVersion: v1
metadata:
  name: int
spec:
  type: NodePort
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
      nodePort: 31000
  selector:
    app: int

部署 YAML

kind: Deployment
apiVersion: apps/v1
metadata:
  name: int
spec:
  replicas: 2
  selector:
    matchLabels:
      app: int
  template:
    metadata:
      labels:
        app: int
    spec:
      containers:
        - name: int
          image: registry.digitalocean.com/xxxxx/int:latest
          imagePullPolicy: Always
          ports:
            - containerPort: 80
      restartPolicy: Always

Kubectl 获取 pod 输出

root@ast-a1:~# kubectl get pods
NAME                         READY   STATUS    RESTARTS   AGE
int-7cc5445c7-hnwvp      1/1     Running   0          3h14m
int-7cc5445c7-qtr6n      1/1     Running   0          3h14m

Kubectl 获取 svc 输出

root@ast-a1:~# kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
int          NodePort    10.xxx.xx.xx    <none>        80:31000/TCP   152m
kubernetes   ClusterIP   10.xxx.x.x      <none>        443/TCP        3d3h

响应

在此处输入图像描述

我在某个地方犯了错误吗?我只是在尝试 DOKS。

编辑:

添加了跟踪输出。

C:\Users\ck5>tracert 1xx.xx.xx.xxx

Tracing route to 1xx.xx.xx.xxx over a maximum of 30 hops

  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
  3     4 ms     2 ms     3 ms  1x.1xx.xx.xx.static-hydrabad.vsnl.net.in [1x.1xx.xx.xx]
  4     *        *        *     Request timed out.
  5    49 ms    52 ms    12 ms  2xx.6x.xxx.xxx.static-bangalore.vsnl.net.in [2xx.xx.xxx.xxx]
  6    13 ms    12 ms   110 ms  1xx.1xx.2xx.15
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
 25     *        *        *     Request timed out.
 26     *        *        *     Request timed out.
 27     *        *        *     Request timed out.
 28     *        *        *     Request timed out.
 29     *        *        *     Request timed out.
 30     *        *        *     Request timed out.

Trace complete.
4

2 回答 2

3

看起来像安全组或防火墙问题。使用浏览器从机器运行到目标 IP 的跟踪路由。

如果它在最后一跳停止,则很可能是安全组不允许从源子网连接到您的端口。

如果 traceroute 在中间停止,则更有可能是防火墙问题。

于 2021-08-02T14:04:44.197 回答
0

首先尝试使用 port-forward 命令验证您的服务是否已启动并正在运行

kubectl port-forward svc/int -n <Namepsace name> 8080:80

localhost:8080在浏览器中打开

这样,您可以首先验证运行是否正在运行并提供输出。

我还希望您在Nginx docker 映像中添加的配置正确,请检查 pod 的日志一次以验证 POD 中没有问题。

现在,如果服务正在提供输出,则Nodeport现在或侧面存在问题firewall

于 2021-08-02T14:12:25.250 回答