【发布时间】:2020-01-16 11:49:38
【问题描述】:
我创建了一个 Kubernetes Service,它的后端节点不是集群的一部分,而是一组固定的节点(具有固定的 IP),所以我还创建了一个 Endpoints 同名资源:
apiVersion: v1
kind: Service
metadata:
name: hive
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 10002
---
apiVersion: v1
kind: Endpoints
metadata:
name: hive
subsets:
- addresses:
- ip: 10.52.7.28
- ip: 10.52.7.29
ports:
- port: 10002
服务和端点描述:
$ kubectl describe svc/hive
Name: hive
Namespace: default
Labels: <none>
Annotations: <none>
Selector: <none>
Type: ClusterIP
IP: 10.0.192.103
Port: http 80/TCP
TargetPort: 10002/TCP
Endpoints:
Session Affinity: None
Events: <none>
$
$ kubectl describe ep/hive
Name: hive
Namespace: default
Labels: <none>
Annotations: <none>
Subsets:
Addresses: 10.52.7.28,10.52.7.29
NotReadyAddresses: <none>
Ports:
Name Port Protocol
---- ---- --------
<unset> 10002 TCP
Events: <none>
如果我执行到其中一个 pod 并直接 telnet 到端点子集地址,我可以连接,但如果我通过服务访问它,我会被拒绝连接。为了完整起见,Service 和 pod 在同一个命名空间中:
# telnet 10.52.7.28 10002
Trying 10.52.7.28...
Connected to 10.52.7.28.
Escape character is '^]'.
^CConnection closed by foreign host.
#
# telnet 10.52.7.29 10002
Trying 10.52.7.29...
Connected to 10.52.7.29.
Escape character is '^]'.
^CConnection closed by foreign host.
#
# telnet hive 80
Trying 10.0.192.103...
telnet: Unable to connect to remote host: Connection refused
#
知道为什么我可以直接连接到 IP 但不能通过 Kubernetes 服务吗?我相信这不是因为防火墙规则,因为那样它也应该阻止直接请求。
编辑:我怀疑这与运行 kubectl describe svc/hive 时 Endpoints 为空有关,但我可以在仪表板中看到端点(在服务页面下)显示这些端点。
【问题讨论】:
-
这能回答你的问题吗? Kubernetes - services without selector
-
@ArghyaSadhu 确实如此。问题非常相似。我在谷歌搜索时不知何故没有偶然发现这个问题。谢谢!
标签: networking kubernetes service tcp connection-refused