在K8s中,我无法使用选择器应用程序中的群集IP远程登录到端口
[英]In K8s I can not telnet to the port using the cluster IP from selector app
问题描述
I am searching for a long time on the net. 
我在网上搜索了很长时间。 But no use. 但是没用。 Please help or try to give some ideas how to achieve this. 请帮助或尝试给出一些想法来实现这一目标。
Service definition: 服务定义:
{
"kind": "Service",
"apiVersion": "v1",
"metadata": {
"name": "eureka1",
"namespace": "default",
"selfLink": "/api/v1/namespaces/default/services/eureka1",
"uid": "aed393f1-d127-11e8-8f19-fa163e4dc428",
"resourceVersion": "7432445",
"creationTimestamp": "2018-10-16T09:41:40Z",
"labels": {
"k8s-app": "eureka1"
}
},
"spec": {
"ports": [
{
"name": "tcp-38761-8761-6fjms",
"protocol": "TCP",
"port": 80,
"targetPort": 80,
"nodePort": 8761
}
],
"selector": {
"k8s-app": "eureka1"
},
"clusterIP": "10.254.65.233",
"type": "NodePort",
"sessionAffinity": "None",
"externalTrafficPolicy": "Cluster"
},
"status": {
"loadBalancer": {}
}
}
kubectl describe service eureka1: kubectl描述服务eureka1:
Name: eureka1
Namespace: default
Labels: k8s-app=eureka1
Annotations: <none>
Selector: k8s-app=eureka1
Type: NodePort
IP: 10.254.65.233
Port: tcp-38761-8761-6fjms 80/TCP
TargetPort: 80/TCP
NodePort: tcp-38761-8761-6fjms 8761/TCP
Endpoints: 172.101.51.8:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
kubectl get ep: kubectl获取ep:
NAME ENDPOINTS
eureka1 172.101.51.8:80
eureka2 172.101.52.8:80
If I in the eureka1 app telnet to 10.254.65.233 80 如果我在eureka1应用程序telnet中连接到10.254.65.233 80
Trying 10.254.65.233...
telnet: connect to address 10.254.65.233: Connection timed out
but I can ping 10.254.65.233 但我可以ping 10.254.65.233
Try another service IP not selector and can telnet. 尝试使用另一个服务IP而不是选择器,并且可以telnet。
The kube-proxy mode is ipvs kube-proxy模式是ipvs
Thanks 谢谢
1 个解决方案
解决方案1
0 已采纳 2018-11-20 07:11:12
this can happen when the network is not properly configured for “hairpin” traffic, usually when kube-proxy is running in iptables mode and Pods are connected with bridge network. 当网络没有针对“发夹”流量进行正确配置时,通常会发生这种情况,通常是当kube-proxy在iptables模式下运行并且kube-proxy与网桥网络连接时。 The Kubelet exposes a hairpin-mode flag that allows endpoints of a Service to loadbalance back to themselves if they try to access their own Service VIP. Kubelet公开了一个hairpin-mode标志,该标志允许服务的端点在尝试访问自己的服务VIP时使其自身实现负载Kubelet 。 The hairpin-mode flag must either be set to hairpin-veth or promiscuous-bridge . hairpin-mode标志必须设置为hairpin-veth或promiscuous-bridge 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.