发表新帖
发表新帖

kubernetes service IPs not reachable

后端 未结
关注
3 442
庸人自扰
庸人自扰 2020-12-16 05:41

So I\'ve got a Kubernetes cluster up and running using the Kubernetes on CoreOS Manual Installation Guide.

$ kubectl get no
NAME              STATUS
相关标签:
3条回答
  • 执念已碎
    2020-12-16 06:21

    I had this same problem, and the ultimate solution that worked for me was enabling IP forwarding on all nodes in the cluster, which I had neglected to do.

    $ sudo sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1

    Service IPs and DNS started working immediately afterwards.

    0 讨论(0)
  • 伪装坚强ぢ
    2020-12-16 06:33

    I had the same issue, turned out to be a configuration issue in kube-proxy.yaml For the "master" parameter I had the ip address as in - --master=192.168.3.240 but it actually required to be a url like - --master=https://192.168.3.240

    FYI my kube-proxy sucessfully uses --proxy-mode=iptables (v1.6.x)

    0 讨论(0)
  • 别跟我提以往
    2020-12-16 06:40

    The Sevice network provides fixed IPs for Services. It is not a routeable network (so don't expect ip ro to show anything nor will ping work) but a collection iptables rules managed by kube-proxy on each node (see iptables -L; iptables -t nat -L on the nodes, not Pods). These virtual IPs (see the pics!) act as load balancing proxy for endpoints (kubectl get ep), which are usually ports of Pods (but not always) with a specific set of labels as defined in the Service.

    The first IP on the Service network is for reaching the kube-apiserver itself. It's listening on port 443 (kubectl describe svc kubernetes).

    Troubleshooting is different on each network/cluster setup. I would generally check:

    • Is kube-proxy running on each node? On some setups it's run via systemd and on others there is a DeamonSet that schedules a Pod on each node. On your setup it is deployed as static Pods created by the kubelets thrmselves from /etc/kubernetes/manifests/kube-proxy.yaml
    • Locate logs for kube-proxy and find clues (can you post some?)
    • Change kube-proxy into userspace mode. Again, the details depend on your setup. For you it's in the file I mentioned above. Append --proxy-mode=userspace as a parameter on each node
    • Is the overlay (pod) network functional?

    If you leave comments I will get back to you..

    0 讨论(0)
 看不清?
提交回复
热议问题