Kubernetes入口服务NodePort仅监听tcp6 / ipv6而不监听tcp / ipv4

时间:2019-06-24 06:28:39

标签: kubernetes kubernetes-ingress

我通过helm install --name x2f1 stable/nginx-ingress --namespace ingress-nginx和服务使用头盔来设置了ingress-nginx:

apiVersion: v1
kind: Service
metadata:
  name: x2f1-ingress-nginx-svc
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  type: NodePort
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
      nodePort: 30080
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP
      nodePort: 30443
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

---

运行svc和po:

[ottuser@ottorc01 ~]$ kubectl get svc,po -n ingress-nginx
NAME                                         TYPE           CLUSTER-IP        EXTERNAL-IP   PORT(S)                      AGE
service/x2f1-ingress-nginx-svc               NodePort       192.168.34.116    <none>        80:30080/TCP,443:30443/TCP   2d18h
service/x2f1-nginx-ingress-controller        LoadBalancer   192.168.188.188   <pending>     80:32427/TCP,443:31726/TCP   2d18h
service/x2f1-nginx-ingress-default-backend   ClusterIP      192.168.156.175   <none>        80/TCP                       2d18h

NAME                                                      READY   STATUS    RESTARTS   AGE
pod/x2f1-nginx-ingress-controller-cd5fbd447-c4fqm         1/1     Running   0          2d18h
pod/x2f1-nginx-ingress-default-backend-67f8db4966-nlgdd   1/1     Running   0          2d18h

在那之后,我的nodePort:30080仅针对tcp6可用,因此,当尝试从其他虚拟机访问时,im面对连接被拒绝。

[ottuser@ottorc01 ~]$ netstat -tln | grep '30080'
tcp6       3      0 :::30080                :::*                    LISTEN
[ottuser@ottwrk02 ~]$ netstat -tln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:10248         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:10249         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:6443          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:2379          0.0.0.0:*               LISTEN
tcp        0      0 10.18.0.10:2379         0.0.0.0:*               LISTEN
tcp        0      0 10.18.0.10:2380         0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:33372         0.0.0.0:*               LISTEN
tcp6       0      0 :::10250                :::*                    LISTEN
tcp6       0      0 :::30443                :::*                    LISTEN
tcp6       0      0 :::32427                :::*                    LISTEN
tcp6       0      0 :::31726                :::*                    LISTEN
tcp6       0      0 :::10256                :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 :::30462                :::*                    LISTEN
tcp6       0      0 :::30080                :::*                    LISTEN

来自pod/x2f1-nginx-ingress-controller-cd5fbd447-c4fqm的日志:

[ottuser@ottorc01 ~]$ kubectl logs pod/x2f1-nginx-ingress-controller-cd5fbd447-c4fqm -n ingress-nginx --tail 50
-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:    0.24.1
  Build:      git-ce418168f
  Repository: https://github.com/kubernetes/ingress-nginx
-------------------------------------------------------------------------------

I0621 11:48:26.952213       6 flags.go:185] Watching for Ingress class: nginx
W0621 11:48:26.952772       6 flags.go:214] SSL certificate chain completion is disabled (--enable-ssl-chain-completion=false)
nginx version: nginx/1.15.10
W0621 11:48:26.961458       6 client_config.go:549] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
I0621 11:48:26.961913       6 main.go:205] Creating API client for https://192.168.0.1:443
I0621 11:48:26.980673       6 main.go:249] Running in Kubernetes cluster version v1.14 (v1.14.1) - git (clean) commit b7394102d6ef778017f2ca4046abbaa23b88c290 - platform linux/amd64
I0621 11:48:26.986341       6 main.go:102] Validated ingress-nginx/x2f1-nginx-ingress-default-backend as the default backend.
I0621 11:48:27.339581       6 main.go:124] Created fake certificate with PemFileName: /etc/ingress-controller/ssl/default-fake-certificate.pem
I0621 11:48:27.384666       6 nginx.go:265] Starting NGINX Ingress controller
I0621 11:48:27.403396       6 event.go:209] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"ingress-nginx", Name:"x2f1-nginx-ingress-controller", UID:"89b4caf0-941a-11e9-a0fb-005056010a71", APIVersion:"v1", ResourceVersion:"1347806", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap ingress-nginx/x2f1-nginx-ingress-controller
I0621 11:48:28.585472       6 nginx.go:311] Starting NGINX process
I0621 11:48:28.585630       6 leaderelection.go:217] attempting to acquire leader lease  ingress-nginx/ingress-controller-leader-nginx...
W0621 11:48:28.586778       6 controller.go:373] Service "ingress-nginx/x2f1-nginx-ingress-default-backend" does not have any active Endpoint
I0621 11:48:28.586878       6 controller.go:170] Configuration changes detected, backend reload required.
I0621 11:48:28.592786       6 status.go:86] new leader elected: x2f1-ngin-nginx-ingress-controller-567f495994-hmcqq
I0621 11:48:28.761600       6 controller.go:188] Backend successfully reloaded.
I0621 11:48:28.761677       6 controller.go:202] Initial sync, sleeping for 1 second.
[21/Jun/2019:11:48:29 +0000]TCP200000.001
W0621 11:48:32.444623       6 controller.go:373] Service "ingress-nginx/x2f1-nginx-ingress-default-backend" does not have any active Endpoint
[21/Jun/2019:11:48:35 +0000]TCP200000.000
I0621 11:49:05.793313       6 status.go:86] new leader elected: x2f1-nginx-ingress-controller-cd5fbd447-c4fqm
I0621 11:49:05.793331       6 leaderelection.go:227] successfully acquired lease ingress-nginx/ingress-controller-leader-nginx
I0621 11:53:08.579333       6 controller.go:170] Configuration changes detected, backend reload required.
I0621 11:53:08.579639       6 event.go:209] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"ott", Name:"hie-01-hie", UID:"32678e25-941b-11e9-a0fb-005056010a71", APIVersion:"extensions/v1beta1", ResourceVersion:"1348532", FieldPath:""}): type: 'Normal' reason: 'CREATE' Ingress ott/hie-01-hie
I0621 11:53:08.764204       6 controller.go:188] Backend successfully reloaded.
[21/Jun/2019:11:53:08 +0000]TCP200000.000
I0621 11:54:05.812798       6 status.go:295] updating Ingress ott/hie-01-hie status from [] to [{ }]

[ottuser@ottorc01 ~]$ sudo ss -l -t -p | grep 30080
LISTEN     3      128       :::30080                   :::*                     users:(("kube-proxy",pid=29346,fd=15))

是否有任何方法可以对其进行更深入的调试或将该端口添加到tcp / ipv4。如果我身边还有不清楚的地方,请告诉我。预先感谢。

1 个答案:

答案 0 :(得分:0)

这不是tcp6的问题。

在大多数现代Linux发行版(包括Container Linux)上, tcp6也将暗示tcp4。

问题本身与您的x2f1-ingress-nginx-svc服务有关,尤其是选择器,与任何广告连播都不匹配

selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

如果愿意

kubectl get ep -n ingress-nginx

您会看到该服务没有端点

NAME                                 ENDPOINTS                        AGE
x2f1-ingress-nginx-svc               <none>                           13m

现在的问题是您要使用此服务公开什么?

例如,如果您要公开x2f1-nginx-ingress-controller(即使头盔已经创建了适当的服务),您的Yaml也应该像这样:

apiVersion: v1
kind: Service
metadata:
  name: x2f1-ingress-nginx-svc
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  type: NodePort
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
      nodePort: 30080
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP
      nodePort: 30443
  selector:
     app: nginx-ingress
     component: controller