Docker中经常需要使用expose来暴露容器中的端口。但是在Pod上暴露端口看上去没有什么用,因为PodPod之间跨主机能直接访问。而Pod与宿主机之外的流量也无法直接访问,除非使用宿主机的NodePort,或者与Service进行通信。

Pod向外部暴露端口

1.创建配置清单

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
root@k8s-master01:~/yaml/chapter01# vim mypod-with-ports.yaml
apiVersion: v1
kind: Pod
metadata:
  name: mypod-with-ports
  labels:
    app: mypod
    release: canary
spec:
  containers:
  - name: demoapp
    image: ikubernetes/demoapp:v1.0
    ports:
    - name: http
      containerPort: 80		# 指定容器内的监听的端口,可以不指定Pod在k8s内可以直接访问到
      protocol: TCP
      hostPort: 10080			# 指定Pod所在的主机上开放指定的端口
# 如果所有节点上的此端口都被占pod将被pending

2.创建出容器

1
2
root@k8s-master01:~/yaml/chapter01# kubectl apply -f mypod-with-ports.yaml
pod/mypod-with-ports created

3.获取容器信息

1
2
3
root@k8s-master01:~/yaml/chapter01# kubectl get pods mypod-with-ports -o wide
NAME               READY   STATUS    RESTARTS   AGE     IP            NODE         NOMINATED NODE   READINESS GATES
mypod-with-ports   1/1     Running   0          7m31s   10.244.3.13   k8s-node03   <none>           <none>

4.验证

1
2
root@k8s-master01:~/yaml/chapter01# curl k8s-node03:10080
iKubernetes demoapp v1.0 !! ClientIP: 172.16.11.71, ServerName: mypod-with-ports, ServerIP: 10.244.3.13!