我的k8s环境是由minikube部署的;
egrep -i 'vmx|svm' /proc/cpuinfo
vmx flags : vnmi invvpid ept_x_only ept_ad tsc_.......
systemctl show --property=Environment docker
Environment=HTTP_PROXY=http://172.16.1.135:3128/ HTTPS_PROXY=http://172.16.1.135:3128/ "NO_PROXY=localhost,127.0.0.1,$(minikube ip)"
minikube version
minikube version: v1.16.0
commit: 617f26b52345843a63d1a0715c4abf6625cb8862
k get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-54d67798b7-k6t5x 1/1 Running 2 120m
etcd-minikube 1/1 Running 2 120m
kube-apiserver-minikube 1/1 Running 2 120m
kube-controller-manager-minikube 1/1 Running 3 120m
kube-proxy-86pv4 1/1 Running 1 96m
kube-scheduler-minikube 1/1 Running 2 120m
storage-provisioner 1/1 Running 5 120m
k logs -f kube-proxy-86pv4 -n kube-system ✔ 1325 16:55:53
I0128 08:53:34.188328 1 node.go:172] Successfully retrieved node IP: 192.168.49.2
I0128 08:53:34.188524 1 server_others.go:142] kube-proxy node IP is an IPv4 address (192.168.49.2), assume IPv4 operation
I0128 08:53:34.391356 1 server_others.go:258] Using ipvs Proxier.
I0128 08:53:34.392942 1 server.go:650] Version: v1.20.0
I0128 08:53:34.393378 1 conntrack.go:100] Set sysctl 'net/netfilter/nf_conntrack_max' to 131072
I0128 08:53:34.393412 1 conntrack.go:52] Setting nf_conntrack_max to 131072
I0128 08:53:34.393483 1 conntrack.go:100] Set sysctl 'net/netfilter/nf_conntrack_tcp_timeout_established' to 86400
I0128 08:53:34.393528 1 conntrack.go:100] Set sysctl 'net/netfilter/nf_conntrack_tcp_timeout_close_wait' to 3600
I0128 08:53:34.395556 1 config.go:315] Starting service config controller
I0128 08:53:34.397797 1 config.go:224] Starting endpoint slice config controller
I0128 08:53:34.397839 1 shared_informer.go:240] Waiting for caches to sync for endpoint slice config
I0128 08:53:34.397979 1 shared_informer.go:240] Waiting for caches to sync for service config
I0128 08:53:34.498555 1 shared_informer.go:247] Caches are synced for service config
I0128 08:53:34.498572 1 shared_informer.go:247] Caches are synced for endpoint slice config
当我练习交互式教程-暴露你的应用程序我发现NodePort在我的节点上不可访问
k get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 124m
kubernetes-bootcamp NodePort 10.98.71.49 <none> 8080:30159/TCP 3m31s
curl 10.98.71.49:8080
curl: (7) Failed to connect to 10.98.71.49 port 8080: Connection refused
telnet 10.98.71.49 8080
Trying 10.98.71.49...
telnet: Unable to connect to remote host: No route to host
nc -nvv 10.98.71.49 8080
Ncat: Version 7.91 ( https://nmap.org/ncat )
NCAT DEBUG: Using system default trusted CA certificates and those in /etc/ssl/certs/ca-certificates.crt.
libnsock nsock_iod_new2(): nsock_iod_new (IOD #1)
libnsock nsock_connect_tcp(): TCP connection requested to 10.98.71.49:8080 (IOD #1) EID 8
libnsock nsock_trace_handler_callback(): Callback: CONNECT ERROR [Connection refused (111)] for EID 8 [10.98.71.49:8080]
Ncat: Connection refused.
sof -i:30159
curl 127.0.0.1:30159
curl: (7) Failed to connect to 127.0.0.1 port 30159: Connection refused
curl $(minikube ip):30159
curl: (7) Failed to connect to 192.168.49.2 port 30159: Connection refused
在"交互式教程-暴露你的应用程序"中,它是可访问的;这个教程取决于"互动教程-暴露你的应用程序",Kube-proxy是noraml, kubelet也是normal
journalctl -l -u kubelet SIGINT(2) ↵ 1340 17:04:31
Hint: You are currently not seeing messages from other users and the system.
Users in groups 'adm', 'systemd-journal' can see all messages.
Pass -q to turn off this notice.
-- Journal begins at Sat 2020-12-12 19:12:36 CST, ends at Thu 2021-01-28 16:51:26 CST. --
-- No entries --
ifconfig docker0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:01:c7:42:b8 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.80.2 0.0.0.0 UG 100 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.49.0 0.0.0.0 255.255.255.0 U 0 0 0 br-1bb4185a80c7
192.168.80.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
1 │ # Please edit the object below. Lines beginning with a '#' will be ignored,
2 │ # and an empty file will abort the edit. If an error occurs while saving this file will be
3 │ # reopened with the relevant failures.
4 │ #
5 │ apiVersion: v1
6 │ kind: Service
7 │ metadata:
8 │ creationTimestamp: "2021-01-28T09:13:52Z"
9 │ labels:
10 │ app: kubernetes-bootcamp
11 │ name: kubernetes-bootcamp
12 │ namespace: default
13 │ resourceVersion: "3495"
14 │ uid: 471eca22-d276-45e5-b68f-aa21d461ea49
15 │ spec:
16 │ clusterIP: 10.111.216.90
17 │ clusterIPs:
18 │ - 10.111.216.90
19 │ externalTrafficPolicy: Cluster
20 │ ports:
21 │ - nodePort: 32129
22 │ port: 8080
23 │ protocol: TCP
24 │ targetPort: 8080
25 │ selector:
26 │ app: kubernetes-bootcamp
27 │ sessionAffinity: None
28 │ type: NodePort
29 │ status:
30 │ loadBalancer: {}
将kube-proxy模式切换为iptable并重启kube-proxy, iptables -F,现在仍然是这样。我不知道这个。有人能帮帮我吗?
EDIT:
根据您提供的配置,看起来您在尝试curl进入您的服务时使用了错误的NodePort值。应该是:
curl $(minikube ip):32129
代替:curl $(minikube ip):30159.
注意端口应该取自Service定义:
20 │ ports:
21 │ - nodePort: 32129
为了在将来调试这个问题和任何其他类似的问题,应该采取一些建议的步骤。
为了调试服务,你应该试着回答这些问题:
服务是否存在?对于你的情况,我们认为是这样的。
服务是否通过DNS名称工作?:客户端使用服务的最常见方式之一是通过DNS名称。
服务是否通过IP工作?:假设您已经确认DNS工作,接下来要测试的是您的服务是否通过其IP地址工作。
服务定义正确吗?你应该仔细检查你的服务是否正确,是否与Pod的端口匹配。还:
您要访问的服务端口是否在
spec.ports[]中列出?是
targetPort正确为您的pod(一些pod使用不同的端口比服务)?如果您打算使用数字端口,它是数字(9376)还是字符串"9376"?
如果你打算使用一个命名的端口,你的Pods是否暴露了一个同名的端口?
端口的
protocol对你的pod正确吗?
服务是否有任何端点?:检查你运行的pod是否被服务选中。
pod在工作吗?:再次检查Pods是否正常工作。
kube-proxy是否工作?:确认
kube-proxy在你的节点上运行。
我假设你还在学习Kubernetes。这些步骤不仅可以帮助你缩小问题的范围,还可以教会你如何处理这类问题。