k8s部署nginx实例、iptables开放端口
1 运行nginx实例kubectl run nginx --image=nginx --replicas=2 --port=802 查看pod[root@localhost ~]# kubectl get podsNAMEREADYSTATUSRESTARTSAGEnginx-3449338310-tmlqp ...
·
1 运行nginx实例
kubectl run nginx --image=nginx --replicas=2 --port=80
2 查看pod
[root@localhost ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-3449338310-tmlqp 1/1 Running 0 50s
nginx-3449338310-tn7xt 1/1 Running 0 50s
3 查看服务详情
[root@localhost ~]# kubectl describe pod nginx-3449338310-tmlqp
Name: nginx-3449338310-tmlqp
Namespace: default
Node: 127.0.0.1/127.0.0.1
Start Time: Mon, 15 Jul 2019 07:54:10 -0400
Labels: pod-template-hash=3449338310
run=nginx
Status: Running
IP: 172.17.0.3
Controllers: ReplicaSet/nginx-3449338310
Containers:
nginx:
Container ID: docker://38d6e64e2b9a5d5936c74eca5d117e6b5a0cf8b9d4d0726ea1e1869be543c10c
Image: nginx
Image ID: docker-pullable://docker.io/nginx@sha256:48cbeee0cb0a3b5e885e36222f969e0a2f41819a68e07aeb6631ca7cb356fed1
Port: 80/TCP
State: Running
Started: Mon, 15 Jul 2019 07:54:30 -0400
Ready: True
Restart Count: 0
Volume Mounts: <none>
Environment Variables: <none>
Conditions:
Type Status
Initialized True
Ready True
PodScheduled True
No volumes.
QoS Class: BestEffort
Tolerations: <none>
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
2m 2m 1 {default-scheduler } Normal Scheduled Successfully assigned nginx-3449338310-tmlqp to 127.0.0.1
2m 2m 1 {kubelet 127.0.0.1} spec.containers{nginx} Normal Pulling pulling image "nginx"
2m 2m 2 {kubelet 127.0.0.1} Warning MissingClusterDNS kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.
2m 2m 1 {kubelet 127.0.0.1} spec.containers{nginx} Normal Pulled Successfully pulled image "nginx"
2m 2m 1 {kubelet 127.0.0.1} spec.containers{nginx} Normal Created Created container with docker id 38d6e64e2b9a; Security:[seccomp=unconfined]
2m 2m 1 {kubelet 127.0.0.1} spec.containers{nginx} Normal Started Started container with docker id 38d6e64e2b9a
4 暴露到集群外可供访问
[root@localhost ~]# kubectl expose deployment/nginx --type="NodePort" --port 80
service "nginx" exposed
[root@localhost ~]# kubectl get service/nginx
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx 10.254.121.216 <nodes> 80:32757/TCP 1m
访问32757端口
不能访问,原因是为了安全起见, docker 在 1.13 版本之后,将系统iptables 中 FORWARD 链的默认策略设置为 DROP,并为连接到 docker0 网桥的容器添加了放行规则:
可以添加该端口到白名单:
[root@localhost ~]# iptables -I FORWARD -p tcp --sport 32757 -j ACCEPT
[root@localhost ~]# iptables -I FORWARD -p tcp --dport 32757 -j ACCEPT
[root@localhost ~]# iptables -I FORWARD -p tcp --sport 80 -j ACCEPT
[root@localhost ~]# iptables -I FORWARD -p tcp --dport 80 -j ACCEPT
更多推荐
已为社区贡献3条内容
所有评论(0)