kubernetes pod 无法(通过服务)连接到自身，只能连接到其他 pod 容器 [英] kubernetes pod can't connect (through service) to self, only to other pod-containers

问题描述

我有一个 kubernetes 单节点设置(参见 https://coreos.com/kubernetes/docs/latest/kubernetes-on-vagrant-single.html )

我有一个服务和一个复制控制器来创建 pod.这些 pod 需要连接到同一服务中的其他 pod(注意:这最终是为了让我可以使用副本集(非本地主机)运行 mongo，但这个简单的示例演示了 mongo 存在的问题).

当我从任何节点连接到服务时，它将(按预期)分发到其中一个 Pod.这将一直有效，直到它对自身(我所在的容器)进行负载平衡.然后就连接不上了.

抱歉我说的太冗长了，但我将附上我所有的文件，以便您可以在这个小例子中看到我在做什么.

Dockerfile:

来自 ubuntu维护者埃里克 H运行 apt-get 更新；apt-get 安装 netcat曝光 8080复制 ./entry.sh/入口点 ["/entry.sh"]

这里是入口

#!/bin/bash# 等待连接，然后告诉他们我们是谁尽管 : ;做echo "你好，日期=`日期`；我的主机=`主机名`" |nc -l 8080睡眠 0.5完毕

构建dockerfile

docker build -t echoserver .

标记并上传到我的 k8s 集群的注册表

docker tag -f echoserver:latest 127.0.0.1:5000/echoserver:latest码头工人推 127.0.0.1:5000/echoserver:latest

这是我的复制控制器

apiVersion: v1种类:ReplicationController元数据:标签:角色:echo-server应用程序:回声名称:echo-server-1规格:复制品:3模板:元数据:标签:实体:echo-server-1角色:echo-server应用程序:回声规格:容器:——图像:127.0.0.1:5000/echoserver:latest名称:echo-server-1端口:- 容器端口:8080

最后，这是我的服务

种类:服务元数据:标签:应用程序:回声角色:echo-server名称:echo-server-1名称:echo-server-1规格:选择器:实体:echo-server-1角色:echo-server端口:- 端口:8080目标端口:8080

创建我的服务kubectl create -f echo.service.yaml

创建我的 rckubectl create -f echo.controller.yaml

获取我的 POD

kubectl get po名称就绪状态重新开始年龄echo-server-1-jp0aj 1/1 运行 0 39mecho-server-1-shoz0 1/1 运行 0 39mecho-server-1-y9bv2 1/1 运行 0 39m

获取服务IP

kubectl 获取 svc名称 CLUSTER_IP EXTERNAL_IP PORT(S) SELECTOR AGEecho-server-1 10.3.0.246 <无>8080/TCP entity=echo-server-1,role=echo-server 39m

执行到其中一个 Podkubectl exec -t -i echo-server-1-jp0aj/bin/bash

现在多次连接到该服务......它会给我所有 pod 的应用消息，除了当它到达自身时，它就会挂起.

root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080您好，日期= UTC 2016 年 1 月 11 日星期一 22:02:38；我的主机=echo-server-1-y9bv2root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080^Croot@echo-server-1-jp0aj:/# nc 10.3.0.246 8080你好，日期= UTC 2016 年 1 月 11 日星期一 22:02:43；我的主机=echo-server-1-shoz0root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080^Croot@echo-server-1-jp0aj:/# nc 10.3.0.246 8080你好，日期= UTC 2016 年 1 月 11 日星期一 22:31:19；我的主机=echo-server-1-y9bv2root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080你好，日期= UTC 2016 年 1 月 11 日星期一 22:31:23；我的主机=echo-server-1-shoz0root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080您好，日期= UTC 2016 年 1 月 11 日星期一 22:31:26；我的主机=echo-server-1-y9bv2root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080你好，日期= UTC 2016 年 1 月 11 日星期一 22:31:27；我的主机=echo-server-1-shoz0root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080

我如何配置东西，以便服务的所有成员都可以连接到所有其他成员，包括它自己?

解决方案

感谢所有在 GitHub 上提供帮助的人.
解决方法如下:

<块引用>

tanen01 于 2 月 4 日发表评论 在 k8s v1.1.7 上看到同样的问题稳定

问题发生在:

kube-proxy --proxy-mode=iptables

<块引用>

一旦我将其更改为:

 --proxy-mode=用户空间

<块引用>

(也是默认值)，然后它再次工作.

因此，如果您遇到这种情况，请尝试在启动 kube-proxy 时关闭 --proxy-mode.

I have a kubernetes single-node setup (see https://coreos.com/kubernetes/docs/latest/kubernetes-on-vagrant-single.html )

I have a service and an replication controller creating pods. Those pods need to connect to the other pods in the same service (Note: this is ultimately so that I can get mongo running w/replica sets (non localhost), but this simple example demonstrates the problem that mongo has).

When I connect from any node to the service, it will be distributed (as expected) to one of the pods. This will work until it load balances to itself (the container that I am on). Then it fails to connect.

Sorry to be verbose, but I am going to attach all my files so that you can see what I'm doing in this little example.

Dockerfile:

FROM ubuntu
MAINTAINER Eric H
RUN apt-get update; apt-get install netcat
EXPOSE 8080
COPY ./entry.sh /
ENTRYPOINT ["/entry.sh"]

Here is the entry point

#!/bin/bash
# wait for a connection, then tell them who we are 
while : ; do 
    echo "hello, the date=`date`; my host=`hostname`" | nc -l 8080 
    sleep .5
done

build the dockerfile

docker build -t echoserver .

tag and upload to my k8s cluster's registry

docker tag -f echoserver:latest 127.0.0.1:5000/echoserver:latest
docker push 127.0.0.1:5000/echoserver:latest

Here is my Replication Controller

apiVersion: v1
kind: ReplicationController
metadata:
  labels:
    role: echo-server
    app: echo
  name: echo-server-1
spec:
  replicas: 3
  template:
    metadata:
      labels:
        entity: echo-server-1
        role: echo-server
        app: echo
    spec:
      containers:
      - 
        image: 127.0.0.1:5000/echoserver:latest
        name: echo-server-1

        ports:
          - containerPort: 8080

And finally, here is my Service

kind: Service
metadata:
  labels:
    app: echo
    role: echo-server
    name: echo-server-1
  name: echo-server-1
spec:
  selector:
    entity: echo-server-1
    role: echo-server
  ports:
    - port: 8080
      targetPort: 8080

Create my service kubectl create -f echo.service.yaml

Create my rc kubectl create -f echo.controller.yaml

Get my PODs

kubectl get po
NAME                  READY     STATUS    RESTARTS   AGE
echo-server-1-jp0aj   1/1       Running   0          39m
echo-server-1-shoz0   1/1       Running   0          39m
echo-server-1-y9bv2   1/1       Running   0          39m

Get the service IP

kubectl get svc
NAME            CLUSTER_IP   EXTERNAL_IP   PORT(S)    SELECTOR                                AGE
echo-server-1   10.3.0.246   <none>        8080/TCP   entity=echo-server-1,role=echo-server   39m

Exec into one of the pods kubectl exec -t -i echo-server-1-jp0aj /bin/bash

Now connect to the service multiple times... It will give me the app-message for all pods except for when it gets to itself, whereupon it hangs.

root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080
hello, the date=Mon Jan 11 22:02:38 UTC 2016; my host=echo-server-1-y9bv2
root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080
^C
root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080
hello, the date=Mon Jan 11 22:02:43 UTC 2016; my host=echo-server-1-shoz0
root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080
^C
root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080
hello, the date=Mon Jan 11 22:31:19 UTC 2016; my host=echo-server-1-y9bv2
root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080
hello, the date=Mon Jan 11 22:31:23 UTC 2016; my host=echo-server-1-shoz0
root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080
hello, the date=Mon Jan 11 22:31:26 UTC 2016; my host=echo-server-1-y9bv2
root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080
hello, the date=Mon Jan 11 22:31:27 UTC 2016; my host=echo-server-1-shoz0
root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080

How can I configure things so that all members of a service can connect to all other members, including itself?

解决方案

Thanks to all those who helped on GitHub.
The workaround turned out to be as follows:

tanen01 commented on Feb 4 Seeing the same problem here on k8s v1.1.7 stable

Issue occurs with:

kube-proxy --proxy-mode=iptables 

Once I changed it to:

           --proxy-mode=userspace 

(also the default), then it works again.

So, if you are experiencing this, please try turning off --proxy-mode when you start kube-proxy.

这篇关于kubernetes pod 无法(通过服务)连接到自身，只能连接到其他 pod 容器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！