问题:
为什么ingress-nginx-controller pod总是建立到endpoint的IPv4 TCP连接?
姚俊贤
我们已经在2个VM上使用了dualstack特性,提出了k8s集群。我们叫他们nodeA,Nodeb。nodeA是主节点,nodeB是工作节点。
下面的输出给出了关于群集配置的信息
# ps -eaf | grep kubeapi
root 2593936 2593910 4 Mar16 ? 1-00:16:14 kube-apiserver --advertise-address=10.4.0.85
--allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt
--enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true --etcd-
cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-
client.crt --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key --etcd-
servers=https://127.0.0.1:2379 --feature-gates=IPv6DualStack=true --insecure-port=0 --kubelet-
client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt --kubelet-client-
key=/etc/kubernetes/pki/apiserver-kubelet-client.key --kubelet-preferred-address-
types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-
client.crt --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key --requestheader-
allowed-names=front-proxy-client --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-
ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-
Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-
issuer=https://kubernetes.default.svc.cluster.local --service-account-key-
file=/etc/kubernetes/pki/sa.pub --service-account-signing-key-file=/etc/kubernetes/pki/sa.key --
service-cluster-ip-range=10.244.1.0/24,2001:db8:1234:5678:8:2::/112 --tls-cert-
file=/etc/kubernetes/pki/apiserver.crt --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
我们创建了ClusterIP服务apple-service和ingress-nginx-controller nodePort服务,如下所示
# kubectl describe svc apple-service
Name: apple-service
Namespace: default
Labels: <none>
Annotations: <none>
Selector: app=apple
Type: ClusterIP
IP Family Policy: PreferDualStack
IP Families: IPv4,IPv6
IP: 10.244.1.104
IPs: 10.244.1.104,2001:db8:1234:5678:8:2:0:6294
Port: <unset> 5678/TCP
TargetPort: 5678/TCP
Endpoints: 10.244.2.150:5678,10.244.2.151:5678
Session Affinity: None
Events: <none>
# kubectl describe svc ingress-nginx-controller -n ingress-nginx
Name: ingress-nginx-controller
Namespace: ingress-nginx
Labels: app.kubernetes.io/component=controller
app.kubernetes.io/instance=ingress-nginx
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=ingress-nginx
app.kubernetes.io/version=0.44.0
helm.sh/chart=ingress-nginx-3.23.0
Annotations: <none>
Selector:
app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-
nginx,app.kubernetes.io/name=ingress-nginx
Type: NodePort
IP Family Policy: PreferDualStack
IP Families: IPv4,IPv6
IP: 10.244.1.4
IPs: 10.244.1.4,2001:db8:1234:5678:8:2:0:6033
Port: http 80/TCP
TargetPort: http/TCP
NodePort: http 31003/TCP
Endpoints: 10.244.2.144:80
Port: https 443/TCP
TargetPort: https/TCP
NodePort: https 31801/TCP
Endpoints: 10.244.2.144:443
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
# kubectl describe ep apple-service
Name: apple-service
Namespace: default
Labels: <none>
Annotations: endpoints.kubernetes.io/last-change-trigger-time: 2021-04-01T12:53:37Z
Subsets:
Addresses: 10.244.2.150,10.244.2.151
NotReadyAddresses: <none>
Ports:
Name Port Protocol
---- ---- --------
<unset> 5678 TCP
Events: <none>
# kubectl describe ingress
Name: example-ingress
Namespace: default
Address: 10.11.0.58
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
*
/apple apple-service:5678 (10.244.2.150:5678,10.244.2.151:5678)
Annotations: nginx.ingress.kubernetes.io/rewrite-target: /
Events: <none>
# kubectl describe pod apple-app-1
Name: apple-app-1
Namespace: default
Priority: 0
Node: ccd-focal-clus1-2/10.11.0.58
Start Time: Thu, 01 Apr 2021 12:38:56 +0000
Labels: app=apple
Annotations: cni.projectcalico.org/podIP: 10.244.2.150/32
cni.projectcalico.org/podIPs: 10.244.2.150/32,2001:db8:1234:5678:8:3:0:3295/128
Status: Running
IP: 10.244.2.150
IPs:
IP: 10.244.2.150
IP: 2001:db8:1234:5678:8:3:0:3295
...
# kubectl describe pod apple-app-2
Name: apple-app-2
Namespace: default
Priority: 0
Node: ccd-focal-clus1-2/10.11.0.58
Start Time: Thu, 01 Apr 2021 12:53:34 +0000
Labels: app=apple
Annotations: cni.projectcalico.org/podIP: 10.244.2.151/32
cni.projectcalico.org/podIPs: 10.244.2.151/32,2001:db8:1234:5678:8:3:0:3296/128
Status: Running
IP: 10.244.2.151
IPs:
IP: 10.244.2.151
IP: 2001:db8:1234:5678:8:3:0:3296
# kubectl describe pods ingress-nginx-controller-67897c9494-s4fkw -n ingress-nginx
Name: ingress-nginx-controller-67897c9494-s4fkw
Namespace: ingress-nginx
Priority: 0
Node: ccd-focal-clus1-2/10.11.0.58
Start Time: Wed, 31 Mar 2021 14:53:49 +0000
Labels: app.kubernetes.io/component=controller
app.kubernetes.io/instance=ingress-nginx
app.kubernetes.io/name=ingress-nginx
pod-template-hash=67897c9494
Annotations: cni.projectcalico.org/podIP: 10.244.2.144/32
cni.projectcalico.org/podIPs: 10.244.2.144/32,2001:db8:1234:5678:8:3:0:328f/128
Status: Running
IP: 10.244.2.144
IPs:
IP: 10.244.2.144
IP: 2001:db8:1234:5678:8:3:0:328f
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.11.0.137 netmask 255.255.255.0 broadcast 10.11.0.255
inet6 2001:db8:100:c1::287 prefixlen 128 scopeid 0x0<global>
inet6 fe80::f816:3eff:fed5:1b32 prefixlen 64 scopeid 0x20<link>
ether fa:16:3e:d5:1b:32 txqueuelen 1000 (Ethernet)
RX packets 350743 bytes 51111859 (51.1 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4874839 bytes 386319524 (386.3 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.4.0.85 netmask 255.255.255.0 broadcast 10.4.0.255
inet6 2001:db8:100:a1::1a6 prefixlen 128 scopeid 0x0<global>
inet6 fe80::f816:3eff:fe53:adc5 prefixlen 64 scopeid 0x20<link>
ether fa:16:3e:53:ad:c5 txqueuelen 1000 (Ethernet)
RX packets 6942419 bytes 1695386713 (1.6 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8330231 bytes 2487914325 (2.4 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
nodeB(worker)ifconfig输出如下:
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.11.0.58 netmask 255.255.255.0 broadcast 10.11.0.255
inet6 2001:db8:100:c1::12a prefixlen 128 scopeid 0x0<global>
inet6 fe80::f816:3eff:fe6e:35da prefixlen 64 scopeid 0x20<link>
ether fa:16:3e:6e:35:da txqueuelen 1000 (Ethernet)
RX packets 134737 bytes 15951676 (15.9 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 153842 bytes 35255446 (35.2 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.4.0.45 netmask 255.255.255.0 broadcast 10.4.0.255
inet6 fe80::f816:3eff:fe15:91ba prefixlen 64 scopeid 0x20<link>
inet6 2001:db8:100:a1::9 prefixlen 128 scopeid 0x0<global>
ether fa:16:3e:15:91:ba txqueuelen 1000 (Ethernet)
RX packets 6918097 bytes 3530410872 (3.5 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5392656 bytes 638310030 (638.3 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
当我们执行“curl-lo http://[2001:DB8:100:C1::12A]:31003/Apple”时,我们看到IPv6 TCP连接是用ingress-nginx-controller address 2001:DB8:1234:5678:8:3:0:328F建立的。从入口-nginx-controller pod到后端pod,建立了IPv4 TCP连接。即10.244.2.144->10.244.2.151(apple-app-2)。
共有1个答案
曾皓
正如您可以在Validate IPv4/IPv6双堆栈文档中找到的那样,.spec.ipfamilies数组中IPfamilies的顺序很重要。
Kubernetes将同时分配IPv4和IPv6地址(因为该集群启用了双堆栈),并根据。spec.IPFamilies数组中第一个元素的地址族从。spec.clusterIP列表中选择。spec.clusterIP。
您将IPv4指定为.spec.ipfamilies中的第一个数组元素,因此Kubernetes从IPv4范围为该服务分配了群集IP。
# kubectl describe svc apple-service
Name: apple-service
...
IP Family Policy: PreferDualStack
IP Families: IPv4,IPv6
IP: 10.244.1.104
更改IPfamilies的顺序将解决此问题:
spec:
ipFamilies:
- IPv6
- IPv4
我创建了一个简单的示例来说明它是如何工作的。
我使用ClusterIP服务公开了一个APP-1部署:
# kubectl get deploy,pod,svc
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/app-1 1/1 1 1 52m
NAME READY STATUS RESTARTS AGE
pod/app-1-5d9ccdb595-nrljs 1/1 Running 0 52m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/app-1 ClusterIP 2001:db8:42:1::f4a0 <none> 80/TCP 19m
# kubectl describe ing
Name: example-ingress
Namespace: default
Address: 10.0.0.5
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
*
/app-1 app-1:80 ([2001:db8:42:cd:2fba:8d83:9906:4d8f]:80)
# kubectl get svc ingress-nginx-controller -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.96.60.120 <none> 80:31072/TCP,443:30408/TCP 133m
# cat svc.yml
apiVersion: v1
kind: Service
metadata:
labels:
app: app-1
name: app-1
namespace: default
spec:
ipFamilies:
- IPv6
- IPv4
ipFamilyPolicy: PreferDualStack
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: app-1
sessionAffinity: None
type: ClusterIP
# kubectl exec -it app-1-5d9ccdb595-nrljs -- bash
root@app-1-5d9ccdb595-nrljs:/# tcpdump -n 'port 80'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:02:06.918674 IP6 2001:db8:42:cd:2fba:8d83:9906:4d8e.54406 > 2001:db8:42:cd:2fba:8d83:9906:4d8f.80: Flags [S], seq 3544899375, win 64860, options [mss 1380,sackOK,TS val 2211355791 ecr 0,nop,wscale 7], length 0
11:02:06.918705 IP6 2001:db8:42:cd:2fba:8d83:9906:4d8f.80 > 2001:db8:42:cd:2fba:8d83:9906:4d8e.54406: Flags [S.], seq 1030071611, ack 3544899376, win 64296, options [mss 1380,sackOK,TS val 1923799370 ecr 2211355791,nop,wscale 7], length 0
11:02:06.918736 IP6 2001:db8:42:cd:2fba:8d83:9906:4d8e.54406 > 2001:db8:42:cd:2fba:8d83:9906:4d8f.80: Flags [.], ack 1, win 507, options [nop,nop,TS val 2211355791 ecr 1923799370], length 0
11:02:06.918787 IP6 2001:db8:42:cd:2fba:8d83:9906:4d8e.54406 > 2001:db8:42:cd:2fba:8d83:9906:4d8f.80: Flags [P.], seq 1:353, ack 1, win 507, options [nop,nop,TS val 2211355791 ecr 1923799370], length 352: HTTP: GET / HTTP/1.1
11:02:06.918794 IP6 2001:db8:42:cd:2fba:8d83:9906:4d8f.80 > 2001:db8:42:cd:2fba:8d83:9906:4d8e.54406: Flags [.], ack 353, win 502, options [nop,nop,TS val 1923799370 ecr 2211355791], length 0
11:02:06.919421 IP6 2001:db8:42:cd:2fba:8d83:9906:4d8f.80 > 2001:db8:42:cd:2fba:8d83:9906:4d8e.54406: Flags [P.], seq 1:240, ack 353, win 502, options [nop,nop,TS val 1923799371 ecr 2211355791], length 239: HTTP: HTTP/1.1 200 OK
11:02:06.919455 IP6 2001:db8:42:cd:2fba:8d83:9906:4d8e.54406 > 2001:db8:42:cd:2fba:8d83:9906:4d8f.80: Flags [.], ack 240, win 506, options [nop,nop,TS val 2211355792 ecr 1923799371], length 0
类似资料:
-
问题内容: 我在PHP应用程序中使用PDO。它连接到同一服务器上的MySQL服务器: 我创建了两个页面,它们具有相同的输出(只是纯HTML中的一些虚拟数据),其中之一包含创建PDO的调用。如果我打开不使用连接的页面,则响应速度将加快0.5到1秒。 问题答案: 我一直在进行一些谷歌搜索,在阅读了此主题之后,我更改为。那解决了问题。
-
本文向大家介绍谈一下,为什么tcp为什么要建立连接?相关面试题,主要包含被问及谈一下,为什么tcp为什么要建立连接?时的应答技巧和注意事项,需要的朋友参考一下 考察点:TCP 保证可靠传输。
-
来自服务器的错误(InternalError):创建“stdin”时出错:出现内部错误:调用webhook“validate.nginx.ingress.kubernetes.io”失败:Post https://Ingress-nginx-controller-accemsion.Ingress-nginx.controller.svc:443/extensions/v1beta1/Ingres
-
NGINX Ingress Controller Overview ingress-nginx is an Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer. Learn more about Ingress on the main Kubernetes documentation
-
我已经介绍了SO的所有解决方案,以解决NetworkOnMainThreadException(包括异步类),但仍然存在一些问题 这是我的简单代码: 活动主类别: MyTask类: 但仍然: 注意: 如果我把: 它确实有效: 问题 我做错了什么? 完整堆栈跟踪:http://jsbin.com/bilafi/2/edit 我所做的就是加载json文件! onPostExecute的完整代码: