K8s服务无法Ping [英] K8s service not pingable

问题描述

我在minikube集群中有一个k8s服务/部署(在default名称空间中的名称amq:

I have a k8s service/deployment in a minikube cluster (name amq in default namespace:

D20181472:argo-k8s gms$ kubectl get svc --all-namespaces
NAMESPACE     NAME         TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)           AGE
argo          argo-ui      ClusterIP      10.97.242.57     <none>        80/TCP            5h19m
default       amq          LoadBalancer   10.102.205.126   <pending>     61616:32514/TCP   4m4s
default       kubernetes   ClusterIP      10.96.0.1        <none>        443/TCP           5h23m
kube-system   kube-dns     ClusterIP      10.96.0.10       <none>        53/UDP,53/TCP     5h23m

我启动了infoblox/dnstools，并尝试了amq.default的nslookup，dig和ping，结果如下:

I spun up infoblox/dnstools, and tried nslookup, dig and ping of amq.default with the following results:

dnstools# nslookup amq.default
Server:     10.96.0.10
Address:    10.96.0.10#53

Name:   amq.default.svc.cluster.local
Address: 10.102.205.126

dnstools# ping amq.default
PING amq.default (10.102.205.126): 56 data bytes
^C
--- amq.default ping statistics ---
28 packets transmitted, 0 packets received, 100% packet loss
dnstools# dig amq.default

; <<>> DiG 9.11.3 <<>> amq.default
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15104
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;amq.default.           IN  A

;; Query time: 32 msec
;; SERVER: 10.96.0.10#53(10.96.0.10)
;; WHEN: Sat Jan 26 01:58:13 UTC 2019
;; MSG SIZE  rcvd: 29

dnstools# ping amq.default
PING amq.default (10.102.205.126): 56 data bytes
^C
--- amq.default ping statistics ---
897 packets transmitted, 0 packets received, 100% packet loss

(注意:直接ping IP地址会得到相同的结果)

(NB: pinging the ip address directly gives the same result)

我承认我对DNS的深入了解不是很了解，所以我不确定为什么我可以查找和挖掘主机名，但不能ping通它.

I admittedly am not very knowledgable about the deep workings of DNS, so I am not sure why I can do a lookup and dig for the hostname, but not ping it.

推荐答案

我承认我对DNS的深入了解不是很了解，所以我不确定为什么可以对主机名进行查找和挖掘，但不能ping通它.

I admittedly am not very knowledgable about the deep workings of DNS, so I am not sure why I can do a lookup and dig for the hostname, but not ping it.

因为Service IP地址是群集想象力中的虚构人物，由iptables或ipvs引起，实际上并不存在.您可以在运行kube-proxy(或ipvsadm -ln)的任何节点上使用iptables -t nat -L -n看到它们，如有用的

Because Service IP addresses are figments of your cluster's imagination, caused by either iptables or ipvs, and don't actually exist. You can see them with iptables -t nat -L -n on any Node that is running kube-proxy (or ipvsadm -ln), as is described by the helpful Debug[-ing] Services page

由于它们不是绑定到实际NIC的真实IP，因此除了Service资源中注册的端口号以外，它们不会响应任何流量.测试服务连接性的正确方法是使用curl或netcat之类的东西，并使用您希望应用程序通信通过的端口号.

Since they are not real IPs bound to actual NICs, they don't respond to any traffic other than the port numbers registered in the Service resource. The correct way of testing connectivity against a service is with something like curl or netcat and using the port number upon which you are expecting application traffic to travel.

这篇关于K8s服务无法Ping的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！