1

GKE にデプロイとサービスがあります。デプロイをロード バランサーとして公開しましたが、サービス (curl またはブラウザー) を介してアクセスできません。私は得る:

curl: (7) Failed to connect to <my-Ip-Address> port 443: Connection refused

ポッドに直接ポート転送でき、正常に動作します。

kubectl --namespace=redfalcon port-forward web-service-rf-76967f9c68-2zbhm 9999:443 >> /dev/null

curl -k -v --request POST   --url https://localhost:9999/auth/login/   --header 'content-type: application/json'   --header 'x-profile-key: '   --data '{"email":"<testusername>","password":"<testpassword>"}'

サービスの設定を誤った可能性が高いのですが、その方法がわかりません。私がしたことについて何か助けていただければ幸いです。

サービス Yaml:

---
apiVersion: v1
kind: Service
metadata:
  name: red-falcon-lb
  namespace: redfalcon
spec:
  type: LoadBalancer
  ports:
  - name: https
    port: 443
    protocol: TCP
  selector:
   app: web-service-rf

デプロイ YAML

apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: Deployment
metadata:
  name: web-service-rf
spec:
  selector:
    matchLabels:
      app: web-service-rf
  replicas: 2 # tells deployment to run 2 pods matching the template
  template:
    metadata:
      labels:
        app: web-service-rf
    spec:
      initContainers:
        - name: certificate-init-container
          image: proofpoint/certificate-init-container:0.2.0
          imagePullPolicy: Always
          env:
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
          args:
            - "-namespace=$(NAMESPACE)"
            - "-pod-name=$(POD_NAME)"
            - "-query-k8s"
          volumeMounts:
            - name: tls
              mountPath: /etc/tls
      containers:
        - name: web-service-rf
          image: gcr.io/redfalcon-186521/redfalcon-webserver-minimal:latest
#          image: gcr.io/redfalcon-186521/redfalcon-webserver-full:latest
          command:
            - "./server"
            - "--port=443"
          imagePullPolicy: Always
          env:
            - name: GOOGLE_APPLICATION_CREDENTIALS
              value: /var/secrets/google/key.json
          ports:
            - containerPort: 443
          resources:
            limits:
              memory: "500Mi"
              cpu: "100m"
          volumeMounts:
          - mountPath: /etc/tls
            name: tls
          - mountPath: /var/secrets/google
            name: google-cloud-key
      volumes:
        - name: tls
          emptyDir: {}
        - name: google-cloud-key
          secret:
           secretName: pubsub-key

出力: kubectl describe svc red-falcon-lb

Name:                     red-falcon-lb
Namespace:                redfalcon
Labels:                   <none>
Annotations:              kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"red-falcon-lb","namespace":"redfalcon"},"spec":{"ports":[{"name":"https","port...
Selector:                 app=web-service-rf
Type:                     LoadBalancer
IP:                       10.43.245.9
LoadBalancer Ingress:     <EXTERNAL IP REDACTED>
Port:                     https  443/TCP
TargetPort:               443/TCP
NodePort:                 https  31524/TCP
Endpoints:                10.40.0.201:443,10.40.0.202:443
Session Affinity:         None
External Traffic Policy:  Cluster
Events:
  Type    Reason                Age   From                Message
  ----    ------                ----  ----                -------
  Normal  EnsuringLoadBalancer  39m   service-controller  Ensuring load balancer
  Normal  EnsuredLoadBalancer   38m   service-controller  Ensured load balancer
4

1 に答える 1