k8s的容器的端口暴露

一.容器外部访问容器内部服务

1.使用hostNetwork参数（容器内部服务与宿主机同一网段）

特点:当Pod调度到哪个节点就使用哪个节点的IP地址，客户端使用IP地址访问容器里面的服务。一个node只能启动一个pod端口，端口不能冲突。

[root@k8s01 yaml]# cat end-nginx.yaml 

apiVersion: v1

kind: Pod

metadata:

  name: nginx1

  labels:

    app: web

spec:

 hostNetwork: true

 containers:

  - name: ng-web

    image: nginx:latest

    imagePullPolicy: Never

[root@k8s01 yaml]# kubectl apply -f end-nginx.yaml
pod/nginx1 created
[root@k8s01 yaml]# kubectl  get pods -o wide
NAME               READY   STATUS    RESTARTS   AGE   IP         NODE    NOMINATED NODE   READINESS GATES
nginx1                1/1     Running   0          72s   192.168.54.129   k8s02   <none>           <none>

[root@k8s01 yaml]# curl -I http://192.168.54.129     --直接访问Pod的IP地址 
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Wed, 27 Nov 2019 07:52:02 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes

[root@k8s01 yaml]#

2.使用hostPort参数 （将容器内端口暴露出来）

特点：Pod调度到哪个节点就用哪个节点的IP址访问， 端口可以随机指定。生产环境pod必须与宿机绑定才可使用。

[root@k8s01 yaml]# cat end-nginx2.yaml 

apiVersion: v1

kind: Pod

metadata:

  name: nginx2

  labels:

    app: web

spec:

 containers:

  - name: ng-web2

    image: nginx:latest

    imagePullPolicy: Never

    ports:

    - name: http

      containerPort: 80     --容器端口

      hostPort: 80     --暴露端口

      protocol: TCP

[root@k8s01 yaml]# kubectl apply -f  end-nginx2.yaml
pod/nginx2 created
[root@k8s01 yaml]# kubectl  get pods  -o wide
NAME           READY   STATUS    RESTARTS   AGE     IP           NODE    NOMINATED NODE   READINESS GATES
nginx2               1/1     Running   0          4m31s   10.244.1.67   k8s02   <none>           <none>

[root@k8s01 yaml]# curl  -I http://192.168.54.129      --Pod在哪个宿主机就用哪个IP地址 
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Wed, 27 Nov 2019 08:15:24 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes

[root@k8s01 yaml]#

3.使用NodePort参数

特 点：使用node节点的IP加端口可以访问Pod服务，master节点IP不可以访问。端口范围30000-32767。

[root@k8s01 yaml]# cat end-nginx3.yaml 

apiVersion: v1

kind: Pod

metadata:

  name: nginx3

  labels:

    app: web

spec:

 containers:

  - name: ng-web3

    image: nginx:latest

    imagePullPolicy: Never

    ports:

      - containerPort: 80

---

kind: Service

apiVersion: v1

metadata:

  name: ng-service

spec:

  type: NodePort

  ports:

    - name: http

      port: 80

      nodePort: 31000

  selector:     --后端Pod标签

    app: web

[root@k8s01 yaml]# kubectl apply -f  end-nginx3.yaml
pod/nginx3 created
service/ng-service created
[root@k8s01 yaml]# kubectl  get pods -o wide
NAME      READY   STATUS    RESTARTS   AGE   IP       NODE    NOMINATED NODE   READINESS GATES
nginx3         1/1     Running   0          63s   10.244.1.77   k8s02   <none>           <none>
[root@k8s01 yaml]# kubectl  get svc -o wide
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE   SELECTOR
ng-service   NodePort    10.102.52.148   <none>        80:31000/TCP   66s   app=web

[root@k8s01 yaml]# curl  -I http://192.168.54.129:31000      --使用node节点IP地址访问，master节点IP访问不了。 
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Wed, 27 Nov 2019 08:47:33 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes

[root@k8s01 yaml]#

4.使用 LoadBalancer参数

特点：必须使用云服务商提供一个VIP地址，只能node节点的IP地址可以访问，master地址不能访问。

[root@k8s01 yaml]# cat end-nginx4.yaml 

apiVersion: v1

kind: Pod

metadata:

  name: nginx4

  labels:

    app: web

spec:

 containers:

  - name: ng-web4

    image: nginx:latest

    imagePullPolicy: Never

    ports:

      - containerPort: 80

---

kind: Service

apiVersion: v1

metadata:

  name: ng-lb

spec:

  type: LoadBalancer

  ports:

    - name: http

      port: 80

  selector:

    app: web

status:                           --如果有vip就要写，没有就不用写。

  loadBalancer:

    ingress:

    - ip: 192.168.54.131

[root@k8s01 yaml]# kubectl apply -f  end-nginx4.yaml
pod/nginx4 created
service/ng-lb created
[root@k8s01 yaml]# kubectl  get pods -o wide
NAME          READY   STATUS    RESTARTS   AGE    IP        NODE    NOMINATED NODE   READINESS GATES
nginx4            1/1     Running   0          4m6s   10.244.1.80   k8s02   <none>           <none>
[root@k8s01 yaml]# kubectl  get svc -o wide
NAME         TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE     SELECTOR
ng-lb        LoadBalancer   10.99.49.195    <pending>     80:30183/TCP   4m10s   app=web     --没有VIP地址

[root@k8s01 yaml]# curl  -I http://192.168.54.129:30183
HTTP/1.1 200 OK
Server: nginx/1.17.5
Date: Wed, 27 Nov 2019 09:11:01 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 22 Oct 2019 14:30:00 GMT
Connection: keep-alive
ETag: "5daf1268-264"
Accept-Ranges: bytes

[root@k8s01 yaml]#

二.容器内部服务访问外部服务

1.使用 hostNetwork参数（Pod与宿主机IP在同一网段）

[root@k8s01 yaml]# cat mysql.yaml 

apiVersion: v1

kind: Pod

metadata:

  name: nginx5

  labels:

    app: mysql

spec:

  hostNetwork: true

  containers:

  - name: db-mysql

    image: nginx:latest

    imagePullPolicy: Never

[root@k8s01 yaml]# kubectl  apply -f mysql.yaml
pod/nginx5 created
[root@k8s01 yaml]# kubectl exec -it nginx5 /bin/bash
root@nginx5:/# apt-get update            --更新创建 
root@nginx5:/# apt-get install mysql*     --安装mysql包
root@nginx5:/# mysql -h 192.168.54.130 -u repl -p123456    --登陆mysql数据库
Welcome to the MariaDB monitor.  Commands end with ; or g.
Your MySQL connection id is 16
Server version: 5.7.27 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MySQL [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
| wuhan              |
+--------------------+
5 rows in set (0.001 sec)
MySQL [(none)]>

2.使用endpoints组件

[root@k8s01 yaml]# cat endpoint.yaml

apiVersion: v1

kind: Endpoints

metadata:

  name: mysql-test

  namespace: default

subsets:

  - addresses:

    - ip: 192.168.54.130    --指定宿机主mysql服务器

    ports:

      - port: 3306      --指定端口

---

apiVersion: v1

kind: Service

metadata:

  name: mysql-test    --service后端指向endpoints地址

  labels:

    app: abc

spec:

  ports:

    - port: 3306

---

apiVersion: v1

kind: Pod

metadata:

  name: nginx6       --启动一个容器，测试连接mysql

  labels:

    app: db

spec:

 containers:

  - name: mysql-test

    image: nginx:latest

    imagePullPolicy: Never

[root@k8s01 yaml]# kubectl  apply -f endpoint.yaml
endpoints/mysql-test created
service/mysql-test created
pod/nginx6 created
[root@k8s01 yaml]# kubectl get pods -o wide
NAME         READY   STATUS    RESTARTS   AGE   IP          NODE    NOMINATED NODE   READINESS GATES
nginx6                    1/1     Running   0          12s   10.244.1.85   k8s02   <none>           <none>
[root@k8s01 yaml]# kubectl get svc -o wide
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE   SELECTOR
mysql-test   ClusterIP   10.98.57.89     <none>        3306/TCP   16s   <none>
[root@k8s01 yaml]# kubectl get endpoints -o wide
NAME         ENDPOINTS                       AGE
mysql-test   192.168.54.130:3306             21s
[root@k8s01 yaml]# kubectl exec -it nginx6 /bin/bash
root@ nginx6:/# mysql -h mysql-test -u repl -p123456    --使用endpoints名字（映射到service，service映射到192.168.54.130）
Welcome to the MariaDB monitor.  Commands end with ; or g.
Your MySQL connection id is 19
Server version: 5.7.27 MySQL Community Server (GPL)

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

MySQL [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
| wuhan              |
+--------------------+
5 rows in set (0.001 sec)

MySQL [(none)]>

原文链接：http://blog.itpub.net/25854343/viewspace-2665927/