Kubernetes节点无法访问外部Kafka集群
[英]Kubernetes node can't reach external Kafka Cluster
问题描述
I have a Kubernetes cluster with multiple java microservices that need to connect to a remote Kafka Cluster. 
我有一个带有多个Java微服务的Kubernetes集群,需要连接到远程Kafka集群。 Servers are in DigitalOcean and completely reachable within their private network. 服务器位于DigitalOcean中,并且在其专用网络中完全可以访问。 The Kafka Cluster does not use Kubernetes and it is not within the cluster. Kafka群集不使用Kubernetes,并且不在群集内。
I used kubeadm to launch the entire cluster and this is the information about the cluster: 我使用kubeadm启动了整个集群,这是有关集群的信息:
# kubectl cluster-info
Kubernetes master is running at https://10.132.113.68:6443
KubeDNS is running at https://10.132.113.68:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
Version of Cluster 集群版本
# kubectl version
Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:22:21Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.7", GitCommit:"dd5e1a2978fd0b97d9b78e1564398aeea7e7fe92", GitTreeState:"clean", BuildDate:"2018-04-18T23:58:35Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
And this was used to set up the network: 这是用来建立网络的:
kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=10.132.113.68 --kubernetes-version stable-1.8
All the pods launched sucessfully: 所有吊舱均成功启动:
# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default datadog-agent-5cht2 1/1 Running 0 12d
default datadog-agent-5r7rw 1/1 Running 0 12d
default datadog-agent-b7t5q 1/1 Running 0 12d
default vizix-services-7bdccb48c4-2q8js 1/1 Running 0 19m
default vizix-tools-cpr88 0/1 Completed 0 12d
kube-system etcd-kubctl-s-2vcpu-4gb-nyc3-01-master 1/1 Running 0 27d
kube-system kube-apiserver-kubctl-s-2vcpu-4gb-nyc3-01-master 1/1 Running 0 27d
kube-system kube-controller-manager-kubctl-s-2vcpu-4gb-nyc3-01-master 1/1 Running 0 27d
kube-system kube-dns-6f4fd4bdf-f7ssn 3/3 Running 0 27d
kube-system kube-flannel-ds-dm5w4 1/1 Running 0 27d
kube-system kube-flannel-ds-ns58w 1/1 Running 0 27d
kube-system kube-flannel-ds-prnvf 1/1 Running 1 27d
kube-system kube-flannel-ds-xck8p 1/1 Running 0 27d
kube-system kube-proxy-2xrhl 1/1 Running 0 27d
kube-system kube-proxy-lnt9r 1/1 Running 0 27d
kube-system kube-proxy-m74ms 1/1 Running 0 27d
kube-system kube-proxy-vqdxt 1/1 Running 0 27d
kube-system kube-scheduler-kubctl-s-2vcpu-4gb-nyc3-01-master 1/1 Running 0 27d
kube-system kubernetes-dashboard-5bd6f767c7-7qp75 1/1 Running 0 26d
The POD that needs to connect to Kafka can reach the cluster when using PING or Telnet just fine: 使用PING或Telnet时,需要连接到Kafka的POD可以到达群集:
# kubectl exec -it vizix-services-7bdccb48c4-2q8js bash
bash-4.2# ping 10.132.123.177
PING 10.132.123.177 (10.132.123.177) 56(84) bytes of data.
64 bytes from 10.132.123.177: icmp_seq=1 ttl=63 time=0.540 ms
64 bytes from 10.132.123.177: icmp_seq=2 ttl=63 time=0.518 ms
64 bytes from 10.132.123.177: icmp_seq=3 ttl=63 time=0.432 ms
64 bytes from 10.132.123.177: icmp_seq=4 ttl=63 time=0.527 ms
^C
--- 10.132.123.177 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.432/0.504/0.540/0.045 ms
bash-4.2# telnet 10.132.123.177 9092
Trying 10.132.123.177...
Connected to 10.132.123.177.
Escape character is '^]'.
^CConnection closed by foreign host.
bash-4.2#
But the JAVA application cannot. 但是JAVA应用程序不能。 Using only docker, it can connect normally, but when the Kubernetes launches the pod, it cannot. 仅使用docker,它就可以正常连接,但是当Kubernetes启动pod时,它就不能连接。
2018-05-30 01:25:06,993+0000 WARN [localhost-startStop-1] com.tierconnect.riot.commons.services.broker.KafkaPublisher:: -
Check if exists a connection to kafka server 10.132.123.177:9092 and services is able to publish to kafka.
Is there something from Kubernetes that can prevent some specific application protocols to connect from one node to an external host? Kubernetes是否有某些东西可以阻止某些特定的应用程序协议从一个节点连接到外部主机?
This is the deployment YAML file for the service: 这是该服务的部署YAML文件:
apiVersion: apps/v1
kind: Deployment
metadata:
name: microservice1
labels:
app: services
spec:
replicas: 1
selector:
matchLabels:
app: services
template:
metadata:
labels:
app: services
spec:
containers:
- name: microservice1
image: random/java-image:v6.5.2
env:
- name: KAFKA_SERVERS
value: "10.132.123.177:9092"
1 个解决方案
解决方案1
0 已采纳 2019-03-06 16:41:36
I solved this using endpoints and services. 我使用端点和服务解决了这个问题。 This way the connectivity is being managed by Kubernetes: 这种连接方式是由Kubernetes管理的:
---
kind: "Service"
apiVersion: "v1"
metadata:
name: "kafka"
spec:
ports:
-
name: "kafka"
protocol: "TCP"
port: 9092
targetPort: 9092
nodePort: 0
---
kind: "Endpoints"
apiVersion: "v1"
metadata:
name: "kafka"
subsets:
-
addresses:
-
ip: "10.128.0.2"
ports:
-
port: 9092
name: "kafka"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.