如何公开在 vagrant box 中安装的 minikube 上运行的服务?

如何公开在 vagrant box 中安装的 minikube 上运行的服务?

基础设施:

+------------------------------------------------------+
| Host                                                 |
|     +-----------------------------------+            |
|     | Vagrant box                       |            |
|     |    +------------------------------+            |
|     |    | Minikube                     |            |
|     |    |   +--------------------------+            |
|     |    |   | Pods/Services/etc...     |            |
|     |    |   |                          |            |
|     |    |   |                          | <--+ curl  |
|     |    |   |                          |            |
|     |    |   |                          |            |
|     |    |   |                          |            |
|     |    |   |                          |            |
|     |    |   |                          |            |
+-----+----+---+--------------------------+------------+

例子:

$ kubectl run nginx --image=nginx:alpine

服务端

apiVersion: v1
kind: Service
metadata:
  labels:
    run: nginx
  name: nginx
spec:
  externalTrafficPolicy: Cluster
  ports:
  - nodePort: 30888
    port: 30888
    protocol: TCP
    targetPort: 80
  selector:
    run: nginx
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}

创建服务(注意它的类型是NodePort):

$ kubectl create -f svc.yaml

一切都正常运行,并且似乎我能够连接到127.0.0.1:30888盒子0.0.0.0:30888内部vagrant

$ kubectl get po nginx-5bd976694-nq5sr 
NAME                    READY     STATUS    RESTARTS   AGE
nginx-5bd976694-nq5sr   1/1       Running   0          9m

$ kubectl get svc nginx
NAME      TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)           AGE
nginx     NodePort   10.105.135.126   <none>        30888:30888/TCP   9m

$ curl -sv 127.0.0.1:30888 > /dev/null
* Rebuilt URL to: 127.0.0.1:30888/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 30888 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:30888
> User-Agent: curl/7.52.1
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx/1.13.8
< Date: Thu, 04 Jan 2018 11:18:21 GMT
< Content-Type: text/html
< Content-Length: 612
< Last-Modified: Tue, 26 Dec 2017 18:18:51 GMT
< Connection: keep-alive
< ETag: "5a42928b-264"
< Accept-Ranges: bytes
< 
{ [612 bytes data]
* Curl_http_done: called premature == 0
* Connection #0 to host 127.0.0.1 left intact

$ curl -sv 0.0.0.0:30888 > /dev/null
* Rebuilt URL to: 0.0.0.0:30888/
*   Trying 0.0.0.0...
* TCP_NODELAY set
* Connected to 0.0.0.0 (127.0.0.1) port 30888 (#0)
> GET / HTTP/1.1
> Host: 0.0.0.0:30888
> User-Agent: curl/7.52.1
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx/1.13.8
< Date: Thu, 04 Jan 2018 11:18:28 GMT
< Content-Type: text/html
< Content-Length: 612
< Last-Modified: Tue, 26 Dec 2017 18:18:51 GMT
< Connection: keep-alive
< ETag: "5a42928b-264"
< Accept-Ranges: bytes
< 
{ [612 bytes data]
* Curl_http_done: called premature == 0
* Connection #0 to host 0.0.0.0 left intact

因此,这在客户机上运行良好,但是如果我在主机curl上尝试vagrant,则没有答案:

$ vagrant port | grep guest
    22 (guest) => 2222 (host)
 30270 (guest) => 27017 (host)
 30888 (guest) => 30888 (host)
 30330 (guest) => 3306 (host)
 30080 (guest) => 8080 (host)
 30081 (guest) => 8081 (host)

$ curl -sv 127.0.0.1:30888 > /dev/null
* Rebuilt URL to: 127.0.0.1:30888/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 30888 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:30888
> User-Agent: curl/7.52.1
> Accept: */*
> 

$ curl -sv 0.0.0.0:30888 > /dev/null
* Rebuilt URL to: 0.0.0.0:30888/
*   Trying 0.0.0.0...
* TCP_NODELAY set
* Connected to 0.0.0.0 (127.0.0.1) port 30888 (#0)
> GET / HTTP/1.1
> Host: 0.0.0.0:30888
> User-Agent: curl/7.52.1
> Accept: */*
> 

我认为这里最大的问题是minukubevagrant box 中的 ip 是127.0.0.1

$ sudo -E minikube ip
127.0.0.1

有任何想法吗?

答案1

可能需要使用 --insecure-bind-address=0.0.0.0 选项运行。

https://github.com/kubernetes/kubernetes/issues/39586

答案2

事实证明,一条简单的iptables规则可以结束这种痛苦:

# iptables -A DOCKER -j ACCEPT

答案3

你可以尝试在 vagrant guest 中运行一个反向 ssh 隧道:

ssh -fN -L 30100:192.168.49.2:30100 -i ~/Vagrant\ Machines/kubernetes-dev01/.vagrant/machines/default/vmware_desktop/private_key [email protected]

在哪里:

-f分叉到背景

-N不要执行远程命令。

30100是笔记本电脑上用于本地绑定的端口,即最终结果,在 Web 浏览器中转到 localhost:30100

192.168.49.2是运行应用程序的vagrant机器内部的ip,它也在内部运行在30100上。

-i是身份私有 ssh 密钥路径

kubernetes是可以访问 vagrant 机器的用户 192.168.56.212 是笔记本电脑可以连接到 vagrant 机器的 IP。

可能有更好的方法来交叉映射端口,但这至少可以给你一种简单粗暴的方法来反向隧道进入服务。

相关内容