无法将一项服务 ping 到 Kubernetes 集群中的另一项服务?
Unable to ping one service to another service in Kubernetes cluster?
我创建了一个本地 ubuntu Kubernetes 集群,有 1 个主节点和 2 个从节点。
我在 2 个 pods 中部署了 2 个应用程序并为两个 pods 创建了服务,它工作正常。
我通过输入此命令进入 pod 内部,
$ kubectl exec -it firstpod /bin/bash
# apt-get update
无法进行更新,出现错误:
Err http://security.debian.org jessie/updates InRelease
Err http://deb.debian.org jessie InRelease
Err http://deb.debian.org jessie-updates InRelease
Err http://security.debian.org jessie/updates Release.gpg Temporary failure resolving 'security.debian.org' Err http://deb.debian.org jessie-backports InRelease
Err http://deb.debian.org jessie Release.gpg Temporary failure resolving 'deb.debian.org' Err http://deb.debian.org jessie-updates Release.gpg Temporary failure resolving 'deb.debian.org' Err http://deb.debian.org jessie-backports Release.gpg Temporary failure resolving 'deb.debian.org' Reading package lists... Done W: Failed to fetch http://deb.debian.org/debian/dists/jessie/InRelease
W: Failed to fetch http://deb.debian.org/debian/dists/jessie-updates/InRelease
W: Failed to fetch http://security.debian.org/dists/jessie/updates/InRelease
W: Failed to fetch http://deb.debian.org/debian/dists/jessie-backports/InRelease
W: Failed to fetch http://security.debian.org/dists/jessie/updates/Release.gpg Temporary failure resolving 'security.debian.org'
W: Failed to fetch http://deb.debian.org/debian/dists/jessie/Release.gpg Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://deb.debian.org/debian/dists/jessie-updates/Release.gpg Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://deb.debian.org/debian/dists/jessie-backports/Release.gpg Temporary failure resolving 'deb.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.
我正在尝试 ping 我的第二个 pod 服务:
# ping secondservice (This is the service name of secondpod)
PING secondservice.default.svc.cluster.local (10.100.190.196): 56 data bytes
unable to ping.
如何ping/call第一个节点的第二个服务?
我在那里看到了两个(不相关的)问题。我将专注于第二个,因为第一个对我来说还不清楚(问什么?)。
所以,您想知道为什么以下方法不起作用:
# ping secondservice
这不是错误或意外(实际上,我写过它 here). In short: the FQDN secondservice.default.svc.cluster.local gets resolved via the DNS plugin to a virtual IP (VIP),这个 VIP 的本质是它是虚拟的,也就是说,它不附加到网络接口,它是只是一堆 iptables 规则。因此,基于 ICMP 的 ping 没有任何作用,因为它不是 'real' IP。不过,您可以 curl 该服务。假设该服务在端口 9876 上运行,以下应该有效:
# curl secondservice:9876
我创建了一个本地 ubuntu Kubernetes 集群,有 1 个主节点和 2 个从节点。
我在 2 个 pods 中部署了 2 个应用程序并为两个 pods 创建了服务,它工作正常。 我通过输入此命令进入 pod 内部,
$ kubectl exec -it firstpod /bin/bash
# apt-get update
无法进行更新,出现错误:
Err http://security.debian.org jessie/updates InRelease
Err http://deb.debian.org jessie InRelease
Err http://deb.debian.org jessie-updates InRelease
Err http://security.debian.org jessie/updates Release.gpg Temporary failure resolving 'security.debian.org' Err http://deb.debian.org jessie-backports InRelease
Err http://deb.debian.org jessie Release.gpg Temporary failure resolving 'deb.debian.org' Err http://deb.debian.org jessie-updates Release.gpg Temporary failure resolving 'deb.debian.org' Err http://deb.debian.org jessie-backports Release.gpg Temporary failure resolving 'deb.debian.org' Reading package lists... Done W: Failed to fetch http://deb.debian.org/debian/dists/jessie/InRelease
W: Failed to fetch http://deb.debian.org/debian/dists/jessie-updates/InRelease
W: Failed to fetch http://security.debian.org/dists/jessie/updates/InRelease
W: Failed to fetch http://deb.debian.org/debian/dists/jessie-backports/InRelease
W: Failed to fetch http://security.debian.org/dists/jessie/updates/Release.gpg Temporary failure resolving 'security.debian.org'
W: Failed to fetch http://deb.debian.org/debian/dists/jessie/Release.gpg Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://deb.debian.org/debian/dists/jessie-updates/Release.gpg Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://deb.debian.org/debian/dists/jessie-backports/Release.gpg Temporary failure resolving 'deb.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.
我正在尝试 ping 我的第二个 pod 服务:
# ping secondservice (This is the service name of secondpod)
PING secondservice.default.svc.cluster.local (10.100.190.196): 56 data bytes
unable to ping.
如何ping/call第一个节点的第二个服务?
我在那里看到了两个(不相关的)问题。我将专注于第二个,因为第一个对我来说还不清楚(问什么?)。
所以,您想知道为什么以下方法不起作用:
# ping secondservice
这不是错误或意外(实际上,我写过它 here). In short: the FQDN secondservice.default.svc.cluster.local gets resolved via the DNS plugin to a virtual IP (VIP),这个 VIP 的本质是它是虚拟的,也就是说,它不附加到网络接口,它是只是一堆 iptables 规则。因此,基于 ICMP 的 ping 没有任何作用,因为它不是 'real' IP。不过,您可以 curl 该服务。假设该服务在端口 9876 上运行,以下应该有效:
# curl secondservice:9876