stackoom
  简体   繁体   中英

Traffic is not reaching to POD in Kubernetes Cluster

 原文  2021-10-19 05:52:47       docker/ kubernetes/ kind

Question

I have a local Kubernetes Running on Windows using Docker. In My Windows Host I am running a Process on Port 4000.

Inside my POD I am doing curl windows_host_ip:4000 But not able to get the response. Connection from POD is being established but the response is giving timeout. Logs

  • Hostname was NOT found in DNS cache
  • Trying 192.168.18.10...
  • connect to 192.168.18.10 port 4000 failed: Connection refused
  • Failed to connect to 192.168.18.10 port 4000: Connection refused
  • Closing connection 0 curl: (7) Failed to connect to 192.168.18.10 port 4000: Connection refused root@ordermanagement-64694dd8b8-2ktm8:/apps/ordermanagement# curl -v http://192.168.18.10:4000/ordermanagement/order/orders
  • Hostname was NOT found in DNS cache
  • Trying 192.168.18.10...
  • Connected to 192.168.18.10 (192.168.18.10) port 4000 (#0)

GET /ordermanagement/order/orders HTTP/1.1 User-Agent: curl/7.38.0 Host: 192.168.18.10:4000 Accept: /

  • Recv failure: Connection reset by peer
  • Closing connection 0 curl: (56) Recv failure: Connection reset by peer

Please let me know how can I allow incoming traffic to my POD from my Host System

1 answers

solution1
 -1  2021-10-19 07:31:11

This is the expected behavior. A pod is not supposed to have access to the host's network, process, filesystem, etc. directly otherwise anyone breaking into a pod can get the entire information of not only the host system but also about other pods running in the host.

You could look into creating a Kubernetes endpoint for the host process inside the cluster, please see this documentation here for manually managing services endpoints .

You can also potentially achieve this by running your pod as Privileged pod, however, it is not a good security practice to run privileged pods.

Privileged - determines if any container in a pod can enable privileged mode. By default, a container is not allowed to access any devices on the host, but a "privileged" container is given access to all devices on the host. This allows the container nearly all the same access as processes running on the host. This is useful for containers that want to use Linux capabilities like manipulating the network stack and accessing devices.

You can turn a pod into a privileged one by setting the privileged flag to true (by default a container is not allowed to access any devices on the host).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Basic authentication for elasticsearch pod running in kubernetes cluster Can't get Pod info in the kubernetes cluster Not able to access frontend pod in a kubernetes cluster Pod is in Pending state on single node Kubernetes cluster Pod deployment issue and query over Kubernetes cluster Exposing a kubernetes pod via service in kind kubernetes cluster How to route test traffic through kubernetes cluster (minikube)? Kubernetes + Metallb: Nginx pod not receiving traffic with Local traffic Policy, Layer 2 mode do replicas decrease traffic on a single node kubernetes cluster? pending spark pod on google kubernetes cluster: insufficient cpu
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM