k8s master节点无法通过虚拟ip访问pod或service

Question

the master node cannot access service or pod through virtual ip ,Network plugins flannel work just fine.

[root@www ~]# clear
[root@www ~]# kubectl get pod --all-namespaces -o wide
NAMESPACE     NAME                          READY   STATUS    RESTARTS   AGE     IP              NODE               NOMINATED NODE   READINESS GATES
default       java-demo-c7765d5cd-kfglv     1/1     Running   1          3h48m   10.244.1.13     www.server03.com   <none>           <none>
default       java-demo-c7765d5cd-pcdjk     1/1     Running   1          3h48m   10.244.0.12     www.server02.com   <none>           <none>
kube-system   coredns-68d7b6f657-mn7fx      1/1     Running   1          6d17h   10.244.1.14     www.server03.com   <none>           <none>
kube-system   kube-flannel-ds-amd64-f8hd2   1/1     Running   3          6d19h   192.168.254.5   www.server02.com   <none>           <none>
kube-system   kube-flannel-ds-amd64-h9xsq   1/1     Running   2          6d19h   192.168.254.6   www.server03.com   <none>           <none>
[root@www ~]# kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
java-demo    NodePort    10.0.0.153   <none>        80:30018/TCP   3h18m
kubernetes   ClusterIP   10.0.0.1     <none>        443/TCP        6d23h
[root@www ~]# curl 10.0.0.153
curl: (7) Failed connect to 10.0.0.153:80; 拒绝连接
[root@www ~]# curl 10.244.1.14:8080
curl: (7) Failed connect to 10.244.1.14:8080; 拒绝连接
[root@www ~]# ping 10.0.0.153 
PING 10.0.0.153 (10.0.0.153) 56(84) bytes of data.
--- 10.0.0.153 ping statistics ---
119 packets transmitted, 0 received, 100% packet loss, time 118011ms

the node can access the service virtual ip,execute instructions on the node as follows:

[root@www ~]# clear
[root@www ~]# ping 10.0.0.153
PING 10.0.0.153 (10.0.0.153) 56(84) bytes of data.
64 bytes from 10.0.0.153: icmp_seq=1 ttl=64 time=0.124 ms
64 bytes from 10.0.0.153: icmp_seq=2 ttl=64 time=0.040 ms
64 bytes from 10.0.0.153: icmp_seq=3 ttl=64 time=0.038 ms
64 bytes from 10.0.0.153: icmp_seq=4 ttl=64 time=0.072 ms
64 bytes from 10.0.0.153: icmp_seq=5 ttl=64 time=0.039 ms
^C
--- 10.0.0.153 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4000ms
rtt min/avg/max/mdev = 0.038/0.062/0.124/0.034 ms
[root@www ~]# 

the java-demo.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: java-demo
  name: java-demo
spec:
  replicas: 2
  selector:
    matchLabels:
      app: java-demo
  template:
    metadata:
      labels:
        app: java-demo
    spec:
      containers:
      - image: java-demo:v1
        name: java-demo

the service.yaml

apiVersion: v1
kind: Service
metadata:
  labels:
    app: java-demo
  name: java-demo
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 8080
    nodePort: 30018
  selector:
    app: java-demo
  type: NodePort

This service can be accessed normally on the node after exposure and the pod container is just not accessible virtual IP on the master node. Please help me, thank you!

Answer 1

You are using NodePort type to expose the Deployment , your service will not be accessible via your virtual IP.

Inside Kubernetes docs we can read:

For some parts of your application (for example, frontends) you may want to expose a Service onto an external IP address, that's outside of your cluster.

Kubernetes ServiceTypes allow you to specify what kind of Service you want. The default is ClusterIP .

Type values and their behaviors are:

• ClusterIP : Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster. This is the default ServiceType .
• NodePort : Exposes the Service on each Node's IP at a static port (the NodePort ). A ClusterIP Service, to which the NodePort Service routes, is automatically created. You'll be able to contact the NodePort Service, from outside the cluster, by requesting <NodeIP>:<NodePort> .
• LoadBalancer : Exposes the Service externally using a cloud provider's load balancer. NodePort and ClusterIP Services, to which the external load balancer routes, are automatically created.
• ExternalName : Maps the Service to the contents of the externalName field (eg foo.bar.example.com ), by returning a CNAME record with its value. No proxying of any kind is set up.

Also your Deployemnt is missing containerPort . Here is a link to docs how to Create a Deployment .

Please also consider reading Connecting Applications with Services as it's providing examples of different types.