k8s的容器的端口暴露

Posted kaishirenshi

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了k8s的容器的端口暴露相关的知识,希望对你有一定的参考价值。

一.容器外部访问容器内部服务

1.使用hostNetwork参数(容器内部服务与宿主机同一网段)

特点:当Pod调度到哪个节点就使用哪个节点的IP地址,客户端使用IP地址访问容器里面的服务。一个node只能启动一个pod端口,端口不能冲突。

[root@k8s01 yaml]# cat end-nginx.yaml 

apiVersion: v1
kind: Pod
metadata:
  name: nginx1
  labels:
    app: web
spec:
 hostNetwork: true
 containers:
  - name: ng-web
    image: nginx:latest
    imagePullPolicy: Never

[root@k8s01 yaml]# kubectl apply -f end-nginx.yaml
pod/nginx1 created
[root@k8s01 yaml]# kubectl  get pods -o wide
NAME               READY   STATUS    RESTARTS   AGE   IP         NODE    NOMINATED NODE   READINESS GATES
nginx1                1/1     Running   0          72s   192.168.54.129   k8s02   <none>           <none>

[root@k8s01 yaml]# curl -I http://192.168.54.129     --直接访问Pod的IP地址 
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Wed, 27 Nov 2019 07:52:02 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes

[root@k8s01 yaml]#

 

2.使用hostPort参数 (将容器内端口暴露出来)

特点:Pod调度到哪个节点就用哪个节点的IP址访问, 端口可以随机指定。生产环境pod必须与宿机绑定才可使用。

[root@k8s01 yaml]# cat end-nginx2.yaml 

apiVersion: v1
kind: Pod
metadata:
  name: nginx2
  labels:
    app: web
spec:
 containers:
  - name: ng-web2
    image: nginx:latest
    imagePullPolicy: Never
    ports:
    - name: http
      containerPort: 80     --容器端口
      hostPort: 80     --暴露端口
      protocol: TCP

[root@k8s01 yaml]# kubectl apply -f  end-nginx2.yaml
pod/nginx2 created
[root@k8s01 yaml]# kubectl  get pods  -o wide
NAME           READY   STATUS    RESTARTS   AGE     IP           NODE    NOMINATED NODE   READINESS GATES
nginx2               1/1     Running   0          4m31s   10.244.1.67   k8s02   <none>           <none>

[root@k8s01 yaml]# curl  -I http://192.168.54.129      --Pod在哪个宿主机就用哪个IP地址 
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Wed, 27 Nov 2019 08:15:24 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes
[root@k8s01 yaml]#

 

3.使用NodePort参数

特 点:使用node节点的IP加端口可以访问Pod服务,master节点IP不可以访问。端口范围30000-32767。

[root@k8s01 yaml]# cat end-nginx3.yaml 

apiVersion: v1
kind: Pod
metadata:
  name: nginx3
  labels:
    app: web
spec:
 containers:
  - name: ng-web3
    image: nginx:latest
    imagePullPolicy: Never
    ports:
      - containerPort: 80
---
kind: Service
apiVersion: v1
metadata:
  name: ng-service
spec:
  type: NodePort
  ports:
    - name: http
      port: 80
      nodePort: 31000
  selector:     --后端Pod标签
    app: web

[root@k8s01 yaml]# kubectl apply -f  end-nginx3.yaml
pod/nginx3 created
service/ng-service created
[root@k8s01 yaml]# kubectl  get pods -o wide
NAME      READY   STATUS    RESTARTS   AGE   IP       NODE    NOMINATED NODE   READINESS GATES
nginx3         1/1     Running   0          63s   10.244.1.77   k8s02   <none>           <none>
[root@k8s01 yaml]# kubectl  get svc -o wide
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE   SELECTOR
ng-service   NodePort    10.102.52.148   <none>        80:31000/TCP   66s   app=web

[root@k8s01 yaml]# curl  -I http://192.168.54.129:31000      --使用node节点IP地址访问,master节点IP访问不了。 
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Wed, 27 Nov 2019 08:47:33 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes
[root@k8s01 yaml]#

 

4.使用 LoadBalancer参数

特点:必须使用云服务商提供一个VIP地址,只能node节点的IP地址可以访问,master地址不能访问。

[root@k8s01 yaml]# cat end-nginx4.yaml 

apiVersion: v1
kind: Pod
metadata:
  name: nginx4
  labels:
    app: web
spec:
 containers:
  - name: ng-web4
    image: nginx:latest
    imagePullPolicy: Never
    ports:
      - containerPort: 80
---
kind: Service
apiVersion: v1
metadata:
  name: ng-lb
spec:
  type: LoadBalancer
  ports:
    - name: http
      port: 80
  selector:
    app: web
status:                           --如果有vip就要写,没有就不用写。
  loadBalancer:
    ingress:
    - ip: 192.168.54.131

[root@k8s01 yaml]# kubectl apply -f  end-nginx4.yaml
pod/nginx4 created
service/ng-lb created
[root@k8s01 yaml]# kubectl  get pods -o wide
NAME          READY   STATUS    RESTARTS   AGE    IP        NODE    NOMINATED NODE   READINESS GATES
nginx4            1/1     Running   0          4m6s   10.244.1.80   k8s02   <none>           <none>
[root@k8s01 yaml]# kubectl  get svc -o wide
NAME         TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE     SELECTOR
ng-lb        LoadBalancer   10.99.49.195    <pending>     80:30183/TCP   4m10s   app=web     --没有VIP地址

[root@k8s01 yaml]# curl  -I http://192.168.54.129:30183
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Wed, 27 Nov 2019 09:11:01 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes
[root@k8s01 yaml]#

 

二.容器内部服务访问外部服务

1.使用 hostNetwork参数(Pod与宿主机IP在同一网段)

[root@k8s01 yaml]# cat mysql.yaml 

apiVersion: v1
kind: Pod
metadata:
  name: nginx5
  labels:
    app: mysql
spec:
  hostNetwork: true
  containers:
  - name: db-mysql
    image: nginx:latest
    imagePullPolicy: Never

[root@k8s01 yaml]# kubectl  apply -f mysql.yaml
pod/nginx5 created
[root@k8s01 yaml]# kubectl exec -it nginx5 /bin/bash
root@nginx5:/# apt-get update            --更新创建 
root@nginx5:/# apt-get install mysql*     --安装mysql包
root@nginx5:/# mysql -h 192.168.54.130 -u repl -p123456    --登陆mysql数据库
Welcome to the MariaDB monitor.  Commands end with ; or g.
Your MySQL connection id is 16
Server version: 5.7.27 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type ‘help;‘ or ‘h‘ for help. Type ‘c‘ to clear the current input statement.
MySQL [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
| wuhan              |
+--------------------+
5 rows in set (0.001 sec)
MySQL [(none)]>

 

2.使用endpoints组件

[root@k8s01 yaml]# cat endpoint.yaml

apiVersion: v1
kind: Endpoints
metadata:
  name: mysql-test
  namespace: default
subsets:
  - addresses:
    - ip: 192.168.54.130    --指定宿机主mysql服务器
    ports:
      - port: 3306      --指定端口
---
apiVersion: v1
kind: Service
metadata:
  name: mysql-test    --service后端指向endpoints地址
  labels:
    app: abc
spec:
  ports:
    - port: 3306
---
apiVersion: v1
kind: Pod
metadata:
  name: nginx6       --启动一个容器,测试连接mysql
  labels:
    app: db
spec:
 containers:
  - name: mysql-test
    image: nginx:latest
    imagePullPolicy: Never
[root@k8s01 yaml]# kubectl  apply -f endpoint.yaml
endpoints/mysql-test created
service/mysql-test created
pod/nginx6 created
[root@k8s01 yaml]# kubectl get pods -o wide
NAME         READY   STATUS    RESTARTS   AGE   IP          NODE    NOMINATED NODE   READINESS GATES
nginx6                    1/1     Running   0          12s   10.244.1.85   k8s02   <none>           <none>
[root@k8s01 yaml]# kubectl get svc -o wide
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE   SELECTOR
mysql-test   ClusterIP   10.98.57.89     <none>        3306/TCP   16s   <none>
[root@k8s01 yaml]# kubectl get endpoints -o wide
NAME         ENDPOINTS                       AGE
mysql-test   192.168.54.130:3306             21s
[root@k8s01 yaml]# kubectl exec -it nginx6 /bin/bash
root@ nginx6:/# mysql -h mysql-test -u repl -p123456    --使用endpoints名字(映射到service,service映射到192.168.54.130)
Welcome to the MariaDB monitor.  Commands end with ; or g.
Your MySQL connection id is 19
Server version: 5.7.27 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type ‘help;‘ or ‘h‘ for help. Type ‘c‘ to clear the current input statement.
MySQL [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
| wuhan              |
+--------------------+
5 rows in set (0.001 sec)

MySQL [(none)]>

 

 

原文链接:http://blog.itpub.net/25854343/viewspace-2665927/

以上是关于k8s的容器的端口暴露的主要内容,如果未能解决你的问题,请参考以下文章

容器服务 TKE 上服务暴露的几种方式

k8s 中 port nodePort targetPort概念的区分

如何列出所有容器的暴露端口?

K8s暴露内部服务的多种方式

k8s学习-CKA真题-负载均衡service

k8s学习-CKA真题-负载均衡service