Kubernetes - 无法从服务的 pod 连接到服务 IP [英] Kubernetes - Can't connect to a service IP from the service's pod
问题描述
我正在尝试创建 3 个 Kafka 实例并将其部署到本地 Kubernetes 设置中.因为每个实例都需要一些特定的配置,我正在为每个实例创建一个 RC 和一个服务 - 急切地等待 #18016 ;)
I'm trying to create 3 instances of Kafka and deploy it a local Kubernetes setup. Because each instance needs some specific configuration, I'm creating one RC and one service for each - eagerly waiting for #18016 ;)
但是,我遇到了问题,因为 Kafka 在使用服务 IP 时无法与自身建立网络连接(Kafka 代理在与其他代理交换复制消息时会尝试这样做).例如,假设我有两个工作主机(172.17.8.201 和 172.17.8.202),我的 pod 是这样安排的:
However, I'm having problems because Kafka can't establish a network connection to itself when it uses the service IP (a Kafka broker tries to do this when it is exchanging replication messages with other brokers). For example, let's say I have two worker hosts (172.17.8.201 and 172.17.8.202) and my pods are scheduled like this:
主机 1 (172.17.8.201)
Host 1 (172.17.8.201)
kafka1pod (10.2.16.1)
kafka1pod (10.2.16.1)
主机 2 (172.17.8.202)
Host 2 (172.17.8.202)
kafka2pod (10.2.68.1)kafka3pod (10.2.68.2)
kafka2pod (10.2.68.1)kafka3pod (10.2.68.2)
另外,假设我有以下服务 IP:
In addition, let's say I have the following service IPs:
kafka1集群IP:11.1.2.96kafka2集群IP:11.1.2.120kafka3集群IP:11.1.2.123
kafka1cluster IP: 11.1.2.96kafka2cluster IP: 11.1.2.120kafka3cluster IP: 11.1.2.123
当 kafka1 pod(容器)尝试使用 kafka1 集群 IP (11.1.2.96) 向自身发送消息时,就会出现问题.由于某种原因,连接无法建立,消息未发送.
The problem happens when the kafka1 pod (container) tries to send a message (to itself) using the kafka1 cluster IP (11.1.2.96). For some reason, the connection cannot established and the message is not sent.
更多信息:如果我手动连接到 kafka1 pod,我可以使用各自的集群正确 telnet 到 kafka2 和 kafka3 podIP (11.1.2.120/11.1.2.123).另外,如果我在 kafka2 pod 中,我会使用 11.1.2.96 和 11.1.2.123 连接到 kafka1 和 kafka3 pod.最后,如果我使用 pod IP,我可以连接到所有 pod(来自所有 pod).
Some more information: If I manually connect to the kafka1 pod, I can correctly telnet to kafka2 and kafka3 pods using their respective cluster IPs (11.1.2.120 / 11.1.2.123). Also, if I'm in the kafka2 pod, I connect to both kafka1 and kafka3 pods using 11.1.2.96 and 11.1.2.123. Finally, I can connect to all pods (from all pods) if I use the pod IPs.
需要强调的是,我不应该告诉 kafka 代理使用 pod IP 而不是集群 IP 进行复制.就像现在一样,Kafka 使用您配置为广告"的任何 IP 进行复制 - 这是您的客户端用于连接到代理的 IP.即使可以,我相信其他软件也会出现此问题.
It is important to emphasize that I shouldn't tell the kafka brokers to use the pod IPs instead of the cluster IPs for replication. As it is right now, Kafka uses for replication whatever IP you configure to be "advertised" - which is the IP that your client uses to connect to the brokers. Even if I could, I believe this problem may appear with other software as well.
这个问题似乎只发生在我使用的组合中,因为完全相同的文件在 GCE 中可以正常工作.现在,我正在跑步:
This problem seems to happen only with the combination I am using, because the exact same files work correctly in GCE. Right now, I'm running:
- Kubernetes 1.1.2
- coreos 928.0.0
- 使用 flannel 设置网络
- vagrant + VirtualBpx 上的一切
经过一些调试,我不确定问题是出在 worker iptables 规则中、kube-proxy 中还是 flannel 中.
After some debugging, I'm not sure if the problem is in the workers iptables rules, in kube-proxy, or in flannel.
PS:我最初将这个问题作为 问题 发布在他们的 github 上,但我已被 Kubernetes 团队重定向到此处.我稍微改写了文本,因为它听起来像是一个支持请求",但实际上我认为这是某种错误.无论如何,对不起那个 Kubernetes 团队!
PS: I posted this question originally as an Issue on their github, but I have been redirected to here by the Kubernetes team. I reword the text a bit because it was sounding like it was a "support request", but actually I believe it is some sort of bug. Anyway, sorry about that Kubernetes team!
此问题已确认为错误 https://github.com/kubernetes/kubernetes/issues/20391
推荐答案
对于你想做的事情,你应该使用 Headless Servicehttp://kubernetes.io/v1.0/docs/user-guide/services.html#headless-services
for what you want to do you should be using a Headless Service http://kubernetes.io/v1.0/docs/user-guide/services.html#headless-services
这意味着设置
clusterIP:无
在您的服务
这意味着不会有与服务关联的 IP,但它会返回 selector
and that means there won't be an IP associated with the service but it will return all IPs of the Pods selected by the selector
这篇关于Kubernetes - 无法从服务的 pod 连接到服务 IP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
