kubernetes pod无法通过服务连接到自己，只能连接到其他pod-container [英] kubernetes pod can't connect (through service) to self, only to other pod-containers

问题描述

我有一个kubernetes单节点设置（请参阅 https://coreos.com） /kubernetes/docs/latest/kubernetes-on-vagrant-single.html ）

我有一个服务和复制控制器创建pod。那些pod需要连接到同一个服务中的其他pod（注意：这最终可以让mongo运行w / replica集（非localhost），但是这个简单的例子演示了mongo有的问题）。 >

当我从任何节点连接到服务时，它将被分发（如预期）到其中一个pod。这将工作，直到它平衡本身（我所在的容器）。然后连接失败。

对不起，要详细说明，但我将附上所有的文件，以便您可以在这个小例子中看到我在做什么。

Dockerfile：

  FROM ubuntu 
维护者Eric H 
 RUN apt -获取更新; apt-get install netcat 
 EXPOSE 8080 
 COPY ./entry.sh / 
 ENTRYPOINT [/entry.sh] 
  

这里是入口点

 ＃！/ bin / bash 
＃等待连接，然后告诉他们我们是
，而：; do 
 echohello，date =`date`;我的主机=`hostname`| nc -l 8080 
 sleep .5 
 done 
  

构建dockerfile

docker build -t echoserver。

标签和上传到我的k8s集群的注册表

  docker标签-f echoserver：最新127.0.0.1:5000/echoserver:latest 
 docker推127.0.0.1:5000/echoserver:latest 
  

这是我的复制控制器

  apiVersion：v1 
种类：ReplicationController 
元数据：
标签：
角色：echo-server 
 app：echo 
 name：echo-server-1 
 spec：
 replicas：3 
 template：
元数据：
标签：
 entity：echo-server-1 
 role：echo-server 
 app：echo 
 spec：
 containers：
  -  
 image：127.0。 0.1：5000 / echoserver：最新
名称：echo-server-1 
 
 ports：
  -  containerPort：8080 
  

最后，这里是我的服务

  kind：Service 
元数据：
标签：
 app：echo 
角色：echo-server 
名称：echo-server-1 
名称：echo-server-1 
规格：
选择器：
实体：echo-server-1 
角色：echo-server 
端口：
  - 端口：8080 
 targetPort：8080 
  

创建我的服务
kubectl create -f echo.service.yaml

创建我的rc
kubectl create -f echo.controller.yaml

获取我的POD

  kubectl get po 
 NAME READY STATUS RESTARTS AGE 
 echo-server-1-jp0aj 1/1运行0 39m 
 echo-server-1-shoz0 1/1运行0 39m 
 echo-server-1-y9bv2 1/1运行0 39m 
  

获取服务IP

  kubectl get svc 
 NAME CLUSTER_IP EXTERNAL_IP PORT（S）SELECTOR AGE 
 echo-server-1 10.3.0.246< none> 8080 / TCP entity = echo-server-1，role = echo-server 39m 
  

pods
kubectl exec -t -i echo-server-1-jp0aj / bin / bash

现在连接到服务多次...它会给我所有pod的应用程序消息，除了它自己，然后挂起。然后挂起。

  root @ echo-server-1-jp0aj：/＃nc 10.3.0.246 8080 
 hello，date = Mon Jan 11 22:02:38 UTC 2016;我的主机= echo-server-1-y9bv2 
 root @ echo-server-1-jp0aj：/＃nc 10.3.0.246 8080 
 ^ C 
 root @ echo-server-1-jp0aj ：/＃nc 10.3.0.246 8080 
 hello，date = Mon Jan 11 22:02:43 UTC 2016;我的主机= echo-server-1-shoz0 
 root @ echo-server-1-jp0aj：/＃nc 10.3.0.246 8080 
 ^ C 
 root @ echo-server-1-jp0aj ：/＃nc 10.3.0.246 8080 
 hello，date = Mon Jan 11 22:31:19 UTC 2016;我的主机= echo-server-1-y9bv2 
 root @ echo-server-1-jp0aj：/＃nc 10.3.0.246 8080 
 hello，date = Mon Jan 11 22:31:23 UTC 2016 ;我的主机= echo-server-1-shoz0 
 root @ echo-server-1-jp0aj：/＃nc 10.3.0.246 8080 
 hello，date = Mon Jan 11 22:31:26 UTC 2016 ;我的主机= echo-server-1-y9bv2 
 root @ echo-server-1-jp0aj：/＃nc 10.3.0.246 8080 
 hello，date = Mon Jan 11 22:31:27 UTC 2016 ;我的主机= echo-server-1-shoz0 
 root @ echo-server-1-jp0aj：/＃nc 10.3.0.246 8080 
  

如何配置事务，使服务的所有成员可以连接到所有其他成员，包括其自身？

解决方案感谢所有帮助GitHub的人。

解决方法如下：

tanen01评论于2月4日在k8s v1.1.7上看到同样的问题
stable

问题发生在：

  kube-proxy --proxy-mode = iptables 
  

一旦我更改为：

  --proxy-mode = userspace 
  

（也是默认值），然后再工作。

所以，如果你遇到这个问题，请尝试关闭 - 代理模式 kube-proxy 。

I have a kubernetes single-node setup (see https://coreos.com/kubernetes/docs/latest/kubernetes-on-vagrant-single.html )

I have a service and an replication controller creating pods. Those pods need to connect to the other pods in the same service (Note: this is ultimately so that I can get mongo running w/replica sets (non localhost), but this simple example demonstrates the problem that mongo has).

When I connect from any node to the service, it will be distributed (as expected) to one of the pods. This will work until it load balances to itself (the container that I am on). Then it fails to connect.

Sorry to be verbose, but I am going to attach all my files so that you can see what I'm doing in this little example.

Dockerfile:

FROM ubuntu
MAINTAINER Eric H
RUN apt-get update; apt-get install netcat
EXPOSE 8080
COPY ./entry.sh /
ENTRYPOINT ["/entry.sh"]

Here is the entry point

#!/bin/bash
# wait for a connection, then tell them who we are 
while : ; do 
    echo "hello, the date=`date`; my host=`hostname`" | nc -l 8080 
    sleep .5
done

build the dockerfile

docker build -t echoserver .

tag and upload to my k8s cluster's registry

docker tag -f echoserver:latest 127.0.0.1:5000/echoserver:latest
docker push 127.0.0.1:5000/echoserver:latest

Here is my Replication Controller

apiVersion: v1
kind: ReplicationController
metadata:
  labels:
    role: echo-server
    app: echo
  name: echo-server-1
spec:
  replicas: 3
  template:
    metadata:
      labels:
        entity: echo-server-1
        role: echo-server
        app: echo
    spec:
      containers:
      - 
        image: 127.0.0.1:5000/echoserver:latest
        name: echo-server-1

        ports:
          - containerPort: 8080

And finally, here is my Service

kind: Service
metadata:
  labels:
    app: echo
    role: echo-server
    name: echo-server-1
  name: echo-server-1
spec:
  selector:
    entity: echo-server-1
    role: echo-server
  ports:
    - port: 8080
      targetPort: 8080

Create my service kubectl create -f echo.service.yaml

Create my rc kubectl create -f echo.controller.yaml

Get my PODs

kubectl get po
NAME                  READY     STATUS    RESTARTS   AGE
echo-server-1-jp0aj   1/1       Running   0          39m
echo-server-1-shoz0   1/1       Running   0          39m
echo-server-1-y9bv2   1/1       Running   0          39m

Get the service IP

kubectl get svc
NAME            CLUSTER_IP   EXTERNAL_IP   PORT(S)    SELECTOR                                AGE
echo-server-1   10.3.0.246   <none>        8080/TCP   entity=echo-server-1,role=echo-server   39m

Exec into one of the pods kubectl exec -t -i echo-server-1-jp0aj /bin/bash

Now connect to the service multiple times... It will give me the app-message for all pods except for when it gets to itself, whereupon it hangs.

root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080
hello, the date=Mon Jan 11 22:02:38 UTC 2016; my host=echo-server-1-y9bv2
root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080
^C
root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080
hello, the date=Mon Jan 11 22:02:43 UTC 2016; my host=echo-server-1-shoz0
root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080
^C
root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080
hello, the date=Mon Jan 11 22:31:19 UTC 2016; my host=echo-server-1-y9bv2
root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080
hello, the date=Mon Jan 11 22:31:23 UTC 2016; my host=echo-server-1-shoz0
root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080
hello, the date=Mon Jan 11 22:31:26 UTC 2016; my host=echo-server-1-y9bv2
root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080
hello, the date=Mon Jan 11 22:31:27 UTC 2016; my host=echo-server-1-shoz0
root@echo-server-1-jp0aj:/# nc 10.3.0.246 8080

How can I configure things so that all members of a service can connect to all other members, including itself?

解决方案

Thanks to all those who helped on GitHub.
The workaround turned out to be as follows:

tanen01 commented on Feb 4 Seeing the same problem here on k8s v1.1.7 stable

Issue occurs with:

kube-proxy --proxy-mode=iptables 

Once I changed it to:

           --proxy-mode=userspace 

(also the default), then it works again.

So, if you are experiencing this, please try turning off --proxy-mode when you start kube-proxy.

这篇关于kubernetes pod无法通过服务连接到自己，只能连接到其他pod-container的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！