环境
Linux Version: Linux k8smaster 3.10.0-514.2.2.el7.x86_64 #1 SMP Tue Dec 6 23:06:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
Vagrant Version: Installed Version: 1.9.1
Kubernetes Version: 1.5.2
Flannel Version: 0.7.0
Kubernetes群集
我使用vagrant来创建三个Centos虚拟机并指定私有ip。(eth0是默认的nat网络)
k8smaster: eth0:10.0.2.15 eth1:192.168.1.100
node01: eth0:10.0.2.15 eth1:192.168.1.1
node02: eth0:10.0.2.15 eth1:192.168.1.2
使用yum install安装kubernetes
On master: yum install kubernetes-master
On node: yum install kubernetes-node
配置群集以使群集可用
[root@k8smaster ~]# kubectl get nodes
NAME STATUS AGE
node01 Ready 1d
node02 Ready 1d
[root@k8smaster ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
heapster-1765662453-rzlhp 1/1 Running 0 20h
kube-dns-4264603877-wd7nq 4/4 Running 4 23h
kubernetes-dashboard-2405669852-7svw7 1/1 Running 0 19h
monitoring-grafana-3730655072-4z3b8 1/1 Running 0 20h
monitoring-influxdb-957705310-tvcqr 1/1 Running 0 20h
现在,我将为测试ClusterIP创建一个webapp
[root@k8smaster ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
webapp-61skd 1/1 Running 0 19h 10.1.27.3 node02
webapp-swqxg 1/1 Running 0 19h 10.1.21.5 node01
[root@k8smaster ~]# kubectl get svc
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes 10.254.0.1 <none> 443/TCP 1d
webapp 10.254.247.62 <none> 8081/TCP 18h
到目前为止,一切看起来都很正常!!!
现在,我在node01上访问ClusterIP(10.254.247.62:8081),有时可访问,有时无法访问!在node02上发生同样的问题。
奇怪的问题
我使用wireshark捕获flannel0上的数据包并检查容器在pod webapp中的access_log。
何时可访问:
The wireshark: (no context)
The access_log: 10.0.2.15 - - [15/Mar/2017:04:27:45 +0000] "GET / HTTP/1.1" 200 11250
无法访问时:
The wireshark: 2081 3222.487736215 10.0.2.15 -> 10.1.27.3 TCP 60 57184 > http-alt [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=90394425 TSecr=0 WS=128
the access_log: (no context)
检查iptables
[root@node02 ~]# iptables -t nat -S |grep webapp
-A KUBE-SEP-GK5MEJWLZBFFJJ45 -s 10.1.21.5/32 -m comment --comment "default/webapp:" -j KUBE-MARK-MASQ
-A KUBE-SEP-GK5MEJWLZBFFJJ45 -p tcp -m comment --comment "default/webapp:" -m tcp -j DNAT --to-destination 10.1.21.5:8080
-A KUBE-SEP-V6PLSL5CQOUVXPSD -s 10.1.27.3/32 -m comment --comment "default/webapp:" -j KUBE-MARK-MASQ
-A KUBE-SEP-V6PLSL5CQOUVXPSD -p tcp -m comment --comment "default/webapp:" -m tcp -j DNAT --to-destination 10.1.27.3:8080
-A KUBE-SERVICES -d 10.254.247.62/32 -p tcp -m comment --comment "default/webapp: cluster IP" -m tcp --dport 8081 -j KUBE-SVC-BL7FHTIPVYJBLWZN
-A KUBE-SVC-BL7FHTIPVYJBLWZN -m comment --comment "default/webapp:" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-GK5MEJWLZBFFJJ45
-A KUBE-SVC-BL7FHTIPVYJBLWZN -m comment --comment "default/webapp:" -j KUBE-SEP-V6PLSL5CQOUVXPSD
看起来很正常!!!
我真的不知道发生了什么,这让我很头疼!!!任何人都有一个很好的解决方案吗?
答案 0 :(得分:0)
sudo route add <kubernetes-clusterip> gw <kube-master-ip>
关于你的爪牙。
答案 1 :(得分:0)
[root@node01 kubernetes]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
10.1.0.0 0.0.0.0 255.255.0.0 U 0 0 0 flannel0
10.1.21.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
10.254.5.182 192.168.1.100 255.255.255.255 UGH 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
好吧,当我添加以下路由列表时,它可以工作,但我不知道为什么,我已经添加了一个导出到flannel0的路由,而不是工作!!!
route add ClusterIP dev docker0
是不是所有的包都被flannel0接口了?