[英]Why access to the k8s service takes too long?
我創建了一個簡單的 k8s 集群並在kallqvist/microsocks
的幫助下部署了一個 microsocks 服務器。 通過服務公開它后,curl 命令需要很長時間才能連接到該服務並檢索信息。
先決條件:
重現問題的步驟:
k run socks --namespace testns --rm -it --image=kallqvist/microsocks:latest --command -- microsocks -1 -p 1080 -u suser -P spassword
// take a look:
# k -n testns get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
socks 1/1 Running 0 61m 10.244.225.48 node-fi <none> <none>
k -n testns expose pods/socks --type NodePort --port 1080
# k -n testns get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
socks NodePort 10.99.188.25 <none> 1080:31410/TCP 50m
curl -x socks5://suser:spassword@<your-server-ip>:31410 http://ifconfig.ovh
2286 3.279178 5.125.188.197 xxx.xxx.xxx.105 TCP 76 14767 → 31410 [SYN] Seq=0 Win=64240 Len=0 MSS=1400 SACK_PERM=1 TSval=2144430994 TSecr=0 WS=128
2289 3.279248 xxx.xxx.xxx.105 10.244.225.48 TCP 76 44194 → 1080 [SYN] Seq=0 Win=64240 Len=0 MSS=1400 SACK_PERM=1 TSval=2144430994 TSecr=0 WS=128
2292 3.279289 10.244.225.48 xxx.xxx.xxx.105 TCP 76 1080 → 44194 [SYN, ACK] Seq=0 Ack=1 Win=64260 Len=0 MSS=1440 SACK_PERM=1 TSval=3395052955 TSecr=2144430994 WS=128
2293 3.279301 xxx.xxx.xxx.105 5.125.188.197 TCP 76 31410 → 14767 [SYN, ACK] Seq=0 Ack=1 Win=64260 Len=0 MSS=1440 SACK_PERM=1 TSval=3395052955 TSecr=2144430994 WS=128
2500 3.413135 5.125.188.197 xxx.xxx.xxx.105 TCP 68 14767 → 31410 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=2144431131 TSecr=3395052955
2501 3.413148 xxx.xxx.xxx.105 10.244.225.48 TCP 68 44194 → 1080 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=2144431131 TSecr=3395052955
155590 229.785623 5.125.188.197 xxx.xxx.xxx.105 TCP 73 14767 → 31410 [PSH, ACK] Seq=1 Ack=1 Win=64256 Len=5 TSval=2144657489 TSecr=3395052955
155593 229.785729 xxx.xxx.xxx.105 10.244.225.48 Socks 73 Version: 5
155596 229.785792 10.244.225.48 xxx.xxx.xxx.105 TCP 68 1080 → 44194 [ACK] Seq=1 Ack=6 Win=64256 Len=0 TSval=3395279461 TSecr=2144657489
155597 229.785811 xxx.xxx.xxx.105 5.125.188.197 TCP 68 31410 → 14767 [ACK] Seq=1 Ack=6 Win=64256 Len=0 TSval=3395279461 TSecr=2144657489
155598 229.785871 10.244.225.48 xxx.xxx.xxx.105 Socks 70 Version: 5
155599 229.785928 xxx.xxx.xxx.105 5.125.188.197 TCP 70 31410 → 14767 [PSH, ACK] Seq=1 Ack=6 Win=64256 Len=2 TSval=3395279461 TSecr=2144657489
155654 229.922585 5.125.188.197 xxx.xxx.xxx.105 TCP 68 14767 → 31410 [ACK] Seq=6 Ack=3 Win=64256 Len=0 TSval=2144657639 TSecr=3395279461
155655 229.922621 xxx.xxx.xxx.105 10.244.225.48 TCP 68 44194 → 1080 [ACK] Seq=6 Ack=3 Win=64256 Len=0 TSval=2144657639 TSecr=3395279461
155743 230.314622 5.125.188.197 xxx.xxx.xxx.105 TCP 78 14767 → 31410 [PSH, ACK] Seq=6 Ack=3 Win=64256 Len=10 TSval=2144658027 TSecr=3395279461
155744 230.314659 xxx.xxx.xxx.105 10.244.225.48 Socks 78 Version: 5
155745 230.314708 10.244.225.48 xxx.xxx.xxx.105 TCP 68 1080 → 44194 [ACK] Seq=3 Ack=16 Win=64256 Len=0 TSval=3395279990 TSecr=2144658027
155746 230.314732 xxx.xxx.xxx.105 5.125.188.197 TCP 68 31410 → 14767 [ACK] Seq=3 Ack=16 Win=64256 Len=0 TSval=3395279990 TSecr=2144658027
155747 230.314864 10.244.225.48 213.186.33.50 TCP 76 53530 → 80 [SYN] Seq=0 Win=64800 Len=0 MSS=1440 SACK_PERM=1 TSval=2621910285 TSecr=0 WS=128
155772 230.343254 213.186.33.50 10.244.225.48 TCP 76 80 → 53530 [SYN, ACK] Seq=0 Ack=1 Win=17520 Len=0 MSS=1460 SACK_PERM=1 WS=4096 TSval=23 TSecr=2621910285
155773 230.343307 10.244.225.48 213.186.33.50 TCP 68 53530 → 80 [ACK] Seq=1 Ack=1 Win=64896 Len=0 TSval=2621910314 TSecr=23
155777 230.343418 10.244.225.48 xxx.xxx.xxx.105 Socks 78 Version: 5
155778 230.343454 xxx.xxx.xxx.105 5.125.188.197 TCP 78 31410 → 14767 [PSH, ACK] Seq=3 Ack=16 Win=64256 Len=10 TSval=3395280019 TSecr=2144658027
155945 230.472819 5.125.188.197 xxx.xxx.xxx.105 TCP 68 14767 → 31410 [ACK] Seq=16 Ack=13 Win=64256 Len=0 TSval=2144658198 TSecr=3395280019
155946 230.472819 5.125.188.197 xxx.xxx.xxx.105 HTTP 144 GET / HTTP/1.1
155947 230.472847 xxx.xxx.xxx.105 10.244.225.48 TCP 68 44194 → 1080 [ACK] Seq=16 Ack=13 Win=64256 Len=0 TSval=2144658198 TSecr=3395280019
155948 230.472857 xxx.xxx.xxx.105 10.244.225.48 HTTP 144 GET / HTTP/1.1
155949 230.472952 10.244.225.48 xxx.xxx.xxx.105 TCP 68 1080 → 44194 [ACK] Seq=13 Ack=92 Win=64256 Len=0 TSval=3395280148 TSecr=2144658199
155950 230.472973 xxx.xxx.xxx.105 5.125.188.197 TCP 68 31410 → 14767 [ACK] Seq=13 Ack=92 Win=64256 Len=0 TSval=3395280148 TSecr=2144658199
155951 230.472984 10.244.225.48 213.186.33.50 HTTP 144 GET / HTTP/1.1
155958 230.503135 213.186.33.50 10.244.225.48 HTTP 370 HTTP/1.1 200 OK (text/html)
155959 230.503178 10.244.225.48 213.186.33.50 TCP 68 53530 → 80 [ACK] Seq=77 Ack=303 Win=64640 Len=0 TSval=2621910474 TSecr=56
155961 230.503197 10.244.225.48 xxx.xxx.xxx.105 HTTP 370 HTTP/1.1 200 OK (text/html)
155962 230.503210 xxx.xxx.xxx.105 5.125.188.197 HTTP 370 HTTP/1.1 200 OK (text/html)
156054 230.631555 5.125.188.197 xxx.xxx.xxx.105 TCP 68 14767 → 31410 [ACK] Seq=92 Ack=315 Win=64128 Len=0 TSval=2144658357 TSecr=3395280179
156055 230.631555 5.125.188.197 xxx.xxx.xxx.105 TCP 68 14767 → 31410 [FIN, ACK] Seq=92 Ack=315 Win=64128 Len=0 TSval=2144658357 TSecr=3395280179
156056 230.631589 xxx.xxx.xxx.105 10.244.225.48 TCP 68 44194 → 1080 [ACK] Seq=92 Ack=315 Win=64128 Len=0 TSval=2144658357 TSecr=3395280179
156057 230.631599 xxx.xxx.xxx.105 10.244.225.48 TCP 68 44194 → 1080 [FIN, ACK] Seq=92 Ack=315 Win=64128 Len=0 TSval=2144658357 TSecr=3395280179
156058 230.631719 10.244.225.48 213.186.33.50 TCP 68 53530 → 80 [FIN, ACK] Seq=77 Ack=303 Win=64640 Len=0 TSval=2621910602 TSecr=56
156060 230.631739 10.244.225.48 xxx.xxx.xxx.105 TCP 68 1080 → 44194 [FIN, ACK] Seq=315 Ack=93 Win=64256 Len=0 TSval=3395280307 TSecr=2144658357
156061 230.631745 xxx.xxx.xxx.105 5.125.188.197 TCP 68 31410 → 14767 [FIN, ACK] Seq=315 Ack=93 Win=64256 Len=0 TSval=3395280307 TSecr=2144658357
156063 230.660167 213.186.33.50 10.244.225.48 TCP 68 80 → 53530 [FIN, ACK] Seq=303 Ack=78 Win=2097152 Len=0 TSval=95 TSecr=2621910602
156064 230.660191 10.244.225.48 213.186.33.50 TCP 68 53530 → 80 [ACK] Seq=78 Ack=304 Win=64640 Len=0 TSval=2621910631 TSecr=95
156107 230.766792 5.125.188.197 xxx.xxx.xxx.105 TCP 68 14767 → 31410 [ACK] Seq=93 Ack=316 Win=64128 Len=0 TSval=2144658494 TSecr=3395280307
156108 230.766838 xxx.xxx.xxx.105 10.244.225.48 TCP 68 44194 → 1080 [ACK] Seq=93 Ack=316 Win=64128 Len=0 TSval=2144658494 TSecr=3395280307
試試這個,它可能會解決你的問題
在您的服務中更改externalTrafficPolicy
值。
我的猜測是您的默認值是cluster
,將其更改為 local 並在解決您的問題時更新。
### externalTrafficPolicy: Local
apiVersion: v1
kind: Service
spec:
ports:
- name: port-8080
protocol: TCP
port: 8080
targetPort: 8080
nodePort: 32600
selector:
app: my-service
externalTrafficPolicy: Local
internalTrafficPolicy: Cluster
externalTrafficPolicy
表示此服務是否希望將外部流量路由到節點本地或集群范圍的端點。
"Local"
保留客戶端源 IP 並避免 LoadBalancer 和 NodePort 類型服務的第二跳,但存在潛在的不平衡流量傳播風險。"Cluster"
掩蓋了客戶端源 IP,可能會導致第二跳到另一個節點,但應該具有良好的整體負載分布。https://projectcalico.docs.tigera.io/security/services-cluster-ips
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.