Fatal编程技术网
  • dns/
  • Dns 为什么我不能连接kubernetes星团的一个吊舱中的其他吊舱?

Dns 为什么我不能连接kubernetes星团的一个吊舱中的其他吊舱?

dns kubernetes

Dns 为什么我不能连接kubernetes星团的一个吊舱中的其他吊舱?,dns,kubernetes,Dns,Kubernetes,我已经完成了所有kubernetes DNS服务配置,并测试它是否正常运行。但是我如何从serviceName(DNS域名)访问pod 吊舱列表: [root@localhost ~]# kubectl get pod NAME READY STATUS RESTARTS AGE bj001-y1o2i 3/3 Running 12 20h dns-itc8d 3/3 Running 18

我已经完成了所有kubernetes DNS服务配置,并测试它是否正常运行。但是我如何从serviceName(DNS域名)访问pod

吊舱列表

[root@localhost ~]# kubectl get pod
NAME          READY     STATUS    RESTARTS   AGE
bj001-y1o2i   3/3       Running   12         20h
dns-itc8d     3/3       Running   18         1d
nginx-rc5bh   1/1       Running   1          15h

[root@localhost ~]# kb get svc
NAME         CLUSTER_IP       EXTERNAL_IP   PORT(S)               SELECTOR    AGE
bj001        10.254.54.162    172.16.2.51   30101/TCP,30102/TCP   app=bj001   1d
dns          10.254.0.2       <none>        53/UDP,53/TCP         app=dns     1d
kubernetes   10.254.0.1       <none>        443/TCP               <none>      8d
nginx        10.254.72.30     172.16.2.51   80/TCP                app=nginx   20h

[root@localhost ~]# kb get endpoints
NAME         ENDPOINTS                            AGE
bj001        172.17.12.3:18010,172.17.12.3:3306   1d
dns          172.17.87.3:53,172.17.87.3:53        1d
kubernetes   172.16.2.50:6443                     8d
nginx        172.17.12.2:80                       20h
服务列表

[root@localhost ~]# kubectl get pod
NAME          READY     STATUS    RESTARTS   AGE
bj001-y1o2i   3/3       Running   12         20h
dns-itc8d     3/3       Running   18         1d
nginx-rc5bh   1/1       Running   1          15h

[root@localhost ~]# kb get svc
NAME         CLUSTER_IP       EXTERNAL_IP   PORT(S)               SELECTOR    AGE
bj001        10.254.54.162    172.16.2.51   30101/TCP,30102/TCP   app=bj001   1d
dns          10.254.0.2       <none>        53/UDP,53/TCP         app=dns     1d
kubernetes   10.254.0.1       <none>        443/TCP               <none>      8d
nginx        10.254.72.30     172.16.2.51   80/TCP                app=nginx   20h

[root@localhost ~]# kb get endpoints
NAME         ENDPOINTS                            AGE
bj001        172.17.12.3:18010,172.17.12.3:3306   1d
dns          172.17.87.3:53,172.17.87.3:53        1d
kubernetes   172.16.2.50:6443                     8d
nginx        172.17.12.2:80                       20h
在nginx pod中,我可以ping pod bj001,并找到DNS名称,但无法ping DNS域名

像这样:

[root@localhost ~]# kb exec -it nginx-rc5bh sh
sh-4.2# nslookup bj001  
Server:     10.254.0.2
Address:    10.254.0.2#53

Name:   bj001.default.svc.cluster.local
Address: 10.254.54.162

sh-4.2# ping 172.17.12.3
PING 172.17.12.3 (172.17.12.3) 56(84) bytes of data.
64 bytes from 172.17.12.3: icmp_seq=1 ttl=64 time=0.073 ms
64 bytes from 172.17.12.3: icmp_seq=2 ttl=64 time=0.082 ms
64 bytes from 172.17.12.3: icmp_seq=3 ttl=64 time=0.088 ms
64 bytes from 172.17.12.3: icmp_seq=4 ttl=64 time=0.105 ms
^C
--- 172.17.12.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.073/0.087/0.105/0.011 ms

sh-4.2# ping bj001
PING bj001.default.svc.cluster.local (10.254.54.162) 56(84) bytes of data.
^C
--- bj001.default.svc.cluster.local ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms
我发现了我的错。 kubernetes使用iptables以不同的pod进行传输。因此,我们应该在{spec.ports}中设置所有使用的端口,就像我的问题一样,18010端口必须打开

[root@localhost ~]# kb get svc
NAME         CLUSTER_IP      EXTERNAL_IP   PORT(S)              SELECTOR    AGE
bj001        10.254.91.218   <none>        3306/TCP,18010/TCP   app=bj001   41m
dns          10.254.0.2      <none>        53/UDP,53/TCP        app=dns     1d
kubernetes   10.254.0.1      <none>        443/TCP              <none>      8d
nginx        10.254.72.30    172.16.2.51   80/TCP               app=nginx   1d

[root@localhost~]#kb获取svc
名称群集\u IP外部\u IP端口选择器年龄
bj001 10.254.91.218 3306/TCP,18010/TCP app=bj001 41m
dns 10.254.0.2 53/UDP,53/TCP应用程序=dns 1d
kubernetes 10.254.0.1 443/TCP 8d
nginx 10.254.72.30 172.16.2.51 80/TCP应用程序=nginx 1d
建议使用[telnet IP port]测试IP连接。通常,您应该允许节点之间的所有连接,因为许多端口可以随机分配。