amazon-web-services - AWS EKS 集群、DockerHub 和 Traefik，无法从 Internet 访问

问题描述

kubectl get nodes

NAME                              STATUS   ROLES    AGE   VERSION
ip-192-168-119-55.ec2.internal    Ready    <none>   29h   v1.16.12-eks-904af05
ip-192-168-156-180.ec2.internal   Ready    <none>   29h   v1.16.12-eks-904af05
ip-192-168-193-177.ec2.internal   Ready    <none>   29h   v1.16.12-eks-904af05

kubectl get svc

NAME          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
hostname-v2   ClusterIP   10.100.163.163   <none>        80/TCP    29h
kubernetes    ClusterIP   10.100.0.1       <none>        443/TCP   36h
my-app        ClusterIP   10.100.147.193   <none>        80/TCP    9m48s

kubectl get svc -n kube-system

NAME                      TYPE           CLUSTER-IP       EXTERNAL-IP                                                              PORT(S)                       AGE
kube-dns                  ClusterIP      10.100.0.10      <none>                                                                   53/UDP,53/TCP                 25h
traefik-ingress-service   LoadBalancer   10.100.113.186   a262f21c7a0c740949c3321ab77a0259-639235071.us-east-1.elb.amazonaws.com   80:30015/TCP,8080:31515/TCP   88m

• kubectl describe pod my-app-898f57d6f-dsfg6

Name:         my-app-898f57d6f-dsfg6
Namespace:    default
Priority:     0
Node:         ip-192-168-119-55.ec2.internal/192.168.119.55
Start Time:   Sun, 12 Jul 2020 16:53:53 -0400
Labels:       app=my-app
              pod-template-hash=898f57d6f
Annotations:  kubernetes.io/psp: eks.privileged
Status:       Running
IP:           192.168.79.54
IPs:
  IP:           192.168.79.54
Controlled By:  ReplicaSet/my-app-898f57d6f
Containers:
  simple-node:
    Container ID:   docker://cd6c686fe8f5460d5985a81a8d75da9c76371e26572b5144d5d43b55a0415ddd
    Image:          pythonss/ex1-node-app
    Image ID:       docker-pullable://pythonss/ex1-node-app@sha256:1ad843251ce45c21df4be52a34565217ea7cc441f2961d90c8e466af14473003
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Sun, 12 Jul 2020 16:53:54 -0400
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-jm5s2 (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  default-token-jm5s2:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-jm5s2
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:          <none>

kubectl --namespace=kube-system get pods
NAME                                         READY   STATUS    RESTARTS   AGE
aws-node-j76qj                               1/1     Running   0          19h
aws-node-sqrqq                               1/1     Running   0          19h
aws-node-ws9kv                               1/1     Running   0          19h
coredns-55c5fcd78f-2jvzg                     1/1     Running   0          25h
coredns-55c5fcd78f-dlftl                     1/1     Running   0          25h
kube-proxy-g9pbv                             1/1     Running   0          19h
kube-proxy-wzfpc                             1/1     Running   0          19h
kube-proxy-znptc                             1/1     Running   0          19h
traefik-ingress-controller-5bdbcfc59-87rd8   1/1     Running   0          88m

我还应用了 traefik 清单，同时将 LB 类型从 NodePort 更改为 LoadBalancer

kubectl apply -f <(curl -so - https://raw.githubusercontent.com/containous/traefik/v1.7/examples/k8s/traefik-deployment.yaml | sed -e 's/NodePort/LoadBalancer/')

kubectl get svc -n kube-system

NAME                      TYPE           CLUSTER-IP       EXTERNAL-IP                                                              PORT(S)                       AGE
kube-dns                  ClusterIP      10.100.0.10      <none>                                                                   53/UDP,53/TCP                 2d20h

traefik-ingress-service   LoadBalancer   10.100.113.186   a262f21c7a0c740949c3321ab77a0259-639235071.us-east-1.elb.amazonaws.com   80:30015/TCP,8080:31515/TCP   44h

host a262f21c7a0c740949c3321ab77a0259-639235071.us-east-1.elb.amazonaws.com
a262f21c7a0c740949c3321ab77a0259-639235071.us-east-1.elb.amazonaws.com has address 107.22.153.204
a262f21c7a0c740949c3321ab77a0259-639235071.us-east-1.elb.amazonaws.com has address 52.44.97.64
a262f21c7a0c740949c3321ab77a0259-639235071.us-east-1.elb.amazonaws.com has address 34.195.130.205

我应用了主机名清单，以便以后可以做

curl 34.195.130.205 主机名-v1.local

如下

主机名-ingress.yaml

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: hostname-ingress
  namespace: default
spec:
  rules:
  - host: hostname-v1.local
    http:
      paths:
      - path: /
        backend:
          serviceName: my-app
          servicePort: web

kubectl create -f hostname-ingress.yaml
# OUTPUT
ingress.extensions/hostname-ingress created

取 INGRESS_ADDR 并将其与 /etc/hosts 中的域名相关联

echo "$INGRESS_ADDR hostname-v1.local" | sudo tee -a /etc/hosts
# OUTPUT
34.195.130.205 hostname-v1.local

kubectl create -f hostname-ingress.yaml
# OUTPUT
ingress.extensions/hostname-ingress created

kubectl get ep
NAME          ENDPOINTS                               AGE
hostname-v2   <none>                                  20h
kubernetes    192.168.219.41:443,192.168.94.137:443   27h
my-app        <none>                                  19h

现在让我们获取我们的 INGRESS_ADDR 并将其与 etc/hosts 中的主机相关联

echo "$INGRESS_ADDR hostname-v1.local" | sudo tee -a /etc/hosts
# OUTPUT
34.195.130.205 hostname-v1.local

这里还有 service.yaml 和 deployment.yaml

服务.yaml

apiVersion: v1
kind: Service
metadata:
  name: my-app
  labels:
    run: my-app
spec:
  ports:
  - port: 80
    protocol: TCP
  selector:
    run: my-app

部署.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
  labels:
    app: my-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: simple-node
        image: pythonss/ex1-node-app
        ports:
        - containerPort: 80

 kubectl get pods --show-labels |egrep 'app=my-app'                                                                 
my-app-898f57d6f-dsfg6   1/1     Running   0          128m   app=my-app,pod-template-hash=898f57d6f
my-app-898f57d6f-hchhb   1/1     Running   0          128m   app=my-app,pod-template-hash=898f57d6f
my-app-898f57d6f-hh4cw   1/1     Running   0          128m   app=my-app,pod-template-hash=898f57d6f

和

kubectl describe svc my-app   
                                                                                  
Name:              my-app
Namespace:         default
Labels:            app=my-app
Annotations:       <none>
Selector:          app=my-app
Type:              ClusterIP
IP:                10.100.147.193
Port:              <unset>  80/TCP
TargetPort:        80/TCP
Endpoints:         192.168.158.248:80,192.168.218.93:80,192.168.79.54:80
Session Affinity:  None
Events:            <none>

我可以看到http://hostname-v1.local:8080

我什至可以登录到其中一个 pod 并查看容器是否正确运行我的应用程序

kubectl exec -it my-app-898f57d6f-dsfg6 /bin/bash

root@my-app-898f57d6f-dsfg6:/usr/src/app# curl localhost

Hello World !!

但

http://hostname-v1.local

节目

暂停服务

问题：

为什么我看不到我的简单应用程序正在运行：

http://hostname-v1.local (34.195.130.205 )

即使它在容器内运行？

BR

标签： amazon-web-serviceskubernetestraefikamazon-eks