为什么我无法从其他节点 IP 访问 kubernetes pod?
[英]Why I cant access a kubernetes pod from other Nodes IP?
问题描述
I've installed kubernetes cluster with help of Kubespray.
我在 Kubespray 的帮助下安装了 kubernetes 集群。 Cluster having 3 Nodes (2 Master & 1 Worker).具有 3 个节点(2 个主节点和 1 个工作节点)的集群。 node1 - 10.1.10.110, node2 - 10.1.10.111, node3 - 10.1.10.112节点1 - 10.1.10.110,节点2 - 10.1.10.111,节点3 - 10.1.10.112
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
node1 Ready master 12d v1.18.5
node2 Ready master 12d v1.18.5
node3 Ready <none> 12d v1.18.5
I deployed this pod in node1 (10.1.10.110) and exposed nodeport service as shown.我在 node1 (10.1.10.110) 中部署了这个 pod,并暴露了 nodeport 服务,如图所示。
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
default pod/httpd-deployment-598596ddfc-n56jq 1/1 Running 0 7d21h 10.233.64.15 node1 <none> <none>
---
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
default service/httpd-service NodePort 10.233.16.84 <none> 80:31520/TCP 12d app=httpd
Service description服务说明
$ kubectl describe services -n default httpd-service
Name: httpd-service
Namespace: default
Labels: <none>
Annotations: <none>
Selector: app=httpd
Type: NodePort
IP: 10.233.16.84
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 31520/TCP
Endpoints: 10.233.64.15:80
Session Affinity: None
External Traffic Policy: Cluster
Question: I can able to access the service from node1:31520 (where the pod actually deployed) but can't able to access the same service from other nodes (node2:31520 (or) node3:31520)问题:我可以从 node1:31520(实际部署 pod 的位置)访问服务,但无法从其他节点(node2:31520(或)node3:31520)访问相同的服务
$curl http://10.1.10.110:31520
<html><body><h1>It Works!</h1></body></html>
but if I curl with other node IP, timed out response
$curl http://10.1.10.111:31520
curl (7): Failed connect to 10.1.10.111; Connection timed out
$curl http://10.1.10.112:31520
curl (7): Failed connect to 10.1.10.112; Connection timed out
Can anyone suggest what I am missing?谁能建议我缺少什么?
2 个解决方案
解决方案1
3 2020-07-14 16:56:17
Ideally you should be able to access a pod via NodePort using any of the nodes IP.理想情况下,您应该能够使用任何节点 IP 通过 NodePort 访问 pod。 If kube-proxy or CNI Plugin(calico etc) are not working properly in your cluster then it can cause the problem where pod is not reachable via a Nodes IP on which the Pod is not scheduled.如果 kube-proxy 或 CNI 插件(calico 等)在您的集群中无法正常工作,则可能会导致无法通过未安排 Pod 的节点 IP 访问 pod。
Check this related question kubernetes: cannot access NodePort from other machines检查这个相关问题kubernetes: cannot access NodePort from other machines
解决方案2
2 已采纳 2020-07-14 15:34:32
Because you have only one pod on 10.1.10.110因为您在 10.1.10.110 上只有一个 pod
Your curl is wrong, you didn't deploy a pod on 111 and 112 nodes, this is the reason that the endpoints aren't working.您的 curl 是错误的,您没有在 111 和 112 节点上部署 pod,这是端点无法正常工作的原因。 Just execute curl http://10.1.10.110:31520 on the other nodes and it will work只需在其他节点上执行curl http://10.1.10.110:31520
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.