k8s的容器的端口暴露
Posted kaishirenshi
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了k8s的容器的端口暴露相关的知识,希望对你有一定的参考价值。
一.容器外部访问容器内部服务
1.使用hostNetwork参数(容器内部服务与宿主机同一网段)
特点:当Pod调度到哪个节点就使用哪个节点的IP地址,客户端使用IP地址访问容器里面的服务。一个node只能启动一个pod端口,端口不能冲突。
[root@k8s01 yaml]# cat end-nginx.yaml
apiVersion: v1 kind: Pod metadata: name: nginx1 labels: app: web spec: hostNetwork: true containers: - name: ng-web image: nginx:latest imagePullPolicy: Never |
[root@k8s01 yaml]# kubectl apply -f end-nginx.yaml
pod/nginx1 created
[root@k8s01 yaml]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx1 1/1 Running 0 72s 192.168.54.129 k8s02 <none> <none>
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Wed, 27 Nov 2019 07:52:02 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes
[root@k8s01 yaml]#
2.使用hostPort参数 (将容器内端口暴露出来)
特点:Pod调度到哪个节点就用哪个节点的IP址访问, 端口可以随机指定。生产环境pod必须与宿机绑定才可使用。
[root@k8s01 yaml]# cat end-nginx2.yaml
apiVersion: v1 kind: Pod metadata: name: nginx2 labels: app: web spec: containers: - name: ng-web2 image: nginx:latest imagePullPolicy: Never ports: - name: http containerPort: 80 --容器端口 hostPort: 80 --暴露端口 protocol: TCP |
[root@k8s01 yaml]# kubectl apply -f end-nginx2.yaml
pod/nginx2 created
[root@k8s01 yaml]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx2 1/1 Running 0 4m31s 10.244.1.67 k8s02 <none> <none>
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Wed, 27 Nov 2019 08:15:24 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes
3.使用NodePort参数
特 点:使用node节点的IP加端口可以访问Pod服务,master节点IP不可以访问。端口范围30000-32767。
[root@k8s01 yaml]# cat end-nginx3.yaml
apiVersion: v1 kind: Pod metadata: name: nginx3 labels: app: web spec: containers: - name: ng-web3 image: nginx:latest imagePullPolicy: Never ports: - containerPort: 80 --- kind: Service apiVersion: v1 metadata: name: ng-service spec: type : NodePort ports: - name: http port: 80 nodePort: 31000 selector: --后端Pod标签 app: web |
[root@k8s01 yaml]# kubectl apply -f end-nginx3.yaml
pod/nginx3 created
service/ng-service created
[root@k8s01 yaml]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx3 1/1 Running 0 63s 10.244.1.77 k8s02 <none> <none>
[root@k8s01 yaml]# kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
ng-service NodePort 10.102.52.148 <none> 80:31000/TCP 66s app=web
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Wed, 27 Nov 2019 08:47:33 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes
4.使用 LoadBalancer参数
特点:必须使用云服务商提供一个VIP地址,只能node节点的IP地址可以访问,master地址不能访问。
[root@k8s01 yaml]# cat end-nginx4.yaml
apiVersion: v1 kind: Pod metadata: name: nginx4 labels: app: web spec: containers: - name: ng-web4 image: nginx:latest imagePullPolicy: Never ports: - containerPort: 80 --- kind: Service apiVersion: v1 metadata: name: ng-lb spec: type : LoadBalancer ports: - name: http port: 80 selector: app: web status: --如果有vip就要写,没有就不用写。 loadBalancer: ingress: - ip: 192.168.54.131 |
[root@k8s01 yaml]# kubectl apply -f end-nginx4.yaml
pod/nginx4 created
service/ng-lb created
[root@k8s01 yaml]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx4 1/1 Running 0 4m6s 10.244.1.80 k8s02 <none> <none>
[root@k8s01 yaml]# kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
ng-lb LoadBalancer 10.99.49.195
<pending> 80:30183/TCP 4m10s app=web --没有VIP地址
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Wed, 27 Nov 2019 09:11:01 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes
二.容器内部服务访问外部服务
1.使用 hostNetwork参数(Pod与宿主机IP在同一网段)
[root@k8s01 yaml]# cat mysql.yaml
apiVersion: v1 kind: Pod metadata: name: nginx5 labels: app: mysql spec: hostNetwork: true containers: - name: db-mysql image: nginx:latest imagePullPolicy: Never |
[root@k8s01 yaml]# kubectl apply -f mysql.yaml
pod/nginx5 created
[root@k8s01 yaml]# kubectl exec -it nginx5 /bin/bash
root@nginx5:/# apt-get update --更新创建
root@nginx5:/# apt-get install mysql* --安装mysql包
root@nginx5:/# mysql -h 192.168.54.130 -u repl -p123456 --登陆mysql数据库
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MySQL connection id is 16
Server version: 5.7.27 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type ‘help;‘ or ‘h‘ for help. Type ‘c‘ to clear the current input statement.
MySQL [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
| wuhan |
+--------------------+
5 rows in set (0.001 sec)
MySQL [(none)]>
2.使用endpoints组件
[root@k8s01 yaml]# cat endpoint.yaml
apiVersion: v1 kind: Endpoints metadata: name: mysql- test namespace: default subsets: - addresses: - ip: 192.168.54.130 --指定宿机主mysql服务器 ports: - port: 3306 --指定端口 --- apiVersion: v1 kind: Service metadata: name: mysql- test --service后端指向endpoints地址 labels: app: abc spec: ports: - port: 3306 --- apiVersion: v1 kind: Pod metadata: name: nginx6 --启动一个容器,测试连接mysql labels: app: db spec: containers: - name: mysql- test image: nginx:latest imagePullPolicy: Never |
endpoints/mysql-test created
service/mysql-test created
pod/nginx6 created
[root@k8s01 yaml]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx6 1/1 Running 0 12s 10.244.1.85 k8s02 <none> <none>
[root@k8s01 yaml]# kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
mysql-test ClusterIP 10.98.57.89 <none> 3306/TCP 16s <none>
[root@k8s01 yaml]# kubectl get endpoints -o wide
NAME ENDPOINTS AGE
mysql-test 192.168.54.130:3306 21s
[root@k8s01 yaml]# kubectl exec -it nginx6 /bin/bash
root@ nginx6:/# mysql -h mysql-test -u repl -p123456 --使用endpoints名字(映射到service,service映射到192.168.54.130)
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MySQL connection id is 19
Server version: 5.7.27 MySQL Community Server (GPL)
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
| wuhan |
+--------------------+
5 rows in set (0.001 sec)
MySQL [(none)]>
原文链接:http://blog.itpub.net/25854343/viewspace-2665927/
以上是关于k8s的容器的端口暴露的主要内容,如果未能解决你的问题,请参考以下文章