无法连接到在NodePort模式下运行的traefik

我使用Terraform配置了一个k8s集群，我在DigitalOcean上运行它 - 我使用CoreOS作为托管操作系统 .

我为我的traefik入口指定了以下nodePorts： - 30080 - 30443

我创建了DigitalOcean FW规则，允许传入流量到我的k8s群集中每个节点上的那些端口 . 我创建了DigitalOcean LB规则，在k8s节点上将流量从端口80路由到30080和443到30443 .

我试过访问traefik仪表板（我已经明确地将它暴露为traefik.my.domain），但是不成功 . 我已经尝试通过telnet连接到每个节点的端口30080，这也被证明是不成功的 .

我怀疑iptables可能会在目前的情况下发挥作用，但我不确定 .

kubectl -n kube-system describe service traefik Name: traefik Namespace: kube-system Labels: app=traefik chart=traefik-1.43.0 heritage=Tiller release=traefik Annotations: <none> Selector: app=traefik,release=traefik Type: NodePort IP: 10.3.169.94 Port: http 80/TCP TargetPort: http/TCP NodePort: http 30080/TCP Endpoints: 10.2.3.2:80 Port: https 443/TCP TargetPort: httpn/TCP NodePort: https 30443/TCP Endpoints: 10.2.3.2:8880 Session Affinity: None External Traffic Policy: Local Events: <none>

sudo iptables --list-rules sudo iptables --list-rules -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -N DOCKER -N DOCKER-ISOLATION-STAGE-1 -N DOCKER-ISOLATION-STAGE-2 -N DOCKER-USER -N KUBE-EXTERNAL-SERVICES -N KUBE-FIREWALL -N KUBE-FORWARD -N KUBE-SERVICES -A INPUT -m conntrack --ctstate NEW -m comment --comment "kubernetes externally-visible service portals" -j KUBE-EXTERNAL-SERVICES -A INPUT -j KUBE-FIREWALL -A FORWARD -m comment --comment "kubernetes forwarding rules" -j KUBE-FORWARD -A FORWARD -j DOCKER-USER -A FORWARD -j DOCKER-ISOLATION-STAGE-1 -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o docker0 -j DOCKER -A FORWARD -i docker0 ! -o docker0 -j ACCEPT -A FORWARD -i docker0 -o docker0 -j ACCEPT -A FORWARD -s 10.2.0.0/16 -j ACCEPT -A FORWARD -d 10.2.0.0/16 -j ACCEPT -A OUTPUT -m conntrack --ctstate NEW -m comment --comment "kubernetes service portals" -j KUBE-SERVICES -A OUTPUT -j KUBE-FIREWALL -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2 -A DOCKER-ISOLATION-STAGE-1 -j RETURN -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP -A DOCKER-ISOLATION-STAGE-2 -j RETURN -A DOCKER-USER -j RETURN -A KUBE-FIREWALL -m comment --comment "kubernetes firewall for dropping marked packets" -m mark --mark 0x8000/0x8000 -j DROP -A KUBE-FORWARD -m comment --comment "kubernetes forwarding rules" -m mark --mark 0x4000/0x4000 -j ACCEPT -A KUBE-FORWARD -s 10.2.0.0/16 -m comment --comment "kubernetes forwarding conntrack pod source rule" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A KUBE-FORWARD -d 10.2.0.0/16 -m comment --comment "kubernetes forwarding conntrack pod destination rule" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

任何人都可以指出可能导致连接问题的原因吗？这是iptables的问题吗？