我无法访问调度到另一个节点的 pod。但是我可以访问调度到当前节点的 pod
I can't access the pod which scheduled to the another node. But i can access the pod which scheduled to the current node
我无法访问调度到另一个节点的 pod。但是我可以访问调度到当前节点的pod,反之亦然,当我在另一个节点上时,我只能访问调度到当前节点的pod,而不能访问调度到另一个节点的pod。并且当前节点上的路由规则与其他节点不同(事实上,我集群中的所有三个节点都有不同的路由规则)。下面列出了一些信息:
在主节点 172.16.5.150 上:
[root@localhost test-deploy]# kubectl get node
NAME STATUS ROLES AGE VERSION
172.16.5.150 Ready <none> 9h v1.16.2
172.16.5.151 Ready <none> 9h v1.16.2
172.16.5.152 Ready <none> 9h v1.16.2
[root@localhost test-deploy]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default nginx-controller-5qvwn 1/1 Running 0 46m
default nginx-controller-kgjwm 1/1 Running 0 46m
kube-system calico-kube-controllers-6dbf77c57f-kcqtt 1/1 Running 0 33m
kube-system calico-node-5zdt7 1/1 Running 0 33m
kube-system calico-node-8vqhv 1/1 Running 0 33m
kube-system calico-node-w9tq8 1/1 Running 0 33m
kube-system coredns-7b6b59774c-lzfh7 1/1 Running 0 9h
[root@localhost test-deploy]#
[root@localhost test-deploy]# kcp -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-controller-5qvwn 1/1 Running 0 23m 192.168.102.135 172.16.5.151 <none> <none>
nginx-controller-kgjwm 1/1 Running 0 23m 192.168.102.134 172.16.5.150 <none> <none>
[root@localhost test-deploy]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 100 0 0 ens32
172.0.0.0 0.0.0.0 255.0.0.0 U 100 0 0 ens32
192.168.102.128 0.0.0.0 255.255.255.192 U 0 0 0 *
192.168.102.129 0.0.0.0 255.255.255.255 UH 0 0 0 calia42aeb87aa8
192.168.102.134 0.0.0.0 255.255.255.255 UH 0 0 0 caliefbc513267b
[root@localhost test-deploy]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.10.0.1 <none> 443/TCP 9h
nginx-svc ClusterIP 10.10.189.192 <none> 8088/TCP 23m
[root@localhost test-deploy]# curl 192.168.102.135
curl: (7) Failed to connect to 192.168.102.135: 无效的参数
[root@localhost test-deploy]# curl 192.168.102.134
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@localhost test-deploy]# curl 10.10.189.192:8088
curl: (7) Failed connect to 10.10.189.192:8088; 没有到主机的路由
[root@localhost test-deploy]# curl 10.10.189.192:8088
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@localhost test-deploy]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:4b:76:b7 brd ff:ff:ff:ff:ff:ff
inet 172.16.5.150/8 brd 172.255.255.255 scope global noprefixroute ens32
valid_lft forever preferred_lft forever
inet6 fe80::92f8:9957:1651:f41/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 12:00:37:16:be:95 brd ff:ff:ff:ff:ff:ff
4: kube-ipvs0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
link/ether b2:9f:49:ff:31:3f brd ff:ff:ff:ff:ff:ff
inet 10.10.0.1/32 brd 10.10.0.1 scope global kube-ipvs0
valid_lft forever preferred_lft forever
inet 10.10.0.200/32 brd 10.10.0.200 scope global kube-ipvs0
valid_lft forever preferred_lft forever
inet 10.10.189.192/32 brd 10.10.189.192 scope global kube-ipvs0
valid_lft forever preferred_lft forever
5: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
inet 192.168.102.128/32 brd 192.168.102.128 scope global tunl0
valid_lft forever preferred_lft forever
6: calia42aeb87aa8@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default
link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::ecee:eeff:feee:eeee/64 scope link
valid_lft forever preferred_lft forever
7: caliefbc513267b@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default
link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::ecee:eeff:feee:eeee/64 scope link
valid_lft forever preferred_lft forever
在另一个节点 172.16.5.150 上:
[root@localhost ~]# curl 10.10.189.192:8088
curl: (7) Failed connect to 10.10.189.192:8088; 没有到主机的路由
[root@localhost ~]# curl 10.10.189.192:8088
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@localhost ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 100 0 0 ens192
172.16.5.0 0.0.0.0 255.255.255.0 U 100 0 0 ens192
192.168.102.128 0.0.0.0 255.255.255.192 U 0 0 0 *
192.168.102.135 0.0.0.0 255.255.255.255 UH 0 0 0 cali44ab0f7df0f
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:38:a2:95 brd ff:ff:ff:ff:ff:ff
inet 172.16.5.151/24 brd 172.16.5.255 scope global noprefixroute ens192
valid_lft forever preferred_lft forever
inet6 fe80::e24a:6e5c:3a44:a7ee/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 76:91:46:b1:06:a7 brd ff:ff:ff:ff:ff:ff
4: kube-ipvs0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
link/ether 1a:0d:f4:cf:ab:69 brd ff:ff:ff:ff:ff:ff
inet 10.10.0.1/32 brd 10.10.0.1 scope global kube-ipvs0
valid_lft forever preferred_lft forever
inet 10.10.0.200/32 brd 10.10.0.200 scope global kube-ipvs0
valid_lft forever preferred_lft forever
inet 10.10.189.192/32 brd 10.10.189.192 scope global kube-ipvs0
valid_lft forever preferred_lft forever
5: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
inet 192.168.102.128/32 brd 192.168.102.128 scope global tunl0
valid_lft forever preferred_lft forever
8: cali44ab0f7df0f@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default
link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::ecee:eeff:feee:eeee/64 scope link
valid_lft forever preferred_lft forever
路由 table 没有 tunl0 接口的路由。您可以在 calico-node 部分下的 calico.yaml 文件中包含环境 IP_AUTODETECTION_METHOD。
Example:
containers:
- name: calico-node
image: xxxxxxx
env:
- name: IP_AUTODETECTION_METHOD
value: interface=ens192
我无法访问调度到另一个节点的 pod。但是我可以访问调度到当前节点的pod,反之亦然,当我在另一个节点上时,我只能访问调度到当前节点的pod,而不能访问调度到另一个节点的pod。并且当前节点上的路由规则与其他节点不同(事实上,我集群中的所有三个节点都有不同的路由规则)。下面列出了一些信息:
在主节点 172.16.5.150 上:
[root@localhost test-deploy]# kubectl get node
NAME STATUS ROLES AGE VERSION
172.16.5.150 Ready <none> 9h v1.16.2
172.16.5.151 Ready <none> 9h v1.16.2
172.16.5.152 Ready <none> 9h v1.16.2
[root@localhost test-deploy]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default nginx-controller-5qvwn 1/1 Running 0 46m
default nginx-controller-kgjwm 1/1 Running 0 46m
kube-system calico-kube-controllers-6dbf77c57f-kcqtt 1/1 Running 0 33m
kube-system calico-node-5zdt7 1/1 Running 0 33m
kube-system calico-node-8vqhv 1/1 Running 0 33m
kube-system calico-node-w9tq8 1/1 Running 0 33m
kube-system coredns-7b6b59774c-lzfh7 1/1 Running 0 9h
[root@localhost test-deploy]#
[root@localhost test-deploy]# kcp -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-controller-5qvwn 1/1 Running 0 23m 192.168.102.135 172.16.5.151 <none> <none>
nginx-controller-kgjwm 1/1 Running 0 23m 192.168.102.134 172.16.5.150 <none> <none>
[root@localhost test-deploy]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 100 0 0 ens32
172.0.0.0 0.0.0.0 255.0.0.0 U 100 0 0 ens32
192.168.102.128 0.0.0.0 255.255.255.192 U 0 0 0 *
192.168.102.129 0.0.0.0 255.255.255.255 UH 0 0 0 calia42aeb87aa8
192.168.102.134 0.0.0.0 255.255.255.255 UH 0 0 0 caliefbc513267b
[root@localhost test-deploy]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.10.0.1 <none> 443/TCP 9h
nginx-svc ClusterIP 10.10.189.192 <none> 8088/TCP 23m
[root@localhost test-deploy]# curl 192.168.102.135
curl: (7) Failed to connect to 192.168.102.135: 无效的参数
[root@localhost test-deploy]# curl 192.168.102.134
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@localhost test-deploy]# curl 10.10.189.192:8088
curl: (7) Failed connect to 10.10.189.192:8088; 没有到主机的路由
[root@localhost test-deploy]# curl 10.10.189.192:8088
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@localhost test-deploy]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:4b:76:b7 brd ff:ff:ff:ff:ff:ff
inet 172.16.5.150/8 brd 172.255.255.255 scope global noprefixroute ens32
valid_lft forever preferred_lft forever
inet6 fe80::92f8:9957:1651:f41/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 12:00:37:16:be:95 brd ff:ff:ff:ff:ff:ff
4: kube-ipvs0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
link/ether b2:9f:49:ff:31:3f brd ff:ff:ff:ff:ff:ff
inet 10.10.0.1/32 brd 10.10.0.1 scope global kube-ipvs0
valid_lft forever preferred_lft forever
inet 10.10.0.200/32 brd 10.10.0.200 scope global kube-ipvs0
valid_lft forever preferred_lft forever
inet 10.10.189.192/32 brd 10.10.189.192 scope global kube-ipvs0
valid_lft forever preferred_lft forever
5: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
inet 192.168.102.128/32 brd 192.168.102.128 scope global tunl0
valid_lft forever preferred_lft forever
6: calia42aeb87aa8@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default
link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::ecee:eeff:feee:eeee/64 scope link
valid_lft forever preferred_lft forever
7: caliefbc513267b@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default
link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::ecee:eeff:feee:eeee/64 scope link
valid_lft forever preferred_lft forever
在另一个节点 172.16.5.150 上:
[root@localhost ~]# curl 10.10.189.192:8088
curl: (7) Failed connect to 10.10.189.192:8088; 没有到主机的路由
[root@localhost ~]# curl 10.10.189.192:8088
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@localhost ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 100 0 0 ens192
172.16.5.0 0.0.0.0 255.255.255.0 U 100 0 0 ens192
192.168.102.128 0.0.0.0 255.255.255.192 U 0 0 0 *
192.168.102.135 0.0.0.0 255.255.255.255 UH 0 0 0 cali44ab0f7df0f
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:38:a2:95 brd ff:ff:ff:ff:ff:ff
inet 172.16.5.151/24 brd 172.16.5.255 scope global noprefixroute ens192
valid_lft forever preferred_lft forever
inet6 fe80::e24a:6e5c:3a44:a7ee/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 76:91:46:b1:06:a7 brd ff:ff:ff:ff:ff:ff
4: kube-ipvs0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
link/ether 1a:0d:f4:cf:ab:69 brd ff:ff:ff:ff:ff:ff
inet 10.10.0.1/32 brd 10.10.0.1 scope global kube-ipvs0
valid_lft forever preferred_lft forever
inet 10.10.0.200/32 brd 10.10.0.200 scope global kube-ipvs0
valid_lft forever preferred_lft forever
inet 10.10.189.192/32 brd 10.10.189.192 scope global kube-ipvs0
valid_lft forever preferred_lft forever
5: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
inet 192.168.102.128/32 brd 192.168.102.128 scope global tunl0
valid_lft forever preferred_lft forever
8: cali44ab0f7df0f@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default
link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::ecee:eeff:feee:eeee/64 scope link
valid_lft forever preferred_lft forever
路由 table 没有 tunl0 接口的路由。您可以在 calico-node 部分下的 calico.yaml 文件中包含环境 IP_AUTODETECTION_METHOD。
Example:
containers:
- name: calico-node
image: xxxxxxx
env:
- name: IP_AUTODETECTION_METHOD
value: interface=ens192