docker - 当集群在 WSL 2 下运行时从 windows 10 访问 kubernetes 外部 IP (LoadBalancer)
问题描述
我在 WSL 2 Windows 10(不使用 docker 桌面)之上的 Kubernetes(Rancher k3d 集群)上配置了 nifi 容器(pod)。
https://yannalbou.medium.com/k3d-k3s-k8s-perfect-match-for-dev-and-testing-896c8953acc0
部署了nifi,下面是服务yaml
$ cat nifi-service.yaml
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
creationTimestamp: null
labels:
io.kompose.service: nifi
name: nifi
spec:
type: LoadBalancer
ports:
- name: "8080"
port: 8080
targetPort: 8080
selector:
io.kompose.service: nifi
status:
loadBalancer: {}
$ kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 14m
nifi LoadBalancer 10.43.240.177 172.24.0.2 8080:31123/TCP 12m
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
svclb-nifi-48sm9 1/1 Running 0 12m
nifi-6c9856f676-tjzfk 1/1 Running 0 13m
$ kubectl describe pods nifi-6c9856f676-tjzfk
Name: nifi-6c9856f676-tjzfk
Namespace: default
Priority: 0
Node: k3d-k3s-default-server-0/172.24.0.2
Start Time: Wed, 09 Dec 2020 20:44:36 -0800
Labels: io.kompose.network/odfe-net=true
io.kompose.service=nifi
pod-template-hash=6c9856f676
Annotations: kompose.cmd: kompose convert
kompose.version: 1.21.0 (992df58d8)
Status: Running
IP: 10.42.0.9
IPs:
IP: 10.42.0.9
Controlled By: ReplicaSet/nifi-6c9856f676
Containers:
nifi:
Container ID: containerd://a706883ccd30cfe2bd22cd39241bf430e66b4117999554a2316ab47557a28290
Image: apache/nifi:latest
Image ID: docker.io/apache/nifi@sha256:bf7576ab7ad0bfe38c86be5baa47229d1644287984034dc9d5ff4801c5827115
Port: 8080/TCP
Host Port: 0/TCP
State: Running
Started: Wed, 09 Dec 2020 20:47:03 -0800
Ready: True
Restart Count: 0
Environment:
NIFI_BASE_DIR: /opt/nifi
NIFI_CLUSTER_IS_NODE: true
NIFI_CLUSTER_NODE_PROTOCOL_PORT: 8082
NIFI_ELECTION_MAX_WAIT: 1 min
NIFI_HOME: /opt/nifi/nifi-current
NIFI_LOG_DIR: /opt/nifi/nifi-current/logs
NIFI_WEB_HTTP_HOST: nifi
NIFI_WEB_HTTP_PORT: 8080
NIFI_ZK_CONNECT_STRING: zookeeper:2181
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-x95qx (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-x95qx:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-x95qx
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 13m default-scheduler Successfully assigned default/nifi-6c9856f676-tjzfk to k3d-k3s-default-server-0
Normal Pulling 13m kubelet Pulling image "apache/nifi:latest"
Normal Pulled 10m kubelet Successfully pulled image "apache/nifi:latest" in 2m23.415948s
Normal Created 10m kubelet Created container nifi
Normal Started 10m kubelet Started container nifi
$
$ curl -XGET http://172.23.0.2:8080
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<link rel="shortcut icon" href="/nifi/images/nifi16.ico"/>
<title>NiFi</title>
<link rel="stylesheet" href="/nifi/assets/reset.css/reset.css" type="text/css"/>
<link rel="stylesheet" href="/nifi/css/common-ui.css" type="text/css"/>
<link rel="stylesheet" href="/nifi/fonts/flowfont/flowfont.css" type="text/css"/>
<link rel="stylesheet" href="/nifi/assets/font-awesome/css/font-awesome.min.css" type="text/css"/>
<link rel="stylesheet" href="/nifi/css/message-pane.css" type="text/css"/>
<link rel="stylesheet" href="/nifi/css/message-page.css" type="text/css"/>
<meta http-equiv="Refresh" content="5; url=/nifi/">
</head>
<body class="message-pane">
<div class="message-pane-message-box">
<p class="message-pane-title">
Did you mean: <a href="/nifi/">/nifi</a>
</p>
<p class="message-pane-content">You may have mistyped... but we'll try to redirect you in 5 seconds.</p>
</div>
</body>
</html>
ifconfig:WSL
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.22.187.174 netmask 255.255.240.0 broadcast 172.22.191.255
inet6 fe80::215:5dff:fe24:b429 prefixlen 64 scopeid 0x20<link>
ether 00:15:5d:24:b4:29 txqueuelen 1000 (Ethernet)
RX packets 1316772 bytes 1987244606 (1.9 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 245617 bytes 15676892 (15.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
From powershell ipconfig output for WSL
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::f51e:6d1c:578:2be4%48
IPv4 Address. . . . . . . . . . . : 172.22.176.1
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
PS C:\WINDOWS\system32> ping 172.24.0.2 <-- How to reach this IP from Windows???
Pinging 172.24.0.2 with 32 bytes of data:
Request timed out.
Ping statistics for 172.24.0.2:
Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
我不擅长网络。想知道是否有任何方法可以打开 Kubernetes 外部 IP (LoadBalancer) 以在 Windows 中可用?这样这些 IP(例如:在这种情况下为 172.24.0.2 )将可以从 Windows 访问,并且我可以按原样访问此服务?转发端口将不起作用,因为服务端口(在本例中为 8080)不使用 WSL IP。我的最终目标是从 Windows 浏览器http://172.24.0.2:8080/nifi访问这样的 nifi(或任何其他服务) 。
下面的解决方案对我也不起作用,因为这里的服务(8080)正在使用集群负载平衡器运行- https://github.com/microsoft/WSL/issues/4150
在这里卡了几天。任何帮助/方向都会很棒。Kubernetes 中的新功能。可能缺少基本的东西。
尝试进行 kubectl 端口转发,根据文档,该端口应该可以正常工作,但出现以下错误 -
$ kubectl get all --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system pod/helm-install-traefik-fb2kh 0/1 Completed 0 24h
kube-system pod/traefik-5dd496474-2hfmq 1/1 Running 0 24h
kube-system pod/svclb-traefik-bjf9p 2/2 Running 0 24h
default pod/nifi-6c9856f676-tjzfk 1/1 Running 0 24h
default pod/svclb-nifi-48sm9 1/1 Running 0 24h
kube-system pod/coredns-66c464876b-v2qsj 1/1 Running 0 24h
kube-system pod/metrics-server-7b4f8b595-gjm85 1/1 Running 0 24h
kube-system pod/local-path-provisioner-7ff9579c6-fflqt 1/1 Running 1 24h
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 24h
kube-system service/kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 24h
kube-system service/metrics-server ClusterIP 10.43.34.204 <none> 443/TCP 24h
kube-system service/traefik-prometheus ClusterIP 10.43.62.31 <none> 9100/TCP 24h
kube-system service/traefik LoadBalancer 10.43.185.22 172.24.0.2 80:31486/TCP,443:31651/TCP 24h
default service/nifi LoadBalancer 10.43.240.177 172.24.0.2 8080:31123/TCP 24h
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
kube-system daemonset.apps/svclb-traefik 1 1 1 1 1 <none> 24h
default daemonset.apps/svclb-nifi 1 1 1 1 1 <none> 24h
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
kube-system deployment.apps/traefik 1/1 1 1 24h
default deployment.apps/nifi 1/1 1 1 24h
kube-system deployment.apps/coredns 1/1 1 1 24h
kube-system deployment.apps/metrics-server 1/1 1 1 24h
kube-system deployment.apps/local-path-provisioner 1/1 1 1 24h
NAMESPACE NAME DESIRED CURRENT READY AGE
kube-system replicaset.apps/traefik-5dd496474 1 1 1 24h
default replicaset.apps/nifi-6c9856f676 1 1 1 24h
kube-system replicaset.apps/coredns-66c464876b 1 1 1 24h
kube-system replicaset.apps/metrics-server-7b4f8b595 1 1 1 24h
kube-system replicaset.apps/local-path-provisioner-7ff9579c6 1 1 1 24h
NAMESPACE NAME COMPLETIONS DURATION AGE
$> kubectl -n default port-forward --address 0.0.0.0 service/nifi 5000:8080
Forwarding from 0.0.0.0:5000 -> 8080
当尝试从 Windows 浏览器获取 localhost:5000 时 -
E1210 21:02:13.049280 32370 portforward.go:400] an error occurred forwarding 5000 -> 8080: error forwarding port 8080 to pod b438a055ef4a16ade7ff42e6c26e80122ad5f1b3e2400b4f4991c7c79f89600e, uid : failed to execute portforward in network namespace "/var/run/netns/cni-74542715-faae-d069-139c-cf2ed3a87534": failed to dial 8080: dial tcp4 127.0.0.1:8080: connect: connection refused
解决方案
Win10应该无法访问LoadBalancer服务声明的你的外部IP,除非它可以从K3s LoadBalancer组件(Traefik)获取DNS信息或者加入Traefik的内网。
如果你不能做 kubectl 端口转发。我建议你使用NodePort
而不是LoadBalancer
你的 nifi。您应该也可以通过服务声明的端口从 win10 访问您的服务NodePort
。
您可以在下面查看一个简单的 NodePort 示例
$ kubectl get pod,svc --selector=run=my-app
NAME READY STATUS RESTARTS AGE
pod/my-app-85bcd5f479-f7dgj 1/1 Running 0 31m
pod/my-app-85bcd5f479-p7lgz 1/1 Running 0 31m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/my-app NodePort 10.107.182.56 <none> 8080:31684/TCP 31m
您现在可以从 WSL2 和 Win10 访问该应用程序
$ curl localhost:31684
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Index page</title>
</head>
<body>
The hostname of the container is <b>my-app-85bcd5f479-f7dgj</b> and its IP is <b>10.1.45.156</b>.
</body>
>curl.exe localhost:31684
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Index page</title>
</head>
<body>
The hostname of the container is <b>my-app-85bcd5f479-f7dgj</b> and its IP is <b>10.1.45.156</b>.
</body>
</html>
推荐阅读
- python - 如果在将 csv 行与文件中的单词匹配时多次命中语句
- git - github-linguist 包括语言统计中具有 linguist-vendred 属性的文件
- javascript - 为什么 clearInterval 只在第一次工作?
- python - 3sum算法。我没有得到小于目标的数字的结果
- python - 将元组中的元素更改为 Python 中的列表
- haskell - 负数不被视为 Int 吗?
- r - 如何使用绘图功能从矩阵中绘制多列
- java - Hibernate vladmihalcea jsonb 类型:是否可以将默认 JSON 字段的顺序更改为不同的顺序?
- java - 使用当前位置时,我不断获取位置空值
- gitlab - GitLab CI - 删除标签时运行作业