K8s pod 无法通过内部 IP 访问外部 VM [英] K8s pods unable to reach external VM via internal IP

问题描述

我正在从 GCP 迁移到 Azure 平台.我有一个 k8s 集群，它需要使用内部 IP 与外部 Cassandra 集群通信，位于同一 Azure 区域但不同的 VNET.我已对等 VNET.我可以从 K8s 节点访问 Cassandra 集群，反之亦然，但无法从 Pod 访问它们.

I am migrating to Azure platform from GCP. I have a k8s cluster that needs to talk to external Cassandra cluster using internal IP(s), in the same Azure region but different VNET. I have the VNET(s) peered. I can reach the Cassandra cluster from the K8s nodes and vice versa but cannot reach them from the pods.

这似乎是一些 Azure 网络问题.我已经为 pod 开启了防火墙规则以到达 Cassandra，但没有成功.我应该如何最好地解决这个问题?

This seems to be some Azure networking issue. I have opened up firewall rules for the pods to reach Cassandra but with no luck. How best should I solve this?

推荐答案

因为 Azure 找不到 Pod 的私有 IP 地址.我们可以使用 Azure 路由表来连接它们.

Because Azure can't find your private IP address of your pods. We can use Azure route table to connect them.

这是我的测试，两个资源组，一个用于 k8s，另一个用于信号 VM.

Here is my test, two resource group, one for k8s and another one for a signal VM.

这里是关于 Pod 的信息:

Here is the information about pods:

root@k8s-master-CA9C4E39-0:~# kubectl get pods --output=wide
NAME                       READY     STATUS    RESTARTS   AGE       IP             NODE
influxdb                   1/1       Running   0          59m       10.244.1.166   k8s-agent-ca9c4e39-0
my-nginx-858393261-jrz15   1/1       Running   0          1h        10.244.1.63    k8s-agent-ca9c4e39-0
my-nginx-858393261-wbpl6   1/1       Running   0          1h        10.244.1.62    k8s-agent-ca9c4e39-0
nginx                      1/1       Running   0          52m       10.244.1.179   k8s-agent-ca9c4e39-0
nginx3                     1/1       Running   0          43m       10.244.1.198   k8s-agent-ca9c4e39-0

关于K8s的agent和master的信息:

The information about K8s agent and master :

关于信号VM的信息:

默认情况下，我们不能使用172.16.0.4 ping 10.244.1.0/24.我们应该添加一个 Azure 路由表，然后我们可以 ping 那个 pod IP 地址:

By default, we can't use 172.16.0.4 to ping 10.244.1.0/24. We should add an Azure route table, then we can ping that pod IP address:

这是我的结果:

root@jasonvm2:~# ping 10.244.1.166
PING 10.244.1.166 (10.244.1.166) 56(84) bytes of data.
64 bytes from 10.244.1.166: icmp_seq=1 ttl=63 time=2.61 ms
64 bytes from 10.244.1.166: icmp_seq=2 ttl=63 time=1.42 ms
--- 10.244.1.166 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.424/2.019/2.614/0.595 ms
root@jasonvm2:~# ping 10.244.1.166
PING 10.244.1.166 (10.244.1.166) 56(84) bytes of data.
64 bytes from 10.244.1.166: icmp_seq=1 ttl=63 time=2.56 ms
64 bytes from 10.244.1.166: icmp_seq=2 ttl=63 time=1.10 ms
^C
--- 10.244.1.166 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.102/1.833/2.564/0.731 ms
root@jasonvm2:~# ping 10.244.1.63
PING 10.244.1.63 (10.244.1.63) 56(84) bytes of data.
64 bytes from 10.244.1.63: icmp_seq=1 ttl=63 time=2.89 ms
64 bytes from 10.244.1.63: icmp_seq=2 ttl=63 time=2.27 ms
--- 10.244.1.63 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 2.271/2.581/2.892/0.314 ms

关于Azure路由表，请参考这个链接.

About Azure route table, please refer to this link.

这篇关于K8s pod 无法通过内部 IP 访问外部 VM的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！