堆栈内存溢出
  简体   繁体   English

K8s - 无法从另一个节点访问服务/集群 IP

[英]K8s - Cannot access service/clusterIP from another node

 原文  2020-07-19 07:07:29       kubernetes/ docker-registry

问题描述

I am trying to access(from worker node) a pod(on worker node) via a service/ClusterIP using curl http://cluster_ip:port_no but it isn't working.我正在尝试使用curl http://cluster_ip:port_no通过 service/ClusterIP 访问(从工作节点)一个 pod(在工作节点上),但它不工作。

Here's some info on service这里有一些关于服务的信息

masternode@Master:/localdocker$ kubectl describe svc registry
Name:              registry
Namespace:         default
Labels:            io.kompose.service=registry
Annotations:       kompose.cmd: kompose convert -f docker-compose.yaml -o localregistry.yaml
                   kompose.version: 1.1.0 (36652f6)
Selector:          io.kompose.service=registry
Type:              ClusterIP
IP:                10.100.126.230
Port:              5000  5000/TCP
TargetPort:        5000/TCP
Endpoints:         192.168.171.74:5000
Session Affinity:  None
Events:            <none>```

here's some info on pod这是关于 pod 的一些信息

masternode@Master:/localdocker$ kubectl describe pod registry-7ccd695dc7-69cx4
Name:         registry-7ccd695dc7-69cx4
Namespace:    default
Priority:     0
Node:         worker/10.0.1.5
Start Time:   Sun, 19 Jul 2020 06:09:14 +0000
Labels:       io.kompose.service=registry
              pod-template-hash=7ccd695dc7
Annotations:  cni.projectcalico.org/podIP: 192.168.171.74/32
              cni.projectcalico.org/podIPs: 192.168.171.74/32
Status:       Running
IP:           192.168.171.74
IPs:
  IP:           192.168.171.74
Controlled By:  ReplicaSet/registry-7ccd695dc7
Containers:
  registry:
    Container ID:   docker://ca372f12ef7a1a3cb23e7d6c58337f47848f91212f6c75af6bfd04bc48ea2f27
    Image:          registry:2
    Image ID:       docker-pullable://registry@sha256:8be26f81ffea54106bae012c6f349df70f4d5e7e2ec01b143c46e2c03b9e551d
    Port:           5000/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Sun, 19 Jul 2020 06:09:24 +0000
    Ready:          True
    Restart Count:  0
    Environment:
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY:  /data
    Mounts:
      /data from registry-claim0 (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-fhf5k (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  registry-claim0:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  registry-claim0
    ReadOnly:   false
  default-token-fhf5k:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-fhf5k
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  13m   default-scheduler  Successfully assigned default/registry-7ccd695dc7-69cx4 to worker
  Normal  Pulling    13m   kubelet, worker    Pulling image "registry:2"
  Normal  Pulled     13m   kubelet, worker    Successfully pulled image "registry:2"
  Normal  Created    13m   kubelet, worker    Created container registry
  Normal  Started    13m   kubelet, worker    Started container registry

This is a practice exercise where I was able to do so(in their live environment) without any NodePorts.这是一个练习练习,我能够在没有任何 NodePort 的情况下(在他们的现场环境中)这样做。

Please let me know if any other info is required.如果需要任何其他信息,请告诉我。

1 个解决方案

解决方案1
 5  2020-07-19 07:39:03

This is an expected behavior because ClusterIP type service is only accessible from within the kubernetes cluster ie from another pod etc.这是预期的行为,因为ClusterIP类型的服务只能从 kubernetes 集群内访问,即从另一个 pod 等。

If you want to access a pod via a service from outside the kubernetes cluster ie from the nodes itself then use NodePort type service.如果您想通过 kubernetes 集群外部的服务(即从节点本身)访问 pod,则使用NodePort类型的服务。

Once you expose it via NodePort service you would be able to access it using curl http://<NODE-IP>:<NODE-PORT>一旦通过NodePort服务公开它,您就可以使用curl http://<NODE-IP>:<NODE-PORT>访问它

ClusterIP is created on service network of the cluster and nodes are in different network. ClusterIP是在集群的服务网络上创建的,节点在不同的网络中。 By creating a NodePort service a Port is opened in each nodes network to forward traffic to ClusterIP .通过创建NodePort服务,在每个节点网络中打开一个端口,以将流量转发到ClusterIP So in essence NodePort uses ClusterIP internally and is an higher level abstraction built on top of ClusterIP .所以本质上NodePort在内部使用ClusterIP并且是建立在ClusterIP之上的更高级别的抽象。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我可以直接从 k8s 节点访问 K8s ClusterIP 吗? - Can I access K8s ClusterIP from k8s node directly? 从另一台机器访问 minikube 托管的 k8s 服务 - access k8s service hosted by minikube from another machine k8s:使用 iptables 从公共 VIP 转发到 clusterIP - k8s: forwarding from public VIP to clusterIP with iptables k8s master节点无法通过虚拟ip访问pod或service - k8s master node cannot access the pod or service through virtual ip 如何在存在入口的k8s中从角度(clusterIP svc)调用golang API(clusterIP svc)? - How to call a golang API(clusterIP svc) from angular(clusterIP svc) in k8s with ingress present? k8s 从一个服务到另一个服务通信 - k8s communicate from one service to another 无法从 K8s 集群访问节点应用程序 - Unable to access node app from K8s cluster 使用虚拟服务在 2 个 ClusterIP k8s 服务之间拆分流量 - Split traffic between 2 ClusterIP k8s services using a virtual service Calico 在我的 k8s 中运行良好,但我无法在节点上 Ping clusterip - Calico works well in my k8s, but I can't Ping clusterip on the node Kubernetes 集群 - 无法从 spring 启动服务访问在一个 pod 中运行的 Kafka 代理,该服务在多 VM k8s 集群中的另一个 pod 中运行 - Kubernetes cluster - Cannot access Kafka broker running in a pod from spring boot service running in another pod in multi VM k8s cluster
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM