无法连接到kubernetes群集中的GRPC服务器，但是当我向前[连接拒绝]时可以连接

发布于 2025-01-25 17:05:52 字数 1979 浏览 5 评论 0原文

在过去的几天里，这个错误一直陷入困境！

我有一个HTTP服务器，该服务器旨在通过客户端与GRPC服务器连接。当我启动GRPC服务器并启动我的HTTP服务器时，它在本地计算机上正常工作。但是，当我尝试将其部署到群集中时，HTTP服务器无法与错误消息从计时器RPC错误接收流的错误：code = code = code = desc = desc =连接错误：desc =“ transvert：errory dial：dial dial dial dial dial dial dial dial：拨号TCP 10.109.237.114：5996：连接：连接拒绝“

我特别奇怪的是，如果我从群集中转发GRPC服务器，我的本地HTTP服务器可以连接到它。检查集群中的连接，我可以看到端口是打开的，但仍然拒绝连接。 netstat检查的图像

注释

在Minikube和doks上遇到此问题。
在M1 Mac。
上构建了这些图像。 rpc.dialContext（ctx，serveraddress，grpc.withtransportcredentials（insecure.newcredentials（）））

grpc服务器

apiVersion: apps/v1
kind: Deployment
metadata:
  name: x-service
  labels:
    type: xx
    service: x-svc
spec:
  replicas: 1
  selector:
    matchLabels:
      type: xx
      service: x-svc
  template:
    metadata:
      labels:
        type:xx
        service: x-svc
    spec:
      containers:
        - name: x-api
          image: x/image

---

apiVersion: v1
kind: Service
metadata:
  name: x-service
spec:
  ports:
    - protocol: TCP
      port: 5996
      targetPort: 5996
  selector:
    type: xx
    service: x-svc

文件http服务器文件http服务器文件

apiVersion: apps/v1
kind: Deployment
metadata:
  name: b-service
  labels:
    type: be
    service: be-svc
spec:
  replicas: 1
  selector:
    matchLabels:
      type: be
      service: be-svc
  template:
    metadata:
      labels:
        type: be
        service: be-svc
    spec:
      containers:
        - name: bapi
          image: x/grpc
          imagePullPolicy: Always
          env:
            - name: X_ADDRESS
              value: x-service:5996

---
apiVersion: v1
kind: Service
metadata:
  name: b-api-svc
spec:
  type: NodePort
  ports:
    - port: 8080
  selector:
    type: be
    service: be-svc

原文

Been stuck on this error for the past few days!

I have an HTTP server that is meant to connect with the gRPC server through the client. It works fine on my local machine when I start the gRPC server and start my HTTP server. However, When I try to deploy it in a cluster, the HTTP server is unable to connect with the error message error receiving stream from timer rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 10.109.237.114:5996: connect: connection refused"

What I find particularly weird is that if I forward the gRPC server from the cluster, my local HTTP server connects to it just fine. Inspecting the connection within the cluster I can see that the port is open but it still refuses connections.
image of netstat inspection

Notes

Experiene this issue on minikube and DOKS.
Built these images on an M1 mac.
There is no gRPC authenticationg => rpc.DialContext(ctx, serverAddress, grpc.WithTransportCredentials(insecure.NewCredentials()))

GRPC SERVER FILE

apiVersion: apps/v1
kind: Deployment
metadata:
  name: x-service
  labels:
    type: xx
    service: x-svc
spec:
  replicas: 1
  selector:
    matchLabels:
      type: xx
      service: x-svc
  template:
    metadata:
      labels:
        type:xx
        service: x-svc
    spec:
      containers:
        - name: x-api
          image: x/image

---

apiVersion: v1
kind: Service
metadata:
  name: x-service
spec:
  ports:
    - protocol: TCP
      port: 5996
      targetPort: 5996
  selector:
    type: xx
    service: x-svc

HTTP SERVER FILE

apiVersion: apps/v1
kind: Deployment
metadata:
  name: b-service
  labels:
    type: be
    service: be-svc
spec:
  replicas: 1
  selector:
    matchLabels:
      type: be
      service: be-svc
  template:
    metadata:
      labels:
        type: be
        service: be-svc
    spec:
      containers:
        - name: bapi
          image: x/grpc
          imagePullPolicy: Always
          env:
            - name: X_ADDRESS
              value: x-service:5996

---
apiVersion: v1
kind: Service
metadata:
  name: b-api-svc
spec:
  type: NodePort
  ports:
    - port: 8080
  selector:
    type: be
    service: be-svc

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

我为君王 2025-02-01 17:05:52

几天前，我遇到了与您相似的情况：
“当地，您可以通过port-forwward与GRPC服务进行通信，但是它无法在群集内（在Pods之间）进行通信

”主机名。在您的情况下，这应该是x服务：5996。是x-service。

则应该

ManagedChannel channel = ManagedChannelBuilder
  .forTarget("x-service:5996")
  .usePlaintext()
  .build();

如果您有一个名称空间， K8S聚集您的豆荚可以使用其服务名称（和端口）相互交互。但是，如果要通过入口建立通信，请检查此文档 https：/ /doc.traefik.io/traefik/Routing/providers/kubernetes-ingress/

希望这对您有所帮助。

A few days ago I was running into a similar situation as you are:
"Locally you can communicate with the gRPC service via port-forward, but it fail to communicate inside the Cluster (between Pods)"

If both the Pods are inside the same cluster, you should use the service name and port-number instead of the host name. In your case this should be x-service:5996. If you have a namespace then it should be x-service.<enter-namespace-here>:5996

In the Java context, your code should look similar to this:

ManagedChannel channel = ManagedChannelBuilder
  .forTarget("x-service:5996")
  .usePlaintext()
  .build();

If I am correct, within the k8s cluster your pods can interact with each other using their services names (and ports). However, if you want to establish communication via Ingress, check this documentation https://doc.traefik.io/traefik/routing/providers/kubernetes-ingress/

Hopefully this helps you.

回复收藏 0 原文

~没有更多了~