Kubernetes 暴露端口

2年 ago
yangyuhong
3 minutes

Kubernetes 暴露端口

一,从外部访问容器内部服务

1, 使用hostNetwork 参数

​ 特点: 当Pod 调度到哪个节点就使用哪个节点的IP地址,客户端使用IP地址访问容器里面的服务。一个node 只能启动一个Pod 端口,端口不能冲突。

[root@VM-0-14-centos ~]# cat hostNetwork-nginx.yaml 
apiVersion: v1                      # api版本
kind: Pod                           # 指定是Pod 还是Service或者其他
metadata:
  name: nginx-web1                  # 指定Pod 名
  labels:
    name: nginx-hn                  # 标签
spec:
  hostNetwork: true                 
  containers:
  - name: nginx-web1                
    image: nginx:latest             # 指定镜像版本
    imagePullPolicy: Never          # 容器镜像策略
  restartPolicy: OnFailure          # Pod 策略

Pod 的重启策略有 3 种,默认值为 Always。

  • Always : 容器失效时,kubelet 自动重启该容器;
  • OnFailure : 容器终止运行且退出码不为0时重启;
  • Never : 不论状态为何, kubelet 都不重启该容器。
[root@VM-0-14-centos ~]# kubectl apply -f hostNetwork-nginx.yaml 
pod/nginx-web1 created

[root@VM-0-14-centos ~]# kubectl get pods -o wide
NAME                     READY   STATUS    RESTARTS   AGE    IP            
nginx-web1               1/1     Running   0          102s   10.0.4.14 

[root@VM-0-14-centos ~]# curl http://10.0.4.14 -I
HTTP/1.1 200 OK
Server: nginx/1.19.9
Date: Thu, 08 Apr 2021 08:25:06 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 30 Mar 2021 14:47:11 GMT
Connection: keep-alive
ETag: "606339ef-264"
Accept-Ranges: bytes
2, 使用hostPort参数

特点:Pod 调度到哪个节点就用哪个节点的IP 地址访问,端口可以随机指定。生产环境Pod 必须与宿机绑定才可使用。

[root@VM-0-14-centos ~]# cat nginx-hostPort.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx-server
  labels:
    name: nginx-server
spec:
  containers:
  - name: nginx-server
    image: nginx:latest
    imagePullPolicy: Never
    ports:
      - name: http
        hostPort: 8010 # 暴露端口
        containerPort: 80 # 容器端口
        protocol: TCP

[root@VM-0-14-centos ~]# kubectl apply -f nginx-hostPort.yaml 
pod/nginx-server created

[root@VM-0-14-centos ~]# kubectl get pods -o wide
NAME                     READY   STATUS    RESTARTS   AGE    IP
nginx-server             1/1     Running   0          16s    10.244.1.15

[root@VM-0-14-centos ~]# curl http://10.0.4.14:8010 -I
HTTP/1.1 200 OK
Server: nginx/1.19.9
Date: Thu, 08 Apr 2021 08:38:34 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 30 Mar 2021 14:47:11 GMT
Connection: keep-alive
ETag: "606339ef-264"
Accept-Ranges: bytes
3, 使用NodePort 参数

​ 特点:使用node节点的IP加端口可以访问Pod服务,master节点IP不可以访问,端口范围30000-32767.。

[root@VM-0-14-centos ~]# cat nginx-NodePort.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx-web3
  labels:
    name: web3
spec:
  containers:
  - name: nginx-web3-test
    image: nginx:latest
    imagePullPolicy: Never
    ports:
    - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-test
spec:
  selector:
    name: web3                  # 跟Pod 标签一样
  ports:
  - name: http-test
    port: 80
    nodePort: 30030             # 指定暴露端口
  type: NodePort

[root@VM-0-14-centos ~]# kubectl get pod -o wide
NAME                     READY   STATUS    RESTARTS   AGE     IP
nginx-web3               1/1     Running   0          2m56s   10.244.1.18

[root@VM-0-14-centos ~]# kubectl get svc -o wide
NAME         TYPE        CLUSTER-IP        PORT(S)        AGE    SELECTOR
kubernetes   ClusterIP   10.96.0.1         443/TCP        13d    <none>
nginx-test   NodePort    10.105.200.232    80:30030/TCP   3m6s   name=web3

[root@VM-0-14-centos ~]# curl http://10.0.4.14:30030 -I
HTTP/1.1 200 OK
Server: nginx/1.19.9
Date: Thu, 08 Apr 2021 08:57:33 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 30 Mar 2021 14:47:11 GMT
Connection: keep-alive
ETag: "606339ef-264"
Accept-Ranges: bytes
4,使用LoadBalancer参数

​ 特点:必须使用云服务商提供一个VIP地址,只能node节点的IP地址可以访问,master地址不能访问。

[root@VM-0-14-centos ~]# cat nginx-LoadBalancer.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: nginx-web4
  labels:
    name: web4
spec:
  containers:
  - name: nginx-web4-test
    image: nginx:latest
    imagePullPolicy: Never
    ports:
    - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-web4
spec:
  selector:
    name: web4
  ports:
  - name: http-test4
    port: 80
  type: LoadBalancer
status:                 # 如果有VIP就要写,没有就不用写
  loadBalancer:
    ingress:
    - ip: 101.32.178.204

[root@VM-0-14-centos ~]# kubectl apply -f nginx-LoadBalancer.yaml 
pod/nginx-web4 created
service/nginx-web4 created

[root@VM-0-14-centos ~]# kubectl get pods -o wide
NAME                     READY   STATUS    RESTARTS   AGE    IP
nginx-web4               1/1     Running   0          105s   10.244.1.20

[root@VM-0-14-centos ~]# kubectl get svc -o wide
NAME         TYPE           CLUSTER-IP   PORT(S)        AGE     SELECTOR
nginx-web4   LoadBalancer   10.103.18.62 80:32044/TCP   2m15s   name=web4

[root@VM-0-14-centos ~]# curl http://10.0.4.14:32044 -I
HTTP/1.1 200 OK
Server: nginx/1.19.9
Date: Thu, 08 Apr 2021 09:17:37 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 30 Mar 2021 14:47:11 GMT
Connection: keep-alive
ETag: "606339ef-264"
Accept-Ranges: bytes

 

发表回复 0

Your email address will not be published. Required fields are marked *