0
我已经有了Azure云3台Ubuntu机器的以下群集:Kubernetes:外部服务不可用从Azure云所有的爪牙
172.16.0.7 (master)
172.16.0.4 (kube-01)
172.16.0.5 (kube-02)
在172.16.0.4 (kube-01)我有一个叫做出版商荚与端口暴露。为了使提供给世界,我定义了如下服务:
"id": "publisher-service",
"kind": "Service",
"apiVersion": "v1beta1",
"port": 8181,
"containerPort": 8080,
"publicIPs": ["172.16.0.4", "172.16.0.5"],
"selector": {
"group": "abc",
"component": "publisher"
},
"labels": {
"group": "abc"
}
172.16.0.4和172.16.0.5是内部IP Addressess(天青换算)为kube-01和kube-02分别在
172.16.0.4 (kube-01)我有将公有端口设置为并将私有端口设置为 定义的Azure端点
在
172.16.0.5 (kube-02)我得设置为以及私用端口公共端口定义的Azure的端点设置为
有了这样的设置,我可以用我的VM虚拟公众成功访问publisher-service IP(VIP)地址和端口。
但是我认为那些是还能够使用相同的VIP地址和端口到达publisher-service(因为它被映射到端口上kube-02)。相反curl报告Recv failure: Connection reset by peer。
我在这里做错了什么吗?也许我对Kubernetes External Services的理解是不正确的(因此我的期望是错误的)?
我也注意到在/var/log/upstart/kube-proxy以下条目记录:
E0404 17:36:33.371889 1661 proxier.go:82] Dial failed: dial tcp 10.0.86.26:8080: i/o timeout
E0404 17:36:33.371951 1661 proxier.go:110] Failed to connect to balancer: failed to connect to an endpoint.
这里是172.16.0.5 (kube-02)捕获iptables -L -t nat输出的一部分:
Chain KUBE-PORTALS-CONTAINER (1 references)
target prot opt source destination
REDIRECT tcp -- anywhere 11.1.1.2 /* kubernetes */ tcp dpt:https redir ports 45717
REDIRECT tcp -- anywhere 11.1.1.1 /* kubernetes-ro */ tcp dpt:http redir ports 34122
REDIRECT tcp -- anywhere 11.1.1.221 /* publisher-service */ tcp dpt:8181 redir ports 48046
REDIRECT tcp -- anywhere 172.16.0.4 /* publisher-service */ tcp dpt:8181 redir ports 48046
REDIRECT tcp -- anywhere 172.16.0.5 /* publisher-service */ tcp dpt:8181 redir ports 48046
Chain KUBE-PORTALS-HOST (1 references)
target prot opt source destination
DNAT tcp -- anywhere 11.1.1.2 /* kubernetes */ tcp dpt:https to:172.16.0.5:45717
DNAT tcp -- anywhere 11.1.1.1 /* kubernetes-ro */ tcp dpt:http to:172.16.0.5:34122
DNAT tcp -- anywhere 11.1.1.221 /* publisher-service */ tcp dpt:8181 to:172.16.0.5:48046
DNAT tcp -- anywhere 172.16.0.4 /* publisher-service */ tcp dpt:8181 to:172.16.0.5:48046
DNAT tcp -- anywhere 172.16.0.5 /* publisher-service */ tcp dpt:8181 to:172.16.0.5:48046
我使用Kubernetes v0.12.0。我跟着this guide设置我的群集(即我使用法兰绒)。
更新#1:添加publisher荚状态信息。
apiVersion: v1beta1
creationTimestamp: 2015-04-04T13:24:47Z
currentState:
Condition:
- kind: Ready
status: Full
host: 172.16.0.4
hostIP: 172.16.0.4
info:
publisher:
containerID: docker://6eabf71d507ad0086b37940931aa739534ef681906994a6aae6d97b8b213
image: xxxxx.cloudapp.net/publisher:0.0.2
imageID: docker://5a76329ae2d0dce05fae6f7b1216e346cef2e5aa49899cd829a5dc1f6e70
ready: true
restartCount: 5
state:
running:
startedAt: 2015-04-04T13:26:24Z
manifest:
containers: null
id: ""
restartPolicy: {}
version: ""
volumes: null
podIP: 10.0.86.26
status: Running
desiredState:
manifest:
containers:
- capabilities: {}
command:
- sh
- -c
- java -jar publisher.jar -b $KAFKA_SERVICE_HOST:$KAFKA_SERVICE_PORT
image: xxxxx.cloudapp.net/publisher:0.0.2
imagePullPolicy: PullIfNotPresent
name: publisher
ports:
- containerPort: 8080
hostPort: 8080
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
dnsPolicy: ClusterFirst
id: ""
restartPolicy:
always: {}
version: v1beta2
volumes: null
generateName: rc-publisher-
id: rc-publisher-ls6k1
kind: Pod
labels:
group: abc
namespace: default
resourceVersion: 22853
selfLink: /api/v1beta1/pods/rc-publisher-ls6k1?namespace=default
uid: f746555d-dacd-11e4-8ae7-000d3a101fda
好的。对于外部访问,您是否有请求进入一个节点(通过打开的端口/端点)并让kubernetes服务处理负载平衡? – Eatdoku 2015-05-26 23:19:03
所有请求都通过一个节点/端点以nginx代理websocket流量到k8s服务门户地址。 – begie 2015-05-27 09:25:16