kubernetes奴才之间的网络
[英]Networking among kubernetes minions
问题描述
I installed an 8-node kubernetes cluster (1 master + 7 minion) but I faced a networking problem among minions. 
我安装了一个8节点的kubernetes集群(1个主节点+ 7个小兵),但是我在小兵之间遇到了网络问题。
I installed my cluster according to this step-by-step Fedora manual , so I use Fedora 20 with its testing repository to get kubernetes binaries. 我按照此Fedora分步手册安装了集群,因此我将Fedora 20及其测试存储库用于获取kubernetes二进制文件。
After installing, I wanted to try the guestbook example , but it seems to me there is a problem with the inter-container networking. 安装后,我想尝试来宾留言示例 ,但在我看来容器间网络存在问题。
Although containers/PODs are in running state and I can reach my 3 frontend containers (via browser) and the redis containers as well (via natcat), but the frontend, which not on the same host with the redis, cannot reach redis master. 尽管容器/ POD处于运行状态,并且我可以通过浏览器访问3个前端容器和redis容器(通过natcat),但是与redis不在同一主机上的前端不能访问redis master。 The frontend's PHP give back network exception. 前端的PHP返回网络异常。
Can anybody help me why the containers cannot reach each other among the hosts? 谁能帮我为什么容器在主机之间无法相互到达?
I hope I could describe my setup enough accurately and thanks in advance. 我希望我能足够准确地描述我的设置,并在此先感谢。
1 个解决方案
解决方案1
3 已采纳 2014-12-14 22:08:45
The Fedora guide you followed will only get you running on a single machine. 您遵循的Fedora指南只能使您在一台计算机上运行。 It avoids the issues around setting up networking across nodes. 它避免了跨节点设置网络的问题。
For kubernetes to work, the following network set up must be satisfied: 为了使kubernetes正常工作,必须满足以下网络设置:
- Every container should be able to talk to every other container, even across nodes. 每个容器都应该能够与其他每个容器进行对话,即使在节点之间也是如此。 This means also that the bridge IP range for those containers must not overlap. 这也意味着这些容器的桥接IP范围一定不能重叠。
- Code running on any node that isn't in a container should be able to reach every container (and vise-versa), even across nodes. 在不在容器中的任何节点上运行的代码应该能够到达每个容器(反之亦然),甚至跨节点也是如此。
- It is not necessary (but useful) if computers on the network that aren't part of the cluster can reach the containers directly. 如果网络中不属于群集的计算机可以直接到达容器,则没有必要(但很有用)。
There are a lot of ways to achieve this -- for instance the set up for vagrant sets up GRE tunnels between each node. 有很多方法可以实现此目的-例如,为无业游民的设置在每个节点之间设置GRE隧道。 On GCE we use features of the platform to do the routing. 在GCE上,我们使用平台的功能进行路由。 If you are on physical machines on a switch you can probably just do a big layer 2 network w/ bridges. 如果您在交换机上的物理机上,则可能只需做一个带有网桥的大型第2层网络。 A bulletproof way to get started (but perhaps not the most performant, depending on your set up) is to use something like flannel . 一种防弹的入门方法(但可能不是最出色的方法,具体取决于您的设置)是使用法兰绒之类的东西。
We are working on making this stuff easier to start up (without using a mess of shell scripts) and are thinking of building something like flannel in so that there is a reasonable default. 我们正在努力使这些内容更易于启动(无需使用一堆shell脚本),并正在考虑构建诸如flannel之类的东西,以便有一个合理的默认值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.