为什么访问 k8s 服务耗时太长?
[英]Why access to the k8s service takes too long?
问题描述
I've created a simple k8s cluster and deployed a microsocks server with the help of kallqvist/microsocks .
我创建了一个简单的 k8s 集群并在kallqvist/microsocks的帮助下部署了一个 microsocks 服务器。 After exposing it via service, it takes too long for a curl command to connect to this service and retrieve the info.通过服务公开它后,curl 命令需要很长时间才能连接到该服务并检索信息。
Prerequisites:先决条件:
- last version of Kubernetes Kubernetes 的最新版本
- calico for cni plugin calico 用于 cni 插件
Steps to reproduce the problem:重现问题的步骤:
- Here is a simple command to run this pod inside your cluster:这是在集群中运行此 pod 的简单命令:
k run socks --namespace testns --rm -it --image=kallqvist/microsocks:latest --command -- microsocks -1 -p 1080 -u suser -P spassword
// take a look:
# k -n testns get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
socks 1/1 Running 0 61m 10.244.225.48 node-fi <none> <none>
- After that, you can create a simple service (NodePort Service) to expose my pod, here is the command:之后,您可以创建一个简单的服务(NodePort 服务)来公开我的 pod,命令如下:
k -n testns expose pods/socks --type NodePort --port 1080
- Get the service node port by this command:通过以下命令获取服务节点端口:
# k -n testns get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
socks NodePort 10.99.188.25 <none> 1080:31410/TCP 50m
- At this moment you can access the service, but it takes approximately 3 minutes.此时您可以访问该服务,但大约需要 3 分钟。 You can test it with this curl command:您可以使用以下 curl 命令对其进行测试:
curl -x socks5://suser:spassword@<your-server-ip>:31410 http://ifconfig.ovh
Here is my tcpdump packets:这是我的 tcpdump 数据包:
2286 3.279178 5.125.188.197 xxx.xxx.xxx.105 TCP 76 14767 → 31410 [SYN] Seq=0 Win=64240 Len=0 MSS=1400 SACK_PERM=1 TSval=2144430994 TSecr=0 WS=128
2289 3.279248 xxx.xxx.xxx.105 10.244.225.48 TCP 76 44194 → 1080 [SYN] Seq=0 Win=64240 Len=0 MSS=1400 SACK_PERM=1 TSval=2144430994 TSecr=0 WS=128
2292 3.279289 10.244.225.48 xxx.xxx.xxx.105 TCP 76 1080 → 44194 [SYN, ACK] Seq=0 Ack=1 Win=64260 Len=0 MSS=1440 SACK_PERM=1 TSval=3395052955 TSecr=2144430994 WS=128
2293 3.279301 xxx.xxx.xxx.105 5.125.188.197 TCP 76 31410 → 14767 [SYN, ACK] Seq=0 Ack=1 Win=64260 Len=0 MSS=1440 SACK_PERM=1 TSval=3395052955 TSecr=2144430994 WS=128
2500 3.413135 5.125.188.197 xxx.xxx.xxx.105 TCP 68 14767 → 31410 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=2144431131 TSecr=3395052955
2501 3.413148 xxx.xxx.xxx.105 10.244.225.48 TCP 68 44194 → 1080 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=2144431131 TSecr=3395052955
155590 229.785623 5.125.188.197 xxx.xxx.xxx.105 TCP 73 14767 → 31410 [PSH, ACK] Seq=1 Ack=1 Win=64256 Len=5 TSval=2144657489 TSecr=3395052955
155593 229.785729 xxx.xxx.xxx.105 10.244.225.48 Socks 73 Version: 5
155596 229.785792 10.244.225.48 xxx.xxx.xxx.105 TCP 68 1080 → 44194 [ACK] Seq=1 Ack=6 Win=64256 Len=0 TSval=3395279461 TSecr=2144657489
155597 229.785811 xxx.xxx.xxx.105 5.125.188.197 TCP 68 31410 → 14767 [ACK] Seq=1 Ack=6 Win=64256 Len=0 TSval=3395279461 TSecr=2144657489
155598 229.785871 10.244.225.48 xxx.xxx.xxx.105 Socks 70 Version: 5
155599 229.785928 xxx.xxx.xxx.105 5.125.188.197 TCP 70 31410 → 14767 [PSH, ACK] Seq=1 Ack=6 Win=64256 Len=2 TSval=3395279461 TSecr=2144657489
155654 229.922585 5.125.188.197 xxx.xxx.xxx.105 TCP 68 14767 → 31410 [ACK] Seq=6 Ack=3 Win=64256 Len=0 TSval=2144657639 TSecr=3395279461
155655 229.922621 xxx.xxx.xxx.105 10.244.225.48 TCP 68 44194 → 1080 [ACK] Seq=6 Ack=3 Win=64256 Len=0 TSval=2144657639 TSecr=3395279461
155743 230.314622 5.125.188.197 xxx.xxx.xxx.105 TCP 78 14767 → 31410 [PSH, ACK] Seq=6 Ack=3 Win=64256 Len=10 TSval=2144658027 TSecr=3395279461
155744 230.314659 xxx.xxx.xxx.105 10.244.225.48 Socks 78 Version: 5
155745 230.314708 10.244.225.48 xxx.xxx.xxx.105 TCP 68 1080 → 44194 [ACK] Seq=3 Ack=16 Win=64256 Len=0 TSval=3395279990 TSecr=2144658027
155746 230.314732 xxx.xxx.xxx.105 5.125.188.197 TCP 68 31410 → 14767 [ACK] Seq=3 Ack=16 Win=64256 Len=0 TSval=3395279990 TSecr=2144658027
155747 230.314864 10.244.225.48 213.186.33.50 TCP 76 53530 → 80 [SYN] Seq=0 Win=64800 Len=0 MSS=1440 SACK_PERM=1 TSval=2621910285 TSecr=0 WS=128
155772 230.343254 213.186.33.50 10.244.225.48 TCP 76 80 → 53530 [SYN, ACK] Seq=0 Ack=1 Win=17520 Len=0 MSS=1460 SACK_PERM=1 WS=4096 TSval=23 TSecr=2621910285
155773 230.343307 10.244.225.48 213.186.33.50 TCP 68 53530 → 80 [ACK] Seq=1 Ack=1 Win=64896 Len=0 TSval=2621910314 TSecr=23
155777 230.343418 10.244.225.48 xxx.xxx.xxx.105 Socks 78 Version: 5
155778 230.343454 xxx.xxx.xxx.105 5.125.188.197 TCP 78 31410 → 14767 [PSH, ACK] Seq=3 Ack=16 Win=64256 Len=10 TSval=3395280019 TSecr=2144658027
155945 230.472819 5.125.188.197 xxx.xxx.xxx.105 TCP 68 14767 → 31410 [ACK] Seq=16 Ack=13 Win=64256 Len=0 TSval=2144658198 TSecr=3395280019
155946 230.472819 5.125.188.197 xxx.xxx.xxx.105 HTTP 144 GET / HTTP/1.1
155947 230.472847 xxx.xxx.xxx.105 10.244.225.48 TCP 68 44194 → 1080 [ACK] Seq=16 Ack=13 Win=64256 Len=0 TSval=2144658198 TSecr=3395280019
155948 230.472857 xxx.xxx.xxx.105 10.244.225.48 HTTP 144 GET / HTTP/1.1
155949 230.472952 10.244.225.48 xxx.xxx.xxx.105 TCP 68 1080 → 44194 [ACK] Seq=13 Ack=92 Win=64256 Len=0 TSval=3395280148 TSecr=2144658199
155950 230.472973 xxx.xxx.xxx.105 5.125.188.197 TCP 68 31410 → 14767 [ACK] Seq=13 Ack=92 Win=64256 Len=0 TSval=3395280148 TSecr=2144658199
155951 230.472984 10.244.225.48 213.186.33.50 HTTP 144 GET / HTTP/1.1
155958 230.503135 213.186.33.50 10.244.225.48 HTTP 370 HTTP/1.1 200 OK (text/html)
155959 230.503178 10.244.225.48 213.186.33.50 TCP 68 53530 → 80 [ACK] Seq=77 Ack=303 Win=64640 Len=0 TSval=2621910474 TSecr=56
155961 230.503197 10.244.225.48 xxx.xxx.xxx.105 HTTP 370 HTTP/1.1 200 OK (text/html)
155962 230.503210 xxx.xxx.xxx.105 5.125.188.197 HTTP 370 HTTP/1.1 200 OK (text/html)
156054 230.631555 5.125.188.197 xxx.xxx.xxx.105 TCP 68 14767 → 31410 [ACK] Seq=92 Ack=315 Win=64128 Len=0 TSval=2144658357 TSecr=3395280179
156055 230.631555 5.125.188.197 xxx.xxx.xxx.105 TCP 68 14767 → 31410 [FIN, ACK] Seq=92 Ack=315 Win=64128 Len=0 TSval=2144658357 TSecr=3395280179
156056 230.631589 xxx.xxx.xxx.105 10.244.225.48 TCP 68 44194 → 1080 [ACK] Seq=92 Ack=315 Win=64128 Len=0 TSval=2144658357 TSecr=3395280179
156057 230.631599 xxx.xxx.xxx.105 10.244.225.48 TCP 68 44194 → 1080 [FIN, ACK] Seq=92 Ack=315 Win=64128 Len=0 TSval=2144658357 TSecr=3395280179
156058 230.631719 10.244.225.48 213.186.33.50 TCP 68 53530 → 80 [FIN, ACK] Seq=77 Ack=303 Win=64640 Len=0 TSval=2621910602 TSecr=56
156060 230.631739 10.244.225.48 xxx.xxx.xxx.105 TCP 68 1080 → 44194 [FIN, ACK] Seq=315 Ack=93 Win=64256 Len=0 TSval=3395280307 TSecr=2144658357
156061 230.631745 xxx.xxx.xxx.105 5.125.188.197 TCP 68 31410 → 14767 [FIN, ACK] Seq=315 Ack=93 Win=64256 Len=0 TSval=3395280307 TSecr=2144658357
156063 230.660167 213.186.33.50 10.244.225.48 TCP 68 80 → 53530 [FIN, ACK] Seq=303 Ack=78 Win=2097152 Len=0 TSval=95 TSecr=2621910602
156064 230.660191 10.244.225.48 213.186.33.50 TCP 68 53530 → 80 [ACK] Seq=78 Ack=304 Win=64640 Len=0 TSval=2621910631 TSecr=95
156107 230.766792 5.125.188.197 xxx.xxx.xxx.105 TCP 68 14767 → 31410 [ACK] Seq=93 Ack=316 Win=64128 Len=0 TSval=2144658494 TSecr=3395280307
156108 230.766838 xxx.xxx.xxx.105 10.244.225.48 TCP 68 44194 → 1080 [ACK] Seq=93 Ack=316 Win=64128 Len=0 TSval=2144658494 TSecr=3395280307
1 个解决方案
解决方案1
0 2022-06-26 23:34:05
Try this out and it might solve your issue试试这个,它可能会解决你的问题
In your service change the externalTrafficPolicy value.在您的服务中更改externalTrafficPolicy值。
My guess is that you have the default value which is cluster , change it to local and update if it's solved your issue.我的猜测是您的默认值是cluster ,将其更改为 local 并在解决您的问题时更新。
### externalTrafficPolicy: Local
apiVersion: v1
kind: Service
spec:
ports:
- name: port-8080
protocol: TCP
port: 8080
targetPort: 8080
nodePort: 32600
selector:
app: my-service
externalTrafficPolicy: Local
internalTrafficPolicy: Cluster
externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints . externalTrafficPolicy表示此服务是否希望将外部流量路由到节点本地或集群范围的端点。
-
"Local"preserves the client source IP and avoids a second hop for LoadBalancer and NodePort type services, but risks potentially imbalanced traffic spreading."Local"保留客户端源 IP 并避免 LoadBalancer 和 NodePort 类型服务的第二跳,但存在潜在的不平衡流量传播风险。 -
"Cluster"obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading."Cluster"掩盖了客户端源 IP,可能会导致第二跳到另一个节点,但应该具有良好的整体负载分布。
Calico defaults:印花布默认值:
https://projectcalico.docs.tigera.io/security/services-cluster-ips https://projectcalico.docs.tigera.io/security/services-cluster-ips
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
通过 HTTPS 访问 istio/k8s 服务 - Access istio/k8s service via HTTPS
如何访问 rpi k8s 集群上的服务 - how to access service on rpi k8s cluster
无法在互联网上的AWS上访问公开的k8s服务 - Unable to access exposed k8s service on AWS on the internet
从另一台机器访问 minikube 托管的 k8s 服务 - access k8s service hosted by minikube from another machine
限制对特定服务帐户的 K8s 机密访问 - Restrict access of a K8s secret to a particular service account
K8s - 无法从另一个节点访问服务/集群 IP - K8s - Cannot access service/clusterIP from another node
K8s:如何使用服务访问我的应用程序? - K8s: How do I access my app with a service?
在 Kubeadm K8S 集群外访问 NodePort 服务 - Access NodePort Service Outside Kubeadm K8S Cluster
K8s 模拟服务 - K8s mock service
K8s服务无法Ping - K8s service not pingable
相关标签