Docker

使用 kubernetes 的 Ftps 伺服器無法正常工作

  • March 2, 2020

ftps-filezilla 和 Kubernetes 有幾個星期的問題。

上下文

我有一個使用 Kubernetes 和 ftps 的學校項目。我需要在 kubernetes 的 21 埠創建一個 ftps 伺服器,它需要在 alpine linux 上執行。因此,我使用 docker 容器創建了我的 ftps-alpine 伺服器的映像。我測試它,如果它自己正常工作:使用docker run --name test-alpine -itp 21:21 test_alpine我在 filezilla 中有這個輸出:

   Status: Connecting to 192.168.99.100:21…
   Status: Connection established, waiting for welcome message…
   Status: Initializing TLS…
   Status: Verifying certificate…
   Status: TLS connection established.
   Status: Logged in
   Status: Retrieving directory listing…
   Status: Calculating timezone offset of server…
   Status: Timezone offset of server is 0 seconds.
   Status: Directory listing of “/” successful

它工作成功,filezilla 看到我的 ftps 目錄中的文件我現在很好(在活動模式下工作)。

問題

所以我想要的是在我的 kubernetes 集群中使用我的圖像(我使用 Minikube)。當我將我的 docker 映像連接到 kubernetes 中的入口服務部署時,我有:

Status: Connecting to 192.168.99.100:30894...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is the current directory
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    PASV
Response:   227 Entering Passive Mode (192,168,99,100,178,35).
Command:    LIST
Error:  The data connection could not be established: ECONNREFUSED - Connection refused by server

設置

ingress.yaml :

   kind: Ingress
   metadata:
   annotations:
   nginx.ingress.kubernetes.io/rewrite-target: /$1
   namespace: default
   name: ingress-controller
   spec:
   backend:
   serviceName: my-nginx
   servicePort: 80
   backend:
   serviceName: ftps-alpine
   servicePort: 21

ftps-alpine.yml :

   apiVersion: v1
   kind: Service
   metadata:
   name: ftps-alpine
   labels:
   run: ftps-alpine
   spec:
   type: NodePort
   ports:

   port: 21
   targetPort: 21
   protocol: TCP
   name: ftp21
   port: 20
   targetPort: 20
   protocol: TCP
   name: ftp20
   selector:
   run: ftps-alpine
   apiVersion: apps/v1
   kind: Deployment
   metadata:
   name: ftps-alpine
   spec:
   selector:
   matchLabels:
   run: ftps-alpine
   replicas: 1
   template:
   metadata:
   labels:
   run: ftps-alpine
   spec:
   - name: ftps-alpine
   image: test_alpine
   imagePullPolicy: Never
   ports:
   - containerPort: 21
   - containerPort: 20

我做了什麼

vftpd.conf

   seccomp_sandbox=NO
   pasv_promiscuous=NO
   listen=NO
   listen_ipv6=YES
   anonymous_enable=NO
   local_enable=YES
   write_enable=YES
   local_umask=022
   dirmessage_enable=YES
   use_localtime=YES
   xferlog_enable=YES
   connect_from_port_20=YES
   chroot_local_user=YES
   #secure_chroot_dir=/vsftpd/empty
   pam_service_name=vsftpd
   pasv_enable=YES
   pasv_min_port=20
   pasv_max_port=20
   user_sub_token=$USER
   local_root=/home/$USER/ftp
   userlist_enable=YES
   userlist_file=/etc/vsftpd.userlist
   userlist_deny=NO
   rsa_cert_file=/etc/ssl/private/vsftpd.pem
   rsa_private_key_file=/etc/ssl/private/vsftpd.pem
   ssl_enable=YES
   allow_anon_ssl=NO
   force_local_data_ssl=YES
   force_local_logins_ssl=YES
   ssl_tlsv1=YES
   ssl_sslv2=NO
   ssl_sslv3=NO
   allow_writeable_chroot=YES
   #listen_port=21
   pasv_address=192.168.99.100
  1. 將 pasv_min 和 max port 從 20 更改為 20、20 更改為 21 和 30000 更改為 34000(nodeport 範圍)。
  2. Listen=YES 和 Listen_ipv6=NO 等等。
  3. 我確實嘗試過被動模式和主動模式。
  4. 我將我的 pasv_address 設置為我的 minikube ip。

這是我在 stackoverflow 中的問題:https ://stackoverflow.com/questions/60458028/ftps-server-doesnt-work-properly-using-kubernetes

問題

除了我的 kubernetes 集群,我怎樣才能成功地收到第一條消息?

如果您有任何問題需要澄清,沒問題。

它適用於以下更改:

apiVersion: v1
   kind: Service
   metadata:
     name: ftps-alpine
     labels:
       run: ftps-alpine
   spec:
     type: NodePort
     ports:
     - port: 21
       targetPort: 21
       nodePort: 30025
       protocol: TCP
       name: ftp21
     - port: 20
       targetPort: 20
       protocol: TCP
       nodePort: 30026
       name: ftp20
     - port: 30020
       targetPort: 30020
       nodePort: 30020
       protocol: TCP
       name: ftp30020
     - port: 30021
       targetPort: 30021
       nodePort: 30021
       protocol: TCP
       name: ftp30021
     selector:
       run: ftps-alpine
   ---

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: ftps-alpine
   spec:
     selector:
       matchLabels:
         run: ftps-alpine
     replicas: 1
     template:
       metadata:
         labels:
           run: ftps-alpine
       spec:
         containers:
         - name: ftps-alpine
           image: test_alpine
           imagePullPolicy: Never
           ports:
           - containerPort: 21
           - containerPort: 20
           - containerPort: 30020
           - containerPort: 30021

對於 vsftpd.conf :

seccomp_sandbox=NO
pasv_promiscuous=NO
listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
#secure_chroot_dir=/vsftpd/empty
pam_service_name=vsftpd
pasv_enable=YES
pasv_min_port=30020
pasv_max_port=30021
user_sub_token=$USER
local_root=/home/$USER/ftp
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
allow_writeable_chroot=YES
#listen_port=21
pasv_address=#minikube_ip#

引用自:https://serverfault.com/questions/1005097