我创建了一个Kubernetes Service,其后端节点不是集群的一部分,而是一组固定的节点(具有固定的IP),所以我还创建了一个Endpoints资源,同名:
apiVersion: v1
kind: Service
metadata:
name: hive
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 10002
---
apiVersion: v1
kind: Endpoints
metadata:
name: hive
subsets:
- addresses:
- ip: 10.52.7.28
- ip: 10.52.7.29
ports:
- port: 10002
服务和端点的描述:
$ kubectl describe svc/hive
Name: hive
Namespace: default
Labels: <none>
Annotations: <none>
Selector: <none>
Type: ClusterIP
IP: 10.0.192.103
Port: http 80/TCP
TargetPort: 10002/TCP
Endpoints:
Session Affinity: None
Events: <none>
$
$ kubectl describe ep/hive
Name: hive
Namespace: default
Labels: <none>
Annotations: <none>
Subsets:
Addresses: 10.52.7.28,10.52.7.29
NotReadyAddresses: <none>
Ports:
Name Port Protocol
---- ---- --------
<unset> 10002 TCP
Events: <none>
如果我直接进入Pod和telnet之一,直接连接到Endpoint子集地址,则可以连接,但如果通过Service访问它,则连接被拒绝。仅出于完整性考虑,Service和Pod位于同一名称空间中:
# telnet 10.52.7.28 10002
Trying 10.52.7.28...
Connected to 10.52.7.28.
Escape character is '^]'.
^CConnection closed by foreign host.
#
# telnet 10.52.7.29 10002
Trying 10.52.7.29...
Connected to 10.52.7.29.
Escape character is '^]'.
^CConnection closed by foreign host.
#
# telnet hive 80
Trying 10.0.192.103...
telnet: Unable to connect to remote host: Connection refused
#
有人知道为什么我可以直接连接到IP但不能通过Kubernetes Service吗?我认为这不是因为防火墙规则,因为那样它也应该也阻止了直接请求。
编辑:我怀疑这与运行Endpoints时kubectl describe svc/hive为空有关,但是我可以在仪表板上看到端点(“服务”页面下)显示了那些端点。
端口名称必须在Service和Endpoint之间匹配。要么在服务中删除端口名,要么在端点中添加它。
apiVersion: v1
kind: Service
metadata:
name: hive
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 10002
---
apiVersion: v1
kind: Endpoints
metadata:
name: hive
subsets:
- addresses:
- ip: 10.52.7.28
- ip: 10.52.7.29
ports:
- name: http
port: 10002
端点控制器查看服务中的选择器并选择具有相同标签的容器,并使用这些容器的IP更新服务的端点。