Can't access the Kubernetes apiserver from within a pod
Question
I read in the Kubernetes docs that from within a pod you can access the Kubernetes apiserver with the kubernetes.default.svc DNS name. This name does resolve to an IP address, however, it seems that there's no response from this service endpoint.
// from within a container in a pod
# nslookup kubernetes.default.svc
nslookup: can't resolve '(null)': Name does not resolve
Name: kubernetes.default.svc
Address 1: 10.96.0.1 kubernetes.default.svc.cluster.local
/ # ping 10.96.0.1
PING 10.96.0.1 (10.96.0.1): 56 data bytes
^C
--- 10.96.0.1 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
No response from the apiserver. Someone?
1 answers
solution1
1 2021-04-14 13:13:11
In kubernetes a Service exists of a IP and port pair (or multiple). It does not represent anything. The IP is just virtual and not assigned to a network interface. This is the reason, why you can't ping a service (pings do not get sent to a specific port).
Using curl/nc/telnet to access/connect to the API server via its service name & port will work.
eg:
$ curl -k https://kubernetes.default.svc:443
{
"kind": "APIVersions",
"versions": [
"v1"
],
"serverAddressByClientCIDRs": [
{
"clientCIDR": "0.0.0.0/0",
"serverAddress": "10.0.1.149:443"
}
]
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.