kubernetes 如何将 pod 暴露给集群机器之外的东西?

【问题标题】:kubernetes how do I expose pods to things outside of cluster machine?kubernetes 如何将 pod 暴露给集群机器之外的东西?
【发布时间】:2021-05-03 08:27:39
【问题描述】:

我阅读了以下 kubernetes docs 导致以下 yaml 在集群中运行 postgresql 和 pgadmin:

--- pgadmin-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pgadmin-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pgadmin-pod
  template:
    metadata:
      labels:
        app: pgadmin-pod
    spec:
      containers:
        - name: pgadmin-container
          image: dpage/pgadmin4
          imagePullPolicy: "IfNotPresent"
          ports:
            - containerPort: 80
          env:
            - name: PGADMIN_DEFAULT_EMAIL
              value: email@example.com
            - name: PGADMIN_DEFAULT_PASSWORD
              value: password

--- pgadmin-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: pgadmin-service
spec:
  type: NodePort
  ports:
    - port: 30000
      targetPort: 80
  selector:
    app: pgadmin-pod

--- postgres-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: postgres-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: postgres-pod
  template:
    metadata:
      labels:
        app: postgres-pod
    spec:
      containers:
        - name: postgres-container
          image: postgres:9.6-alpine
          imagePullPolicy: "IfNotPresent"
          ports:
            - containerPort: 5432
          env:
            - name: POSTGRES_DB
              value: database
            - name: POSTGRES_PASSWORD
              value: password
            - name: POSTGRES_USER
              value: username
          volumeMounts:
            - mountPath: /var/lib/postgresql/data
              name: postgrepvc
      volumes:
        - name: postgrepvc
          persistentVolumeClaim:
            claimName: postgres-pv-claim

--- postgres-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: postgres-service
spec:
  type: NodePort
  ports:
    - port: 30001
      targetPort: 5432
  selector:
    app: postgres-pod

--- postgres-storage.yaml
postgres-storage.yaml
kind: PersistentVolume
apiVersion: v1
metadata:
  name: postgres-pv-volume
  labels:
    type: local
    app: postgres
spec:
  storageClassName: manual
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  hostPath:
    path: "/mnt/data"
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: postgres-pv-claim
  labels:
    app: postgres
spec:
  storageClassName: manual
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Gi

然后我运行以下命令kubectl create -f ./,结果如下: kubernetes pods / svc's

然后我尝试从集群外部访问 10.43.225.170:30000 上的 pgAdmin,但我得到“10.43.225.170 响应时间过长”。不管我怎么尝试。

那么我如何将 pgAdmin 和 postgress 暴露给外界,有没有办法给他们静态 ip,这样我就不必每次在 kubernetes 上重新部署时都更新连接字符串中的 ip,或者我必须为此使用 statefulset 吗?

【问题讨论】:

    标签: postgresql kubernetes networking pgadmin


    【解决方案1】:

    这里有问题

    1. 您正在尝试访问 节点内部 ip 10.43.225.170 而不是 外部 一个。
    2. nodePort 服务配置不正确。此外,您正在尝试调用不正确的端口

    您尚未指定您使用的平台。我正在使用 GKE,所以在我的情况下它更容易,因为我在集群节点创建期间自动分配了外部 IP。但我必须手动创建入口防火墙规则以允许从外部访问节点和所需端口 (30000,30001)

    在任何情况下,为了能够使用nodePort - 您应该将外部 IP 地址分配给集群中的一个节点和允许进入该端口的流量的防火墙规则

    接下来。您正在尝试拨打<NodeIP>:spec.ports[*].port

    根据Type NodePort documentation

    服务显示为<NodeIP>:spec.ports[*].nodePort

    您需要明确指定 nodePort

    我对你的部署做了一点改动,部署好后在防火墙中打开相应的端口就可以访问pgAdmin了。

    apiVersion: apps/v1
kind: Deployment
metadata:
  name: pgadmin-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pgadmin-pod
  template:
    metadata:
      labels:
        app: pgadmin-pod
    spec:
      containers:
        - name: pgadmin-container
          image: dpage/pgadmin4
          imagePullPolicy: "IfNotPresent"
          ports:
            - containerPort: 80
          env:
            - name: PGADMIN_DEFAULT_EMAIL
              value: email@example.com
            - name: PGADMIN_DEFAULT_PASSWORD
              value: password

---
apiVersion: v1
kind: Service
metadata:
  name: pgadmin-service
spec:
  type: NodePort
  ports:
    - nodePort: 30000
      targetPort: 80
      port: 80
  selector:
    app: pgadmin-pod

--- postgres-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: postgres-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: postgres-pod
  template:
    metadata:
      labels:
        app: postgres-pod
    spec:
      containers:
        - name: postgres-container
          image: postgres:9.6-alpine
          imagePullPolicy: "IfNotPresent"
          ports:
            - containerPort: 5432
          env:
            - name: POSTGRES_DB
              value: database
            - name: POSTGRES_PASSWORD
              value: password
            - name: POSTGRES_USER
              value: username
          volumeMounts:
            - mountPath: /var/lib/postgresql/data
              name: postgrepvc
      volumes:
        - name: postgrepvc
          persistentVolumeClaim:
            claimName: postgres-pv-claim

---
apiVersion: v1
kind: Service
metadata:
  name: postgres-service
spec:
  type: NodePort
  ports:
    - nodePort: 30001
      targetPort: 5432
      port: 5432
  selector:
    app: postgres-pod

---
kind: PersistentVolume
apiVersion: v1
metadata:
  name: postgres-pv-volume
  labels:
    type: local
    app: postgres
spec:
  storageClassName: manual
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  hostPath:
    path: "/mnt/data"
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: postgres-pv-claim
  labels:
    app: postgres
spec:
  storageClassName: manual
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Gi

    检查:

    kubectl apply -f pg_my.yaml
deployment.apps/pgadmin-deployment created
service/pgadmin-service created
service/postgres-service created
persistentvolume/postgres-pv-volume created
persistentvolumeclaim/postgres-pv-claim created


#In my case I take node external ip from any node from `kubectl get nodes -o wide` output:
NAME                                       STATUS   ROLES    AGE   VERSION            INTERNAL-IP   EXTERNAL-IP
gke-cluster-1-default-pool-*******-*****   Ready    <none>   20d   v1.18.16-gke.502   10.186.0.7    *.*.*.*

curl *.*.*.*:30000
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to target URL: <a href="/login?next=%2F">/login?next=%2F</a>.

    【讨论】:

    • 非常感谢您的回答,我在 WSL2 Ubuntu 机器上使用 k3d / k3s,当运行 kubectl get nodes -o wide 您提供的 yaml 文件时,它仍然在 EXTERNAL 下显示“”-知识产权。我如何给它一个外部 ip,我将如何为节点端口制定防火墙规则?如果 k3d / k3s 是个问题,那么我可以在 Ubuntu vm 上尝试 k8s。
    • 我通过使用您提供的代码解决了这个问题,并设置了一个 nginx 入口控制器。谢谢。
    猜你喜欢
    • 2021-01-14
    • 2023-01-25
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2020-01-28
    • 1970-01-01
    • 1970-01-01
    • 2019-04-03
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode