Kubernetes-无法从服务的Pod连接到服务IP [英] Kubernetes - Can't connect to a service IP from the service's pod
问题描述
我正在尝试创建3个Kafka实例,并将其部署到本地Kubernetes安装程序.因为每个实例都需要一些特定的配置,所以我为每个实例创建一个RC和一个服务-急切地等待#18016 ;)
I'm trying to create 3 instances of Kafka and deploy it a local Kubernetes setup. Because each instance needs some specific configuration, I'm creating one RC and one service for each - eagerly waiting for #18016 ;)
但是,我遇到了问题,因为当Kafka使用服务IP时,它无法与其自身建立网络连接(Kafka代理在与其他代理交换复制消息时会尝试这样做).例如,假设我有两个工作主机(172.17.8.201和172.17.8.202),并且我的pod的调度是这样的:
However, I'm having problems because Kafka can't establish a network connection to itself when it uses the service IP (a Kafka broker tries to do this when it is exchanging replication messages with other brokers). For example, let's say I have two worker hosts (172.17.8.201 and 172.17.8.202) and my pods are scheduled like this:
-
主机1(172.17.8.201)
Host 1 (172.17.8.201)
-
kafka1吊舱(10.2.16.1)
kafka1pod (10.2.16.1)
主机2(172.17.8.202)
Host 2 (172.17.8.202)
-
kafka2吊舱(10.2.68.1) -
kafka3窗格(10.2.68.2)
kafka2pod (10.2.68.1)kafka3pod (10.2.68.2)
此外,假设我具有以下服务IP:
In addition, let's say I have the following service IPs:
-
kafka1群集IP:11.1.2.96 -
kafka2群集IP:11.1.2.120 -
kafka3群集IP:11.1.2.123
kafka1cluster IP: 11.1.2.96kafka2cluster IP: 11.1.2.120kafka3cluster IP: 11.1.2.123
当 kafka1 容器(容器)尝试使用 kafka1 群集IP(11.1.2.96)向自身发送消息时,就会发生此问题.由于某些原因,无法建立连接,也不会发送消息.
The problem happens when the kafka1 pod (container) tries to send a message (to itself) using the kafka1 cluster IP (11.1.2.96). For some reason, the connection cannot established and the message is not sent.
更多信息:如果我手动连接到 kafka1 吊舱,则可以使用它们各自的群集正确地远程登录到 kafka2 和 kafka3 吊舱IP(11.1.2.120/11.1.2.123).另外,如果我在 kafka2 窗格中,则使用11.1.2.96和11.1.2.123连接到 kafka1 和 kafka3 窗格.最后,如果使用Pod IP,我可以连接到所有Pod(来自所有Pod).
Some more information: If I manually connect to the kafka1 pod, I can correctly telnet to kafka2 and kafka3 pods using their respective cluster IPs (11.1.2.120 / 11.1.2.123). Also, if I'm in the kafka2 pod, I connect to both kafka1 and kafka3 pods using 11.1.2.96 and 11.1.2.123. Finally, I can connect to all pods (from all pods) if I use the pod IPs.
需要强调的是,我不应该告诉kafka经纪人使用pod IP而不是集群IP进行复制.就目前而言,Kafka使用您配置为发布"的任何IP进行复制-这是您的客户端用于连接到代理的IP.即使可以,我相信其他软件也可能会出现此问题.
It is important to emphasize that I shouldn't tell the kafka brokers to use the pod IPs instead of the cluster IPs for replication. As it is right now, Kafka uses for replication whatever IP you configure to be "advertised" - which is the IP that your client uses to connect to the brokers. Even if I could, I believe this problem may appear with other software as well.
该问题似乎仅在我使用的组合中才会发生,因为完全相同的文件在GCE中可以正常工作.现在,我正在跑步:
This problem seems to happen only with the combination I am using, because the exact same files work correctly in GCE. Right now, I'm running:
- Kubernetes 1.1.2
- coreos 928.0.0
- 使用法兰绒的网络设置
- 流浪者+ VirtualBpx上的一切
经过一些调试后,我不确定问题是出在worker iptables规则,kube-proxy还是法兰绒中.
After some debugging, I'm not sure if the problem is in the workers iptables rules, in kube-proxy, or in flannel.
PS:我最初将这个问题发布为问题在他们的github上,但是我Kubernetes团队已将其重定向到此处.我对文本进行了一些改写,因为听起来像是支持请求",但实际上我认为这是某种错误.无论如何,对Kubernetes团队感到抱歉!
PS: I posted this question originally as an Issue on their github, but I have been redirected to here by the Kubernetes team. I reword the text a bit because it was sounding like it was a "support request", but actually I believe it is some sort of bug. Anyway, sorry about that Kubernetes team!
此问题已确认为错误 https://github.com/kubernetes/kubernetes/issues/20391
This problem has been confirmed as a bug https://github.com/kubernetes/kubernetes/issues/20391
推荐答案
关于您要做什么,您应该使用 Headless Service http://kubernetes.io/v1.0/docs/user-guide/services.html#headless-services
for what you want to do you should be using a Headless Service http://kubernetes.io/v1.0/docs/user-guide/services.html#headless-services
这意味着设置
集群IP:无
在您的服务
,这意味着将没有与该服务相关联的IP,但它将返回由 selector
and that means there won't be an IP associated with the service but it will return all IPs of the Pods selected by the selector
这篇关于Kubernetes-无法从服务的Pod连接到服务IP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
