問題描述
kubernetes 正在暴露未聲明的端口 (kubernetes is exposing not declared port)
我沒有在 kubernetes/docker 中公開任何端口,但我仍然能夠從另一個 pod 連接到 python 應用程序。
這是 Dockerfile
FROM python:3.6.8
.
.
.
.
RUN chmod u+x /app/entrypoint.sh
ENTRYPOINT /app/entrypoint.sh $WORKERS $FLASK_APP
這是入口點
flask db upgrade ‑d abc/migration
gunicorn ‑w $1 ‑k gevent ‑b 0.0.0.0:7103 $2
這是deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: nw‑microservice
name: nw‑microservice
namespace: nw‑microservice‑stg
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 20%
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
labels:
app: nw‑microservice
spec:
containers:
‑ env:
‑ name: "PYTHONPATH"
value: "/app"
image: imageurl
imagePullPolicy: IfNotPresent
name: nw‑microservice‑api
terminationMessagePath: /dev/termination‑log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
imagePullSecrets:
‑ name: shared‑account‑ecr
restartPolicy: Always
這是服務
apiVersion: v1
kind: Service
metadata:
name: service
namespace: namespace
spec:
ports:
‑ name: http
port: 7103
protocol: TCP
targetPort: 7103
selector:
app: nw‑microservice
type: ClusterIP
所以我可以通過http://service.namespace:7103 但我不明白為什麼。
參考解法
方法 1:
The ports defined in a container are purely informational:
Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network.
You can have a look here