kubernetes将nodePort暴露在所有网卡下
|
149
|
0
|
kubernetes

198 字
|
3 分钟

参考链接如下:

https://serverfault.com/questions/1024172/kubernetes-how-to-force-kube-proxy-to-listen-on-localhost-only

You need to change kube-proxy configmap but not bindAddress: (it should be left as it was bindAddress: 0.0.0.0) and default value nodePortAddresses: null should be changed to nodePortAddresses: ["127.0.0.0/8"]. It must be ["127.0.0.0/8"] as if you will change just to 127.0.0.1/8 kube-proxy pod will crush.

Change nodePortAddresses: null to nodePortAddresses: ["127.0.0.0/8"] and save using :wq. As default edit will open in VI text editor.

$ kubectl edit cm kube-proxy -n kube-system
configmap/kube-proxy edited

If you would like use nano as text editor you must use KUBE_EDITOR="nano" kubectl edit cm kube-proxy -n kube-system.

As example i have used Nginx deployment from this docs. Only chage was add type: NodePort to service YAML.

Now you will need to apply this new configuration to kube-proxy. Easiest way is to delete kube-proxy pod as daemonset.apps/kube-proxy will create new one with new config.

Original output:

$ kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP        19m
my-nginx     NodePort    10.109.237.94   <none>        80:31672/TCP   24s
$ netstat -plnt
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:31672           0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:10248         0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:10249         0.0.0.0:*               LISTEN      -                   
...

Output with changed nodePortAddresses:

$ kubectl get svc
NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.96.0.1      <none>        443/TCP        33m
my-nginx     NodePort    10.96.27.244   <none>        80:30679/TCP   2m40s
$ netstat -plnt
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:30679         0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:10248         0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:10249         0.0.0.0:*               LISTEN      -                   
...

  • 1Thank You! My issue is solved! 
  • 1How the settings are changed will depend on the flavour of Kubernetes. I’m using microk8s, and I had to edit /var/snap/microk8s/current/args/kube-proxy and add --nodeport-addresses=127.0.0.0/8. This answer got me 90% of the way though so thanks! 

暂无评论

发送评论 编辑评论 


				

			

						

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
							
													

					

				

			

			
			

				

					
				

			

				

											

							
							
						

																				
					
											
						

	

		
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
	

	

		
颜文字
Emoji
小恐龙
花!
	


									

			

			
			
		

	






上一篇
下一篇