堆栈内存溢出
  简体   繁体   English

无法在IPv4上访问Kubernetes服务

[英]Kubernetes service not accessible on IPv4

 原文  2019-01-30 14:36:21       service/ kubernetes/ ip/ kubernetes-service

问题描述

we currently have following Kubernetes setup (v1.13.1, setup with kubeadm ) with connectivity set up between them: 我们目前有以下Kubernetes设置(v1.13.1,使用kubeadm设置),并在它们之间建立了连接:

  • Master node (bare metal) 主节点(裸金属)
  • 5 worker nodes (bare metal) 5个工作节点(裸机)
  • 2 worker nodes (cloud) 2个工作节点(云)
  • There is no proxy in between to access cluster, currently we are accessing services via hostname:NodePort 两者之间没有代理可以访问群集,当前我们正在通过hostname:NodePort访问服务

We are experiencing issue with accessing services via NodePort on 2 cloud worker nodes. 我们在通过2个云工作程序节点上的NodePort访问服务时遇到问题。 What is happening is that service is accessible via IPv6, but not via IPv4: 发生的事情是服务可以通过IPv6访问,但不能通过IPv4访问:

  • IPv6: telnet localhost6 30005 Trying ::1... Connected to localhost6. IPv6:telnet localhost6 30005正在尝试:: 1 ...连接到localhost6。 Escape character is '^]'. 转义字符为'^]'。
  • IPv4: telnet localhost4 30005 Trying 127.0.0.1... IPv4:telnet localhost4 30005尝试127.0.0.1 ...

Thing is that both are working on bare metal nodes. 事实是两者都在裸机节点上工作。 If I use netstat -napl | grep 30005 如果我使用netstat -napl | grep 30005 netstat -napl | grep 30005 , I can see kube-proxy is listening on this port ( tcp6 ). netstat -napl | grep 30005 ,我可以看到kube-proxy正在侦听此端口( tcp6 )。 I presumed this means that it does not listen on tcp , but aparently this is not the case (I have same picture on bare metal worker nodes): 我认为这意味着它不会在tcp监听,但是显然不是这样(我在裸机工作节点上有相同的图片): 

tcp6       7      0 :::30005                :::*                    LISTEN      24658/kube-proxy

I have also read that services are using IPv6, but based on bare metal worker nodes, it seems there should not be a problem using IPv4 there as well. 我还读到服务正在使用IPv6,但是基于裸机辅助节点,使用IPv4似乎也应该没有问题。

Any idea what would cause that issue and how to solve it? 任何想法会导致该问题以及如何解决它吗?

Thank you and best regards, Bostjan 谢谢您,最好的问候,Bostjan

1 个解决方案

解决方案1
 0 已采纳  2019-04-29 16:17:45

In case someone stumbles upon same issue, there was issue with unopened ports on FW for flannel network overlay: 如果有人偶然发现了相同的问题,则存在FW上未打开的端口用于flannel网覆盖的问题:

  • 8285 UDP - flannel UDP backend 8285 UDP法兰绒UDP后端
  • 8472 UDP - flannel vxlan backend 8472 UDP法兰绒vxlan后端

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 kubernetes:主机外部无法访问服务 - kubernetes: a service is not accessible outside host 启用 kubernetes 服务的自动启动 - Enable autostart of kubernetes service Bluemix服务端点是否可公开访问? - Are Bluemix service endpoints publicly accessible? kubernetes 服务是如何工作的? - how kubernetes service works? 如何在 Kubernetes 中公开服务 - How to expose a service in Kubernetes 统一kubernetes中的服务端点 - Unify service endpoints in kubernetes 用Java创建Kubernetes服务 - Creating a Kubernetes Service in Java Kubernetes-作为服务公开 - Kubernetes - Exposing as a service Kubernetes 服务选择器到容器 - Kubernetes Service selector to a container 尝试启动kubernetes服务/部署 - Trying to start kubernetes service/deployment
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM