K8s Pod无法通过内部IP访问外部VM [英] K8s pods unable to reach external VM via internal IP

问题描述

我正在从GCP迁移到Azure平台.我有一个k8s群集，需要在相同的Azure区域但不同的VNET中使用内部IP与外部Cassandra群集进行通讯.我有对等的VNET.我可以从K8s节点到达Cassandra集群，反之亦然，但是不能从Pod到达它们.

I am migrating to Azure platform from GCP. I have a k8s cluster that needs to talk to external Cassandra cluster using internal IP(s), in the same Azure region but different VNET. I have the VNET(s) peered. I can reach the Cassandra cluster from the K8s nodes and vice versa but cannot reach them from the pods.

这似乎是一些Azure网络问题.我为豆荚打开了到达Cassandra的防火墙规则，但是没有运气.我该如何最好地解决这个问题?

This seems to be some Azure networking issue. I have opened up firewall rules for the pods to reach Cassandra but with no luck. How best should I solve this?

推荐答案

因为Azure找不到您的pod的私有IP地址.我们可以使用Azure 路由表来连接它们.

Because Azure can't find your private IP address of your pods. We can use Azure route table to connect them.

这是我的测试，两个资源组，一个用于k8，另一个用于信号VM.

Here is my test, two resource group, one for k8s and another one for a signal VM.

以下是有关吊舱的信息:

Here is the information about pods:

root@k8s-master-CA9C4E39-0:~# kubectl get pods --output=wide
NAME                       READY     STATUS    RESTARTS   AGE       IP             NODE
influxdb                   1/1       Running   0          59m       10.244.1.166   k8s-agent-ca9c4e39-0
my-nginx-858393261-jrz15   1/1       Running   0          1h        10.244.1.63    k8s-agent-ca9c4e39-0
my-nginx-858393261-wbpl6   1/1       Running   0          1h        10.244.1.62    k8s-agent-ca9c4e39-0
nginx                      1/1       Running   0          52m       10.244.1.179   k8s-agent-ca9c4e39-0
nginx3                     1/1       Running   0          43m       10.244.1.198   k8s-agent-ca9c4e39-0

有关K8s代理和主服务器的信息:

The information about K8s agent and master :

有关信号VM的信息:

默认情况下，我们不能使用172.16.0.4 ping 10.244.1.0/24.我们应该添加一个Azure路由表，然后我们可以ping该pod IP地址:

By default, we can't use 172.16.0.4 to ping 10.244.1.0/24. We should add an Azure route table, then we can ping that pod IP address:

这是我的结果:

root@jasonvm2:~# ping 10.244.1.166
PING 10.244.1.166 (10.244.1.166) 56(84) bytes of data.
64 bytes from 10.244.1.166: icmp_seq=1 ttl=63 time=2.61 ms
64 bytes from 10.244.1.166: icmp_seq=2 ttl=63 time=1.42 ms
--- 10.244.1.166 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.424/2.019/2.614/0.595 ms
root@jasonvm2:~# ping 10.244.1.166
PING 10.244.1.166 (10.244.1.166) 56(84) bytes of data.
64 bytes from 10.244.1.166: icmp_seq=1 ttl=63 time=2.56 ms
64 bytes from 10.244.1.166: icmp_seq=2 ttl=63 time=1.10 ms
^C
--- 10.244.1.166 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.102/1.833/2.564/0.731 ms
root@jasonvm2:~# ping 10.244.1.63
PING 10.244.1.63 (10.244.1.63) 56(84) bytes of data.
64 bytes from 10.244.1.63: icmp_seq=1 ttl=63 time=2.89 ms
64 bytes from 10.244.1.63: icmp_seq=2 ttl=63 time=2.27 ms
--- 10.244.1.63 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 2.271/2.581/2.892/0.314 ms

关于Azure路由表，请参考此

About Azure route table, please refer to this link.

这篇关于K8s Pod无法通过内部IP访问外部VM的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！