Kubernetes - 连接拒绝诊断

时间:2017-03-14 21:07:49

标签: kubernetes

我有一个正在运行的GCP Kubernetes集群。我设法部署了一些服务并使用kubectl公开成功地公开了它们... type =“LoadBalancer”......然而,一个特定的新服务无效。我知道可能有一千个原因需要检查,但我构建的Docker图像非常紧凑,所以我找不到有用的工具来通过kubectl exec在pod或容器中运行。

问题:仅使用任何可能的群集工具可能是我的诊断选项?我可以检查哪种日志或可以读取哪些环境变量?

更新:

$ kubectl get pods

NAME                               READY     STATUS    RESTARTS   AGE
helianto-mailer-1024769093-6407d   2/2       Running   0          6d
helianto-spring-2246525676-l54p9   2/2       Running   0          6d
iservport-shipfo-12873703-wrh37    2/2       Running   0          13h

$ kubectl describe pod iservport-shipfo-12873703-wrh37

Name:           iservport-shipfo-12873703-wrh37
Namespace:      default
Node:           gke-iservport01-default-pool-xxx/xx.xx.xx.xx
Start Time:     Tue, 14 Mar 2017 17:28:18 -0300
Labels:         app=SHIPFO
                pod-template-hash=12873703
Status:         Running
IP:             yy.yy.yy.yy
Controllers:    ReplicaSet/iservport-shipfo-12873703
Containers:
  iservport-shipfo:
    Container ID:           docker://...
Image:              us.gcr.io/mvps-156214/iservport-xxx
Image ID:           docker://...
    Port:               8085/TCP
    Requests:
      cpu:              100m
    State:              Running
      Started:          Tue, 14 Mar 2017 17:28:33 -0300
    Ready:              True
    Restart Count:      0
    Volume Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-mmeza (ro)
    Environment Variables:
  SPRING_PROFILES_ACTIVE:   gcp
      HELIANTO_MAILER_URL:      http://10.35.254.197:8082
  cloudsql-proxy:
    Container ID:       docker://...
    Image:              b.gcr.io/cloudsql-docker/gce-proxy:1.05
    Image ID:           docker://...
    Port:               
    Command:
  /cloud_sql_proxy
  --dir=/cloudsql
  -instances=mvps-156214:us-east1-b:helianto01=tcp:3306
  -credential_file=/secrets/cloudsql/credentials.json
    Requests:
      cpu:              100m
    State:              Running
      Started:          Tue, 14 Mar 2017 17:28:33 -0300
    Ready:              True
    Restart Count:      0
    Volume Mounts:
      /cloudsql from cloudsql (rw)
      /etc/ssl/certs from ssl-certs (rw)
      /secrets/cloudsql from cloudsql-oauth-credentials (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-mmeza (ro)
    Environment Variables:      <none>
Conditions:
Type          Status
  Initialized   True 
  Ready         True 
  PodScheduled  True 
Volumes:
  cloudsql-oauth-credentials:
    Type:       Secret (a volume populated by a Secret)
    SecretName: cloudsql-oauth-credentials
  ssl-certs:
    Type:       HostPath (bare host directory volume)
    Path:       /etc/ssl/certs
  cloudsql:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     
  default-token-mmeza:
    Type:       Secret (a volume populated by a Secret)
    SecretName: default-token-mmeza
QoS Class:      Burstable
Tolerations:    <none>
No events.

$ kubectl get svc

NAME                      CLUSTER-IP      EXTERNAL-IP       PORT(S)                      AGE
helianto-mailer-service   10.35.254.197   <nodes>           443:32178/TCP,80:30771/TCP   12d
helianto-spring           10.35.241.27    xxx.xxx.xxx.xxx   80:30974/TCP                 52d
iservport-shipfo          10.35.240.129   xx.xxx.xxx.xxx    80:32598/TCP                 14h
kubernetes                10.35.240.1     <none>            443/TCP                      53d

$ kubectl描述svc iservport-shipfo

Name:                   iservport-shipfo
Namespace:              default
Labels:                 app=SHIPFO
Selector:               app=SHIPFO
Type:                   LoadBalancer
IP:                     10.35.240.129
LoadBalancer Ingress:   xx.xxx.xxx.xxx
Port:                   <unset> 80/TCP
NodePort:               <unset> 32598/TCP
Endpoints:              10.32.4.26:8085
Session Affinity:       None
No events.

2 个答案:

答案 0 :(得分:13)

您需要确保您的服务是否在http端口中响应。也许你可以从你的pod到你的桌面本地进行端口转发。请在命令下方替换pod_name,pod_port和local_port中的值。

kubectl port-forward <pod_name> <local_port>:<pod_port>

在此之后,访问http://localhost:local_port并验证是否返回了某些内容。这样,您可以确保您的应用程序是否正在响应。

答案 1 :(得分:0)

您可以连接到Kubernetes Worker主机并在那里进行诊断,因为从主机的角度来看,容器只是一个过程。