基础设施:
+------------------------------------------------------+
| Host |
| +-----------------------------------+ |
| | Vagrant box | |
| | +------------------------------+ |
| | | Minikube | |
| | | +--------------------------+ |
| | | | Pods/Services/etc... | |
| | | | | |
| | | | | <--+ curl |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
+-----+----+---+--------------------------+------------+
例子:
$ kubectl run nginx --image=nginx:alpine
服务端:
apiVersion: v1
kind: Service
metadata:
labels:
run: nginx
name: nginx
spec:
externalTrafficPolicy: Cluster
ports:
- nodePort: 30888
port: 30888
protocol: TCP
targetPort: 80
selector:
run: nginx
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
创建服务(注意它的类型是NodePort):
$ kubectl create -f svc.yaml
一切都正常运行,并且似乎我能够连接到127.0.0.1:30888盒子0.0.0.0:30888内部vagrant:
$ kubectl get po nginx-5bd976694-nq5sr
NAME READY STATUS RESTARTS AGE
nginx-5bd976694-nq5sr 1/1 Running 0 9m
$ kubectl get svc nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx NodePort 10.105.135.126 <none> 30888:30888/TCP 9m
$ curl -sv 127.0.0.1:30888 > /dev/null
* Rebuilt URL to: 127.0.0.1:30888/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 30888 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:30888
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.13.8
< Date: Thu, 04 Jan 2018 11:18:21 GMT
< Content-Type: text/html
< Content-Length: 612
< Last-Modified: Tue, 26 Dec 2017 18:18:51 GMT
< Connection: keep-alive
< ETag: "5a42928b-264"
< Accept-Ranges: bytes
<
{ [612 bytes data]
* Curl_http_done: called premature == 0
* Connection #0 to host 127.0.0.1 left intact
$ curl -sv 0.0.0.0:30888 > /dev/null
* Rebuilt URL to: 0.0.0.0:30888/
* Trying 0.0.0.0...
* TCP_NODELAY set
* Connected to 0.0.0.0 (127.0.0.1) port 30888 (#0)
> GET / HTTP/1.1
> Host: 0.0.0.0:30888
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.13.8
< Date: Thu, 04 Jan 2018 11:18:28 GMT
< Content-Type: text/html
< Content-Length: 612
< Last-Modified: Tue, 26 Dec 2017 18:18:51 GMT
< Connection: keep-alive
< ETag: "5a42928b-264"
< Accept-Ranges: bytes
<
{ [612 bytes data]
* Curl_http_done: called premature == 0
* Connection #0 to host 0.0.0.0 left intact
因此,这在客户机上运行良好,但是如果我在主机curl上尝试vagrant,则没有答案:
$ vagrant port | grep guest
22 (guest) => 2222 (host)
30270 (guest) => 27017 (host)
30888 (guest) => 30888 (host)
30330 (guest) => 3306 (host)
30080 (guest) => 8080 (host)
30081 (guest) => 8081 (host)
$ curl -sv 127.0.0.1:30888 > /dev/null
* Rebuilt URL to: 127.0.0.1:30888/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 30888 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:30888
> User-Agent: curl/7.52.1
> Accept: */*
>
$ curl -sv 0.0.0.0:30888 > /dev/null
* Rebuilt URL to: 0.0.0.0:30888/
* Trying 0.0.0.0...
* TCP_NODELAY set
* Connected to 0.0.0.0 (127.0.0.1) port 30888 (#0)
> GET / HTTP/1.1
> Host: 0.0.0.0:30888
> User-Agent: curl/7.52.1
> Accept: */*
>
我认为这里最大的问题是minukubevagrant box 中的 ip 是127.0.0.1:
$ sudo -E minikube ip
127.0.0.1
有任何想法吗?
答案1
可能需要使用 --insecure-bind-address=0.0.0.0 选项运行。
答案2
事实证明,一条简单的iptables规则可以结束这种痛苦:
# iptables -A DOCKER -j ACCEPT
答案3
你可以尝试在 vagrant guest 中运行一个反向 ssh 隧道:
ssh -fN -L 30100:192.168.49.2:30100 -i ~/Vagrant\ Machines/kubernetes-dev01/.vagrant/machines/default/vmware_desktop/private_key [email protected]
在哪里:
-f分叉到背景
-N不要执行远程命令。
30100是笔记本电脑上用于本地绑定的端口,即最终结果,在 Web 浏览器中转到 localhost:30100
192.168.49.2是运行应用程序的vagrant机器内部的ip,它也在内部运行在30100上。
-i是身份私有 ssh 密钥路径
kubernetes是可以访问 vagrant 机器的用户 192.168.56.212 是笔记本电脑可以连接到 vagrant 机器的 IP。
可能有更好的方法来交叉映射端口,但这至少可以给你一种简单粗暴的方法来反向隧道进入服务。