kubernetes:无法通过ClusterIP / NodePort访问VirtualBox群集上的服务
[英]kubernetes: cannot access service on VirtualBox cluster via ClusterIP / NodePort
问题描述
I created a 3-node kubernetes cluster (1 master + 2 workers) on VirtualBox using the instructions here . 
我使用此处的说明在VirtualBox上创建了一个3节点的kubernetes集群(1个主节点+ 2个工作线程)。 I am using Flannel for the overlay network. 我将Flannel用于覆盖网络。
I set sysctl -w net.bridge.bridge-nf-call-iptables=1 and sysctl -w net.bridge.bridge-nf-call-ip6tables=1 on the master during installation. 在安装过程中,我在主服务器上设置了sysctl -w net.bridge.bridge-nf-call-iptables=1和sysctl -w net.bridge.bridge-nf-call-ip6tables=1 。 I hadn't set them on the workers at that time, but I set them later and rebooted both nodes. 那时我还没有在工作人员上设置它们,但是后来我将它们设置好并重启了两个节点。
I have a trivial web app written in Go, listening on port 8080. I created a pod + replication controller thus:
我有一个用Go编写的简单的Web应用程序,侦听端口8080。因此,我创建了一个pod +复制控制器: kubectl run foo --image=<...> --port=8080 --generator=run/v1I am able to access my service using the POD IP and port 8080.
我可以使用POD IP和端口8080访问我的服务。 I also created a ClusterIP service.
我还创建了ClusterIP服务。 kubectl expose rc foo --name=foo-http --port=8081 --target-port=8080 # ClusterIP service # kubectl get svc foo-http NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE foo-http ClusterIP 10.106.88.24 <none> 8081/TCP 14mWhen I run this from any cluster node, it hangs:
当我从任何群集节点运行此文件时,它会挂起: curl http://10.106.88.24:8081 # that's the ClusterIPBy running strace, I can see that curl initiates a non-blocking
connect, and spins in a loop onpoll, without the socket ever becoming ready for aread- so the connection doesn't go through.通过运行strace,我可以看到curl启动了一个非阻塞connect,并在poll上旋转了一个循环,而套接字没有为read做好准备-因此连接无法通过。If I create a NodePort service instead, I simply get connection refused.
如果改为创建NodePort服务,则只会拒绝连接。 # cat svc_nodeport.json apiVersion: v1 kind: Service metadata: name: foo-http spec: type: NodePort ports: - port: 8081 targetPort: 8080 nodePort: 31123 selector: app: foo # kubectl create -f svc_nodeport.json # kubectl get svc foo-http NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE foo-http NodePort 10.104.78.88 <none> 8081:31123/TCP 7mWhen I try connecting via port 31123:
当我尝试通过端口31123连接时: # curl http://<node-ip>:31123 # Tried on master and both workers curl: (7) Failed connect to <node-ip>:31123; Connection refused
How do debug this? 如何调试呢?
2 个解决方案
解决方案1
1 2018-05-20 00:14:08
I think your service manifest selector isn't selecting the pod. 我认为您的服务清单选择器没有选择广告连播。 Try to describe the pod and check for the labels. 尝试描述吊舱并检查标签。 Kubectl describe pod Then change your service manifest according to your pod labels. Kubectl描述pod,然后根据pod标签更改服务清单。
Best practice is to use declarative ways by writing the deployment or pod manifest, instead of using the imperative commands of kubectl, such as run or create. 最佳实践是通过编写部署或pod清单使用声明性方式,而不是使用kubectl的命令性命令(例如运行或创建)。
解决方案2
1 2018-05-21 14:15:36
check first if something wrong : 首先检查是否有问题:
kubectl describe service foo-http
and try other network cluster (for example: remove current network and deploy weave network) 并尝试其他网络群集(例如:删除当前网络并部署编织网络)
kubectl get -n kube-system daemonset | grep -i Flannel |cut -f1 -d ' '| kubectl delete daemonset -n kube-system
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
and for testing change "port" and "targetPort" to 8080 as you mentioned (or remove "targetPort") , like : 为了测试将“ port”和“ targetPort”更改为您提到的8080(或删除“ targetPort”),例如:
ports:
- port: 8080
targetPort: 8080
nodePort: 31123
then 然后
kubectl delete service foo-http
and create your service again Ex. 并再次创建您的服务。
kubectl create -f UrServiceScript.yaml
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.