k8s的容器的端⼝暴露
⼀.容器外部访问容器内部服务
1.使⽤hostNetwork参数(容器内部服务与宿主机同⼀⽹段)
特点:当Pod调度到哪个节点就使⽤哪个节点的IP地址,客户端使⽤IP地址访问容器⾥⾯的服务。⼀个node只能启动⼀个pod端⼝,端⼝不能冲突。[root@k8s01 yaml]# cat end-nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx1
labels:
app: web
spec:
hostNetwork: true
containers:
- name: ng-web
image: nginx:latest
imagePullPolicy: Never
[root@k8s01 yaml]# kubectl apply -f end-nginx.yaml
pod/nginx1 created
[root@k8s01 yaml]# kubectl  get pods -o wide
NAME              READY  STATUS    RESTARTS  AGE  IP        NODE    NOMINATED NODE  READINESS GATES
nginx1                1/1    Running  0          72s  192.168.54.129  k8s02  <none>          <none>
[root@k8s01 yaml]# curl -I    --直接访问Pod的IP地址
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Wed, 27 Nov 2019 07:52:02 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes
[root@k8s01 yaml]#
2.使⽤hostPort参数 (将容器内端⼝暴露出来)
特点:Pod调度到哪个节点就⽤哪个节点的IP址访问, 端⼝可以随机指定。⽣产环境pod必须与宿机绑定才可使⽤。
[root@k8s01 yaml]# cat end-nginx2.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx2
labels:
app: web
spec:
containers:
- name: ng-web2
image: nginx:latest
imagePullPolicy: Never
ports:
- name: http
containerPort: 80    --容器端⼝
hostPort: 80    --暴露端⼝
protocol: TCP
[root@k8s01 yaml]# kubectl apply -f  end-nginx2.yaml
pod/nginx2 created
[root@k8s01 yaml]# kubectl  get pods  -o wide
NAME          READY  STATUS    RESTARTS  AGE    IP          NODE    NOMINATED NODE  READINESS GATES
nginx2              1/1    Running  0          4m31s  10.244.1.67  k8s02  <none>          <none>
[root@k8s01 yaml]# curl  -I      --Pod在哪个宿主机就⽤哪个IP地址
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Wed, 27 Nov 2019 08:15:24 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes
[root@k8s01 yaml]#
3.使⽤NodePort参数
特 点:使⽤node节点的IP加端⼝可以访问Pod服务,master节点IP不可以访问。端⼝范围30000-32767。
[root@k8s01 yaml]# cat end-nginx3.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx3
labels:
app: web
spec:
containers:
- name: ng-web3
image: nginx:latest
imagePullPolicy: Never
ports:
- containerPort: 80
---
kind: Service
apiVersion: v1
metadata:
name: ng-service
spec:
type: NodePort
ports:
- name: http
port: 80
nodePort: 31000nodeselector
selector:    --后端Pod标签
app: web
[root@k8s01 yaml]# kubectl apply -f  end-nginx3.yaml
pod/nginx3 created
service/ng-service created
[root@k8s01 yaml]# kubectl  get pods -o wide
NAME      READY  STATUS    RESTARTS  AGE  IP      NODE    NOMINATED NODE  READINESS GATES nginx3        1/1    Running  0          63s  10.244.1.77  k8s02  <none>          <none>
[root@k8s01 yaml]# kubectl  get svc -o wide
NAME        TYPE        CLUSTER-IP      EXTERNAL-IP  PORT(S)        AGE  SELECTOR
ng-service  NodePort    10.102.52.148  <none>        80:31000/TCP  66s  app=web
[root@k8s01 yaml]# curl  -I      --使⽤node节点IP地址访问,master节点IP访问不了。
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Wed, 27 Nov 2019 08:47:33 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes
[root@k8s01 yaml]#
4.使⽤ LoadBalancer参数
特点:必须使⽤云服务商提供⼀个VIP地址,只能node节点的IP地址可以访问,master地址不能访问。
[root@k8s01 yaml]# cat end-nginx4.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx4
labels:
app: web
spec:
containers:
- name: ng-web4
image: nginx:latest
imagePullPolicy: Never
ports:
- containerPort: 80
---
kind: Service
apiVersion: v1
metadata:
name: ng-lb
spec:
type: LoadBalancer
ports:
- name: http
port: 80
selector:
app: web
status:                          --如果有vip就要写,没有就不⽤写。
loadBalancer:
ingress:
- ip: 192.168.54.131
[root@k8s01 yaml]# kubectl apply -f  end-nginx4.yaml
pod/nginx4 created
service/ng-lb created
[root@k8s01 yaml]# kubectl  get pods -o wide
NAME          READY  STATUS    RESTARTS  AGE    IP        NODE    NOMINATED NODE  READINESS GATES nginx4            1/1    Running  0          4m6s  10.244.1.80  k8s02  <none>          <none>
[root@k8s01 yaml]# kubectl  get svc -o wide
NAME        TYPE          CLUSTER-IP      EXTERNAL-IP  PORT(S)        AGE    SELECTOR
ng-lb        LoadBalancer  10.99.49.195    <pending>    80:30183/TCP  4m10s  app=web    --没有VIP地址[root@k8s01 yaml]# curl  -I 192.168.54.129:30183
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Wed, 27 Nov 2019 09:11:01 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes
[root@k8s01 yaml]#
⼆.容器内部服务访问外部服务
1.使⽤ hostNetwork参数(Pod与宿主机IP在同⼀⽹段)
[root@k8s01 yaml]# cat mysql.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx5
labels:
app: mysql
spec:
hostNetwork: true
containers:
- name: db-mysql
image: nginx:latest
imagePullPolicy: Never
[root@k8s01 yaml]# kubectl  apply -f mysql.yaml
pod/nginx5 created
[root@k8s01 yaml]# kubectl exec -it nginx5 /bin/bash
root@nginx5:/# apt-get update            --更新创建
root@nginx5:/# apt-get install mysql*    --安装mysql包
root@nginx5:/# mysql -h 192.168.54.130 -u repl -p123456    --登陆mysql数据库
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MySQL connection id is 16
Server version: 5.7.27 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]> show databases;
+--------------------+
| Database          |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
| wuhan              |
+--------------------+
5 rows in set (0.001 sec)
MySQL [(none)]>
2.使⽤endpoints组件
[root@k8s01 yaml]# cat endpoint.yaml
apiVersion: v1
kind: Endpoints
metadata:
name: mysql-test
namespace: default
subsets:
- addresses:
- ip: 192.168.54.130    --指定宿机主mysql服务器
ports:
- port: 3306      --指定端⼝
---
apiVersion: v1
kind: Service
metadata:
name: mysql-test    --service后端指向endpoints地址
labels:
app: abc
spec:
ports:
- port: 3306
---
apiVersion: v1
kind: Pod
metadata:
name: nginx6      --启动⼀个容器,测试连接mysql
labels:
app: db
spec:
containers:
- name: mysql-test
image: nginx:latest
imagePullPolicy: Never
[root@k8s01 yaml]# kubectl  apply -f endpoint.yaml
endpoints/mysql-test created
service/mysql-test created
pod/nginx6 created
[root@k8s01 yaml]# kubectl get pods -o wide
NAME        READY  STATUS    RESTARTS  AGE  IP          NODE    NOMINATED NODE  READINESS GATES
nginx6                    1/1    Running  0          12s  10.244.1.85  k8s02  <none>          <none>
[root@k8s01 yaml]# kubectl get svc -o wide
NAME        TYPE        CLUSTER-IP      EXTERNAL-IP  PORT(S)    AGE  SELECTOR
mysql-test  ClusterIP  10.98.57.89    <none>        3306/TCP  16s  <none>
[root@k8s01 yaml]# kubectl get endpoints -o wide
NAME        ENDPOINTS                      AGE
mysql-test  192.168.54.130:3306            21s
[root@k8s01 yaml]# kubectl exec -it nginx6 /bin/bash
root@ nginx6:/# mysql -h mysql-test -u repl -p123456    --使⽤endpoints名字(映射到service,service映射到192.168.54.130)Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MySQL connection id is 19
Server version: 5.7.27 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]> show databases;
+--------------------+
| Database          |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
| wuhan              |
+--------------------+
5 rows in set (0.001 sec)
MySQL [(none)]>

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。