两个集群IP服务能否在Kubernetes连接?
情况是,我想连接租户内部的两个集群IP服务,因为租户已经将Traefik作为NodePort,因此这两个服务中的任何一个都可以是LoadBalancer,因为Traefik使用NodePort。
我试图连接的两个服务如下所示。第一个服务,我称之为"Master",将从客户端接收一个带有文本的帖子,并调用另一个服务,称为“从服务”,它将向客户机发送的文本添加一些文本("Hola“)。这两个服务是由app.py在Docker映像中定义的烧瓶服务。您可以看到下面这两个图像的app.py:
主/app.py
from flask import Flask, request
import requests
app = Flask(__name__)
@app.route("/", methods = ['GET', 'POST'])
def put():
if request.method == 'POST':
text = request.get_data()
r = requests.post("http://slave:5001",data=text)
result = r.text
return result
if __name__ == '__main__':
app.run(host="0.0.0.0", port=5000, debug=True) 从/app.py
from flask import Flask, request
app = Flask(__name__)
@app.route("/", methods = ['GET', 'POST'])
def put():
if request.method == 'POST':
text = request.get_data()
#text = request.data
texto_final = str(text) + 'Hola Patri'
return texto_final
if __name__ == '__main__':
app.run(host="0.0.0.0", port=5001, debug=True) 部署和服务的配置定义为两个yamls: master_src.yaml和slave_src.yaml。
master_src.yaml
kind: Namespace
apiVersion: v1
metadata:
name: innovation
labels:
name: innovation
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: master
namespace: innovation
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
- name: master
imagePullPolicy: Always
securityContext:
runAsUser: 1000
runAsNonRoot: true
image: reg-dhc.app.corpintra.net/galiani/innovation:mastertest
ports:
- protocol: TCP
containerPort: 5000
imagePullSecrets:
- name: galiani-innovation-pull-secret
---
apiVersion: v1
kind: Service
metadata:
name: master
namespace: innovation
spec:
ports:
- protocol: TCP
port: 5000
targetPort: 5000
selector:
app: myappslave_src.yaml
kind: Namespace
apiVersion: v1
metadata:
name: innovation
labels:
name: innovation
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: slave
namespace: innovation
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
- name: slave
imagePullPolicy: Always
securityContext:
runAsUser: 1000
runAsNonRoot: true
image: reg-dhc.app.corpintra.net/galiani/innovation:slavetest
ports:
- protocol: TCP
containerPort: 5001
imagePullSecrets:
- name: galiani-innovation-pull-secret
---
apiVersion: v1
kind: Service
metadata:
name: slave
namespace: innovation
spec:
selector:
app: myapp
ports:
- protocol: TCP
port: 5001
targetPort: 5001我还创建了一个网络策略,允许这两个服务之间的通信量。用于定义网络策略的yaml如下。
networkpolicy_src.yaml
kind: NetworkPolicy
apiVersion: extensions/v1beta1
metadata:
name: ingress-to-all
namespace: innovation
spec:
podSelector:
matchLabels:
app: myapp
ingress:
- from:
- podSelector:
matchLabels:
app: myapp
ports:
- port: 5000
protocol: TCP
- port: 5001
protocol: TCP
policyTypes:
- Ingress主服务和从服务之间的连接不工作。我可以独立接触主人和奴隶。然而,当我尝试向主(使用curl)发送一个帖子,并且它应该连接到从服务器时,我会得到以下错误:
curl: (52) Empty reply from server谢谢你提前提供帮助!
对于我有关于使用traefik连接的新问题。这是trafik入口的yaml:
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-innovation
namespace: innovation
annotations:
traefik.frontend.rule.type: PathPrefixStrip
spec:
rules:
- http:
paths:
- path: /master
backend:
serviceName: master
servicePort: 5000
- path: /slave
backend:
serviceName: slave
servicePort: 5001我还修正了网络政策yaml,现在是:
kind: NetworkPolicy
apiVersion: extensions/v1beta1
metadata:
name: master-to-slave
namespace: innovation
spec:
podSelector:
matchLabels:
app: app-slave
ingress:
- ports:
- port: 5000
protocol: TCP
- port: 5001
protocol: TCP
- from:
- namespaceSelector:
matchLabels:
app: app-master再次感谢你的帮助!
回答 1
Stack Overflow用户
发布于 2020-04-08 12:02:15
问题可能是主和从都有相同的标签app: myapp。将主部署和服务的标签更改为app: master,对从部署和服务更改为app: slave。
https://stackoverflow.com/questions/61098037
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号