如果在kubernetes集群中将externalTrafficPolicy设置为Local,为什么无法访问服务 [英] Why unable to access a service if setting externalTrafficPolicy to Local in a kubernetes cluster
问题描述
我正在关注此指南以应用源IP功能到我的kubernetes集群。
I'm following this guide to apply the source ip feature to my kubernetes cluster.
首先,我通过运行创建了一个pod:
Firstly, I created a pod by running:
$ kubectl运行source-ip-app --image = gcr.io / google_containers / echoserver:1.4
然后将其作为NodePort服务公开:
Then expose it as a NodePort service:
kubectl公开部署源-ip-app --name = nodeport --port = 80 --target-port = 8080 --type = NodePort
此时,我能够从群集外部访问该服务并获得正确的client_address:
At this point, I'm able to access the service from outside of the cluster and get correct client_address:
$ curl 10.74.68.49:16860 | grep客户端
%收到的总百分比%Xferd平均速度时间时间当前时间
Dload上传总剩余时间速度
100 296 0 296 0 0 43167 0 - - : - : - - : - : - - : - : - 49333
client_address = 10.168.193.130
$ curl 10.74.68.49:16860 | grep client
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 296 0 296 0 0 43167 0 --:--:-- --:--:-- --:--:-- 49333
client_address=10.168.193.130
但是如果应用源ip功能:
But if applying the source ip feature:
kubectl patch svc nodeport -p'{spec: {externalTrafficPolicy:Local}}'
我会超时:
$ curl 10.74.68.49:16860 | grep客户端
%收到的总百分比%Xferd平均速度时间时间当前时间
Dload上传总剩余时间速度
0 0 0 0 0 0 0 0 - - : - : - 0:01:14 - : - : - 0curl:(7)无法连接到10.74.68.49端口16860:操作超时
$ curl 10.74.68.49:16860 | grep client
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:01:14 --:--:-- 0curl: (7) Failed to connect to 10.74.68.49 port 16860: Operation timed out
我想知道这背后的原因是什么以及如何解决它。
I'm wondering what's the reason behind this and how to resolve it.
我的环境信息:
$ kubectl version
客户端版本:version.Info {Major:1,Minor:7,GitVersion:v1 .7.3,GitCommit:2c2fe6e8278a5db2d15a013987b53968c743f2a1,GitTreeState:clean,BuildDate:2017-08-03T07:00:21Z,GoVersion:go1.8.3,编译:gc,平台:linux / amd64 }
服务器版本:version.Info {Major:1,Minor:7,GitVersion:v1.7.3,GitCommit:2c2fe6e8278a5db2d15a013987b53968c743f2a1,GitTreeState:clean,BuildDate: 2017-08-03T06:43:48Z,GoV ersion:go1.8.3,编译器:gc,平台:linux / amd64}
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.3", GitCommit:"2c2fe6e8278a5db2d15a013987b53968c743f2a1", GitTreeState:"clean", BuildDate:"2017-08-03T07:00:21Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.3", GitCommit:"2c2fe6e8278a5db2d15a013987b53968c743f2a1", GitTreeState:"clean", BuildDate:"2017-08-03T06:43:48Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
更新:
我的群集有2个节点,无论访问哪个节点ip,都会出现超时问题。
My cluster has 2 nodes, I get the timeout issue no matter which node ip is accessed.
推荐答案
创建kube-proxy.yaml
kubectl get ds -n kube-system kube-proxy -o yaml> kube-proxy.yaml
# ...
spec:
containers:
- command:
- ./hyperkube
- proxy
- --cluster-cidr=10.2.0.0/16
- --hostname-override=$(HOST_IP)
- --kubeconfig=/etc/kubernetes/kubeconfig
- --proxy-mode=iptables
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
#...
更新容器:
kubectl apply -f kube-proxy.yaml
这将应用 https://github.com/kubernetes/kubernetes/issues/48437 ,解决丢弃的数据包问题。
This will apply the fix mentioned in https://github.com/kubernetes/kubernetes/issues/48437, resolving the dropped packets issue.
这篇关于如果在kubernetes集群中将externalTrafficPolicy设置为Local,为什么无法访问服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!