kubernetes 无法转发端口

Question

我是 kubernetes 新手，我有 deployment.yaml 文件

apiVersion: apps/v1
kind: Deployment
metadata:
  name: pdemo
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      papi: web
  template:
    metadata:
      labels:
        papi: web
    spec:
      containers:
      - name: pdemodemo-site
        image:pdemoapi:4.0
        ports:
        - containerPort: 443
---
apiVersion: v1
kind: Service
metadata:
  name: pdemo-entrypoint
  namespace: default
spec:
  type: LoadBalancer
  selector:
    bb: web
  ports:
  - port: 44328
    targetPort: 443

我应用了这个 deployment.yaml 文件并请求了 kubectl get 服务

NAME                          TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)           AGE
kubernetes                    ClusterIP      10.96.0.1       <none>        443/TCP           19h
pdemo-entrypoint              LoadBalancer   10.111.16.228   localhost     44328:31656/TCP   60m

然后我做了kubectl port-forward service/pdemo-entrypoint --address "localhost" 31656:44328

结果

Forwarding from 127.0.0.1:31656 -> 443
Forwarding from [::1]:31656 -> 443
Handling connection for 31656
Handling connection for 31656

然后当我尝试从浏览器请求时，我得到了

E1116 09:35:14.268697    2692 portforward.go:400] an error occurred forwarding 31656 -> 443: error forwarding port 443 to pod 54c1096fd343af2d0bc356c3ee52a54ac0db586e0f978fd3a0062278fe7aeb98, uid : exit status 1: 2019/11/16 14:35:14 socat[33825] E connect(21, AF=2 127.0.0.1:443, 16): Connection refused

这是我的 docker 镜像文件

FROM mcr.microsoft.com/dotnet/core/aspnet:2.2-alpine3.8 AS base
WORKDIR /app
EXPOSE 443
COPY ./xyz/publish .
ENV ASPNETCORE_URLS=https://+:443;http://+80
ENTRYPOINT ["dotnet","xyz.dll"]

仅供参考：我正在使用 docker-desktop

Answer 1

如果您在浏览器中输入localhost:31656，这并不意味着流量路由到https，默认情况下浏览器会将其转换为http://localhost:31656，换句话说，您将未加密的流量路由到加密端点。

输入https://localhost:31656，尝试指定您想要的https://

curl -LO https://localhost:31656