我有两个部署,其中一个为php-fpm创建了4个副本,另一个是通过Ingress暴露在Internet上的nginx web服务器.
问题是,我不能连接到app服务在webserver pod!(尝试连接到其他服务时也存在相同问题)平的结果:
$ ping -c4 app.ternobo-connect
PING app.ternobo-connect (10.245.240.225): 56 data bytes
--- app.ternobo-connect ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
但是pod可以单独使用它们的ClusterIP。
app-deployment.yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
ternobo.kubernates.service: app
ternobo.kubernates.network/app-network: "true"
name: app
namespace: ternobo-connect
spec:
replicas: 4
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 50%
selector:
matchLabels:
ternobo.kubernates.service: app
template:
metadata:
labels:
ternobo.kubernates.network/app-network: "true"
ternobo.kubernates.service: app
spec:
containers:
- env:
- name: SERVICE_NAME
value: app
- name: SERVICE_TAGS
value: production
image: ghcr.io/ternobo/ternobo-connect:0.1.01
name: app
ports:
- containerPort: 9000
resources: {}
tty: true
workingDir: /var/www
envFrom:
- configMapRef:
name: appenvconfig
imagePullSecrets:
- name: regsecret
restartPolicy: Always
status: {}
app-service.yaml:
apiVersion: v1
kind: Service
metadata:
labels:
ternobo.kubernates.network/app-network: "true"
name: app
namespace: ternobo-connect
spec:
type: ClusterIP
ports:
- name: "9000"
port: 9000
targetPort: 9000
selector:
ternobo.kubernates.service: app
status:
loadBalancer: {}
网络政策:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: app-network
namespace: ternobo-connect
spec:
podSelector: {}
ingress:
- {}
policyTypes:
- Ingress
我也试图删除网络策略,但它没有工作!并将podSelector规则更改为只选择带有ternobo.kubernates.network/app-network: "true"标签的服务。
Kubernetes服务的url是my-svc.my-namespace.svc.cluster-domain.example格式,参见:https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#a-aaaa-records
所以ping应该是
ping -c4 app.ternobo-connect.svc.cluster.local
如果web服务器与服务在同一个命名空间中,可以直接ping服务名称
ping -c4 app
我不知道网络策略的影响,我没有使用过。