Docker AKS外部负载平衡器未与POD通信
我已经创建了一个ASP.NET CORE 2.x应用程序Kestrel映像,该映像存储在Azure容器注册表中,证书存储在Azure存储中,证书密码为secret。我已确认该映像正在本地运行,并带有自签名证书。我已将该映像推送到ACR,它正在成功地拉入AKS。当我遥控进入吊舱时,我可以卷曲身体,看到红隼在回应 我相信我在AKS集群中创建的外部负载平衡器没有转发到我的POD。当我调用提供的外部IP端点时,我会得到一个超时,我不知道为什么 我在这里遵循了k8s调试服务指南,但是,我仍然不明白我做错了什么: 这是我的DockerFile:Docker AKS外部负载平衡器未与POD通信,docker,asp.net-core,kubernetes,load-balancing,azure-aks,Docker,Asp.net Core,Kubernetes,Load Balancing,Azure Aks,我已经创建了一个ASP.NET CORE 2.x应用程序Kestrel映像,该映像存储在Azure容器注册表中,证书存储在Azure存储中,证书密码为secret。我已确认该映像正在本地运行,并带有自签名证书。我已将该映像推送到ACR,它正在成功地拉入AKS。当我遥控进入吊舱时,我可以卷曲身体,看到红隼在回应 我相信我在AKS集群中创建的外部负载平衡器没有转发到我的POD。当我调用提供的外部IP端点时,我会得到一个超时,我不知道为什么 我在这里遵循了k8s调试服务指南,但是,我仍然不明白我做错了
FROM microsoft/dotnet:2.2-sdk AS build
WORKDIR /app
# set up node
ENV NODE_VERSION 10.15.1
ENV NODE_DOWNLOAD_SHA ca1dfa9790876409c8d9ecab7b4cdb93e3276cedfc64d56ef1a4ff1778a40214
RUN curl -SL "https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-x64.tar.gz" --output nodejs.tar.gz \
&& echo "$NODE_DOWNLOAD_SHA nodejs.tar.gz" | sha256sum -c - \
&& tar -xzf "nodejs.tar.gz" -C /usr/local --strip-components=1 \
&& rm nodejs.tar.gz \
&& ln -s /usr/local/bin/node /usr/local/bin/nodejs
# copy and build projects
COPY . .
RUN dotnet restore
RUN dotnet publish -c Release -o out
WORKDIR /app/MyApp
FROM microsoft/dotnet:2.2-aspnetcore-runtime AS runtime
WORKDIR /app
COPY --from=build /app/MyApp/out ./
ENV ASPNETCORE_URLS https://+:443
ENV ASPNETCORE_Kestrel__Certificates__Default__Path /mnt/certs/MyApp.pfx
ENTRYPOINT ["dotnet", "MyApp.dll"]
这是我的部署
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-website
labels:
app: myapp-website
spec:
replicas: 1
revisionHistoryLimit: 1
selector:
matchLabels:
app: myapp-website
template:
metadata:
labels:
app: myapp-website
spec:
nodeSelector:
"beta.kubernetes.io/os": linux
containers:
- name: myapp-website
image: myappdev.azurecr.io/myapp:v1
ports:
- containerPort: 443
env:
- name: ASPNETCORE_ENVIRONMENT
value: dev
- name: ASPNETCORE_Kestrel__Certificates__Default__Password
valueFrom:
secretKeyRef:
name: myapp-secrets
key: cert-pass
volumeMounts:
- name: certs
mountPath: /mnt/certs
readOnly: true
imagePullSecrets:
- name: docker-reg-credential
volumes:
- name: certs
azureFile:
secretName: myapp-secrets
shareName: myapp/certs
readOnly: true
---
kind: Service
apiVersion: v1
metadata:
name: myapp-website
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
type: LoadBalancer
ports:
- name:
port: 443
targetPort: 443
selector:
app: myapp-website
Kubectl描述服务:
# kubectl describe services
Name: kubernetes
Namespace: default
Labels: component=apiserver
provider=kubernetes
Annotations: <none>
Selector: <none>
Type: ClusterIP
IP: 10.0.0.1
Port: https 443/TCP
TargetPort: 443/TCP
Endpoints: 172.31.3.237:443
Session Affinity: None
Events: <none>
Name: myapp-website
Namespace: default
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"v1","kind":"Serv
ice","metadata":{"annotations":{"service.beta.kubernetes.io/azure-load-balancer-internal":"true"},"name":"
myapp-website",...
service.beta.kubernetes.io/azure-load-balancer-internal=true
Selector: app=myapp-website
Type: LoadBalancer
IP: 10.0.194.20
LoadBalancer Ingress: 10.240.0.7
Port: <unset> 443/TCP
TargetPort: 443/TCP
NodePort: <unset> 30872/TCP
Endpoints: 10.244.1.53:443
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
远程进入吊舱,以确保服务响应
root@myapp-website-9d89dd8b-plvs8:/app# nslookup myapp-website
Server: 10.0.0.10
Address: 10.0.0.10#53
Name: myapp-website.default.svc.cluster.local
Address: 10.0.194.20
curl -k https://10.0.194.20
# kubectl exec -it myapp-website-9d89dd8b-plvs8 /bin/bash
root@myapp-website-9d89dd8b-plvs8:/app# curl
curl: try 'curl --help' or 'curl --manual' for more information
root@myapp-website-9d89dd8b-plvs8:/app# curl -k https://10.0.194.20
<!DOCTYPE html>
<html>... continues
root@myapp-网站-9d89dd8b-plvs8:/app#nslookup myapp网站
服务器:10.0.0.10
地址:10.0.0.10#53
名称:myapp-website.default.svc.cluster.local
地址:10.0.194.20
旋度-khttps://10.0.194.20
#kubectl exec-it myapp-website-9d89dd8b-plvs8/bin/bash
root@myapp-网站-9d89dd8b-plvs8:/app#curl
curl:有关详细信息,请尝试“curl--help”或“curl--manual”
root@myapp-网站-9d89dd8b-plvs8:/app#curl-khttps://10.0.194.20
... 继续
这可能很简单,但是,我似乎无法理解。接下来是1.5周的努力,让这一切顺利进行。请提供帮助,并提前感谢您的帮助。您有以下注释:
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
这基本上是说在kubernetes内部网络中公开此服务,而不是在外部。删除此批注,它应该可以工作(其他所有内容似乎都已正确配置)。您有此批注:
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
这基本上是说在kubernetes内部网络中公开此服务,而不是在外部。删除此注释,它应该可以工作(其他所有内容似乎都已正确配置)
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"