如何在服務節點端口範圍默認範圍之外的NodePort上啓動kubernetes服務？

Question

我一直試圖在默認的端口範圍，但收效甚微之外的NodePort開始kubernetes儀表盤（和eventualy其他服務）， 這裏是我的設置： 雲服務提供商：天藍色的（不是蔚藍的集裝箱服務） OS： CentOS的7

這裏是我曾嘗試：

更新主機

$ yum update 

安裝kubeadm

$ cat <<EOF > /etc/yum.repos.d/kubernetes.repo 
[kubernetes] 
name=Kubernetes 
baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64 
enabled=1 
gpgcheck=1 
repo_gpgcheck=1 
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg 
     https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 
EOF 
$ setenforce 0 
$ yum install -y docker kubelet kubeadm kubectl kubernetes-cni 
$ systemctl enable docker && systemctl start docker 
$ systemctl enable kubelet && systemctl start kubelet 

與kubeadm

$ kubeadm init 

允許主節點上乳寧容器啓動羣集，因爲我們有一個單節點集羣

$ kubectl taint nodes --all dedicated- 

安裝莢網絡

$ kubectl apply -f https://git.io/weave-kube 

我們kubernetes -dashboard部署（@〜/ kubernetes-dashboard.yaml

# Copyright 2015 Google Inc. All Rights Reserved. 
# 
# Licensed under the Apache License, Version 2.0 (the "License"); 
# you may not use this file except in compliance with the License. 
# You may obtain a copy of the License at 
# 
# http://www.apache.org/licenses/LICENSE-2.0 
# 
# Unless required by applicable law or agreed to in writing, software 
# distributed under the License is distributed on an "AS IS" BASIS, 
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or  implied. 
# See the License for the specific language governing permissions and 
# limitations under the License. 

# Configuration to deploy release version of the Dashboard UI. 
# 
# Example usage: kubectl create -f <this_file> 

kind: Deployment 
apiVersion: extensions/v1beta1 
metadata: 
    labels: 
    app: kubernetes-dashboard 
    name: kubernetes-dashboard 
    namespace: kube-system 
spec: 
    replicas: 1 
    selector: 
    matchLabels: 
     app: kubernetes-dashboard 
    template: 
    metadata: 
     labels: 
     app: kubernetes-dashboard 
     # Comment the following annotation if Dashboard must not be deployed on master 
     annotations: 
     scheduler.alpha.kubernetes.io/tolerations: | 
      [ 
      { 
       "key": "dedicated", 
       "operator": "Equal", 
       "value": "master", 
       "effect": "NoSchedule" 
      } 
      ] 
    spec: 
     containers: 
     - name: kubernetes-dashboard 
     image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.5.1 
     imagePullPolicy: Always 
     ports: 
     - containerPort: 9090 
      protocol: TCP 
     args: 
      # Uncomment the following line to manually specify Kubernetes API server Host 
      # If not specified, Dashboard will attempt to auto discover the API server and connect 
      # to it. Uncomment only if the default does not work. 
      # - --apiserver-host=http://my-address:port 
     livenessProbe: 
      httpGet: 
      path:/
      port: 9090 
      initialDelaySeconds: 30 
      timeoutSeconds: 30 
--- 
kind: Service 
apiVersion: v1 
metadata: 
    labels: 
    app: kubernetes-dashboard 
    name: kubernetes-dashboard 
    namespace: kube-system 
spec: 
    type: NodePort 
    ports: 
    - port: 8880 
    targetPort: 9090 
    nodePort: 8880 
    selector: 
    app: kubernetes-dashboard 

創建我們的部署

$ kubectl create -f ~/kubernetes-dashboard.yaml 
deployment "kubernetes-dashboard" created 
The Service "kubernetes-dashboard" is invalid: spec.ports[0].nodePort: Invalid value: 8880: provided port is not in the valid range. The range of valid ports is 30000-32767 

我發現改變有效端口，我可以設置KUBE-API服務器的服務節點的端口範圍的選項，允許不同的端口範圍的範圍內， 所以我嘗試這樣的：

$ kubectl get po --namespace=kube-system 
NAME         READY  STATUS RESTARTS  AGE 
dummy-2088944543-lr2zb     1/1  Running 0    31m 
etcd-test2-highr      1/1  Running 0    31m 
kube-apiserver-test2-highr    1/1  Running 0    31m 
kube-controller-manager-test2-highr  1/1  Running 2    31m 
kube-discovery-1769846148-wmbhb   1/1  Running 0    31m 
kube-dns-2924299975-8vwjm    4/4  Running 0    31m 
kube-proxy-0ls9c      1/1  Running 0    31m 
kube-scheduler-test2-highr    1/1  Running 2    31m 
kubernetes-dashboard-3203831700-qrvdn 1/1  Running 0    22s 
weave-net-m9rxh       2/2  Running 0    31m 

添加 「--service節點端口範圍= 8880-8880」 到KUBE-API服務器-TEST2-highr

$ kubectl edit po kube-apiserver-test2-highr --namespace=kube-system 
{ 
    "kind": "Pod", 
    "apiVersion": "v1", 
    "metadata": { 
    "name": "kube-apiserver", 
    "namespace": "kube-system", 
    "creationTimestamp": null, 
    "labels": { 
     "component": "kube-apiserver", 
     "tier": "control-plane" 
    } 
    }, 
    "spec": { 
    "volumes": [ 
     { 
     "name": "k8s", 
     "hostPath": { 
      "path": "/etc/kubernetes" 
     } 
     }, 
     { 
     "name": "certs", 
     "hostPath": { 
      "path": "/etc/ssl/certs" 
     } 
     }, 
     { 
     "name": "pki", 
     "hostPath": { 
      "path": "/etc/pki" 
     } 
     } 
    ], 
    "containers": [ 
     { 
     "name": "kube-apiserver", 
     "image": "gcr.io/google_containers/kube-apiserver-amd64:v1.5.3", 
     "command": [ 
      "kube-apiserver", 
      "--insecure-bind-address=127.0.0.1", 
      "--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota", 
      "--service-cluster-ip-range=10.96.0.0/12", 
      "--service-node-port-range=8880-8880", 
      "--service-account-key-file=/etc/kubernetes/pki/apiserver-key.pem", 
      "--client-ca-file=/etc/kubernetes/pki/ca.pem", 
      "--tls-cert-file=/etc/kubernetes/pki/apiserver.pem", 
      "--tls-private-key-file=/etc/kubernetes/pki/apiserver-key.pem", 
      "--token-auth-file=/etc/kubernetes/pki/tokens.csv", 
      "--secure-port=6443", 
      "--allow-privileged", 
      "--advertise-address=100.112.226.5", 
      "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname", 
      "--anonymous-auth=false", 
      "--etcd-servers=http://127.0.0.1:2379" 
     ], 
     "resources": { 
      "requests": { 
      "cpu": "250m" 
      } 
     }, 
     "volumeMounts": [ 
      { 
      "name": "k8s", 
      "readOnly": true, 
      "mountPath": "/etc/kubernetes/" 
      }, 
      { 
      "name": "certs", 
      "mountPath": "/etc/ssl/certs" 
      }, 
      { 
      "name": "pki", 
      "mountPath": "/etc/pki" 
      } 
     ], 
     "livenessProbe": { 
      "httpGet": { 
      "path": "/healthz", 
      "port": 8080, 
      "host": "127.0.0.1" 
      }, 
      "initialDelaySeconds": 15, 
      "timeoutSeconds": 15, 
      "failureThreshold": 8 
     } 
     } 
    ], 
    "hostNetwork": true 
    }, 
    "status": {} 

$ :wq 

以下是截斷的響應

# pods "kube-apiserver-test2-highr" was not valid: 
# * spec: Forbidden: pod updates may not change fields other than `containers[*].image` or `spec.activeDeadlineSeconds` 

所以我嘗試了不同的方法，我編輯爲KUBE-API服務器與上述 描述的相同的變化部署文件和運行以下：

$ kubectl apply -f /etc/kubernetes/manifests/kube-apiserver.json --namespace=kube-system 

得到這個迴應：

The connection to the server localhost:8080 was refused - did you specify the right host or port? 

所以現在我卡住了，我怎麼改變t他有效的端口範圍？

Answer 1

您指定的是--service-node-port-range=8880-8880錯誤。您只將它設置爲一個端口，將其設置爲一個範圍。

第二個問題：您正在將服務設置爲使用9090，但它不在該範圍內。

ports: 
    - port: 80 
    targetPort: 9090 
    nodePort: 9090 

API服務器應該有一個部署過，儘量把自己編輯在部署的端口範圍，刪除API服務器吊艙，這樣會將它通過新的配置重新創建。

Answer 2

由於某種原因，服務節點端口範圍設置爲不常使用的端口。爲什麼你想在每個節點上發佈這個？你真的想要嗎？

另一種方法是將其公開在半隨機nodeport上，然後在已知節點或節點集上使用代理窗口通過hostport訪問它。

Answer 3

此問題：

The connection to the server localhost:8080 was refused - did you specify the right host or port? 

通過排除8080我的端口範圍，其中KUBE-API服務器的發球造成，所以我不能發送任何更新kubectl。

我固定它通過改變端口範圍8080-8881，然後重新啓動kubelet服務，像這樣：

$ service kubelet restart 

一切都將按目前預計。