在 K8s 中,我无法使用来自选择器应用程序的集群 IP 远程登录到端口
In K8s I can not telnet to the port using the cluster IP from selector app
我在网上找了很久。但是没有用。请帮助或尝试提供一些想法如何实现这一目标。
服务定义:
{
"kind": "Service",
"apiVersion": "v1",
"metadata": {
"name": "eureka1",
"namespace": "default",
"selfLink": "/api/v1/namespaces/default/services/eureka1",
"uid": "aed393f1-d127-11e8-8f19-fa163e4dc428",
"resourceVersion": "7432445",
"creationTimestamp": "2018-10-16T09:41:40Z",
"labels": {
"k8s-app": "eureka1"
}
},
"spec": {
"ports": [
{
"name": "tcp-38761-8761-6fjms",
"protocol": "TCP",
"port": 80,
"targetPort": 80,
"nodePort": 8761
}
],
"selector": {
"k8s-app": "eureka1"
},
"clusterIP": "10.254.65.233",
"type": "NodePort",
"sessionAffinity": "None",
"externalTrafficPolicy": "Cluster"
},
"status": {
"loadBalancer": {}
}
}
kubectl 描述服务 eureka1:
Name: eureka1
Namespace: default
Labels: k8s-app=eureka1
Annotations: <none>
Selector: k8s-app=eureka1
Type: NodePort
IP: 10.254.65.233
Port: tcp-38761-8761-6fjms 80/TCP
TargetPort: 80/TCP
NodePort: tcp-38761-8761-6fjms 8761/TCP
Endpoints: 172.101.51.8:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
kubectl 获取 ep:
NAME ENDPOINTS
eureka1 172.101.51.8:80
eureka2 172.101.52.8:80
如果我在 eureka1 app telnet 到 10.254.65.233 80
Trying 10.254.65.233...
telnet: connect to address 10.254.65.233: Connection timed out
但我可以 ping 10.254.65.233
尝试另一个服务 IP 而不是选择器并且可以 telnet。
kube-proxy模式为ipvs
谢谢
当网络没有正确配置“发夹”流量时,通常会发生这种情况,通常是 kube-proxy 在 iptables 模式下 运行 和 Pods 连接时桥接网络。 Kubelet 公开了一个 hairpin-mode 标志,允许服务的端点在尝试访问自己的服务 VIP 时将负载平衡返回给自己。 hairpin-mode 标志必须设置为 hairpin-veth 或 promiscuous-bridge.
我在网上找了很久。但是没有用。请帮助或尝试提供一些想法如何实现这一目标。
服务定义:
{
"kind": "Service",
"apiVersion": "v1",
"metadata": {
"name": "eureka1",
"namespace": "default",
"selfLink": "/api/v1/namespaces/default/services/eureka1",
"uid": "aed393f1-d127-11e8-8f19-fa163e4dc428",
"resourceVersion": "7432445",
"creationTimestamp": "2018-10-16T09:41:40Z",
"labels": {
"k8s-app": "eureka1"
}
},
"spec": {
"ports": [
{
"name": "tcp-38761-8761-6fjms",
"protocol": "TCP",
"port": 80,
"targetPort": 80,
"nodePort": 8761
}
],
"selector": {
"k8s-app": "eureka1"
},
"clusterIP": "10.254.65.233",
"type": "NodePort",
"sessionAffinity": "None",
"externalTrafficPolicy": "Cluster"
},
"status": {
"loadBalancer": {}
}
}
kubectl 描述服务 eureka1:
Name: eureka1
Namespace: default
Labels: k8s-app=eureka1
Annotations: <none>
Selector: k8s-app=eureka1
Type: NodePort
IP: 10.254.65.233
Port: tcp-38761-8761-6fjms 80/TCP
TargetPort: 80/TCP
NodePort: tcp-38761-8761-6fjms 8761/TCP
Endpoints: 172.101.51.8:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
kubectl 获取 ep:
NAME ENDPOINTS
eureka1 172.101.51.8:80
eureka2 172.101.52.8:80
如果我在 eureka1 app telnet 到 10.254.65.233 80
Trying 10.254.65.233...
telnet: connect to address 10.254.65.233: Connection timed out
但我可以 ping 10.254.65.233
尝试另一个服务 IP 而不是选择器并且可以 telnet。
kube-proxy模式为ipvs
谢谢
当网络没有正确配置“发夹”流量时,通常会发生这种情况,通常是 kube-proxy 在 iptables 模式下 运行 和 Pods 连接时桥接网络。 Kubelet 公开了一个 hairpin-mode 标志,允许服务的端点在尝试访问自己的服务 VIP 时将负载平衡返回给自己。 hairpin-mode 标志必须设置为 hairpin-veth 或 promiscuous-bridge.