Kubernetes DNS查找未从工作节点运行-连接超时;无法访问任何服务器
我已经用Calico CNI构建了新Kubernetes集群V1.20.1单主机和单节点。
我在默认名称空间中部署了busyboxPOD。
# kubectl get pods busybox -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
busybox 1/1 Running 0 12m 10.203.0.129 node02 <none> <none>
nslookup不工作
kubectl exec -ti busybox -- nslookup kubernetes.default
Server: 10.96.0.10
Address 1: 10.96.0.10
nslookup: can't resolve 'kubernetes.default'
# kubectl exec -i -t dnsutils -- nslookup kubernetes.default
;; connection timed out; no servers could be reached
command terminated with exit code 1
# kubectl exec -ti dnsutils -- cat /etc/resolv.conf
search default.svc.cluster.local svc.cluster.local cluster.local
nameserver 10.96.0.10
options ndots:5
# kubectl get pods --namespace=kube-system -l k8s-app=kube-dns
NAME READY STATUS RESTARTS AGE
coredns-74ff55c5b-472vx 1/1 Running 1 85m
coredns-74ff55c5b-c75bq 1/1 Running 1 85m
DNS pod日志
kubectl logs --namespace=kube-system -l k8s-app=kube-dns
.:53
[INFO] plugin/reload: Running configuration MD5 = db32ca3650231d74073ff4cf814959a7
CoreDNS-1.7.0
linux/amd64, go1.14.4, f59c03d
.:53
[INFO] plugin/reload: Running configuration MD5 = db32ca3650231d74073ff4cf814959a7
CoreDNS-1.7.0
linux/amd64, go1.14.4, f59c03d
服务已定义
# kubectl get svc --namespace=kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 86m
**I can see the endpoints of DNS pod**
# kubectl get endpoints kube-dns --namespace=kube-system
NAME ENDPOINTS AGE
kube-dns 10.203.0.5:53,10.203.0.6:53,10.203.0.5:53 + 3 more... 86m
已启用日志记录,但未看到通信到达DNS pod
# kubectl logs --namespace=kube-system -l k8s-app=kube-dns
.:53
[INFO] plugin/reload: Running configuration MD5 = db32ca3650231d74073ff4cf814959a7
CoreDNS-1.7.0
linux/amd64, go1.14.4, f59c03d
.:53
[INFO] plugin/reload: Running configuration MD5 = db32ca3650231d74073ff4cf814959a7
CoreDNS-1.7.0
linux/amd64, go1.14.4, f59c03d
# kubectl exec -i -t dnsutils -- ping 10.203.0.5
PING 10.203.0.5 (10.203.0.5): 56 data bytes
64 bytes from 10.203.0.5: seq=0 ttl=62 time=6.024 ms
64 bytes from 10.203.0.5: seq=1 ttl=62 time=6.052 ms
64 bytes from 10.203.0.5: seq=2 ttl=62 time=6.175 ms
64 bytes from 10.203.0.5: seq=3 ttl=62 time=6.000 ms
^C
--- 10.203.0.5 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 6.000/6.062/6.175 ms
# ke netshoot-6f677d4fdf-5t5cb -- nmap 10.203.0.5
Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-15 22:29 UTC
Nmap scan report for 10.203.0.5
Host is up (0.0060s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
53/tcp filtered domain
8080/tcp filtered http-proxy
8181/tcp filtered intermapper
Nmap done: 1 IP address (1 host up) scanned in 14.33 seconds
# ke netshoot -- bash
bash-5.0# nslookup kubernetes.default
Server: 10.96.0.10
Address: 10.96.0.10#53
Name: kubernetes.default.svc.cluster.local
Address: 10.96.0.1
nmap -p 53 10.96.0.10
Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-15 22:46 UTC
Nmap scan report for kube-dns.kube-system.svc.cluster.local (10.96.0.10)
Host is up (0.000098s latency).
PORT STATE SERVICE
53/tcp open domain
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
# cat kubeadm-config.yaml
---
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
nodeRegistration:
criSocket: unix:///run/containerd/containerd.sock
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
kubeletExtraArgs:
cgroup-driver: "systemd"
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: stable
controlPlaneEndpoint: "master01:6443"
networking:
dnsDomain: cluster.local
podSubnet: 10.0.0.0/14
serviceSubnet: 10.96.0.0/12
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs
“
共有1个答案
首先,根据文档-请注意,Calico和kubeadm支持CentOS/RHEL7+。
在Calico和kubeadm文档中,我们可以看到它们只支持RHEL7+。
默认情况下,RHEL8使用nftables而不是Iptables(我们仍然可以使用Iptables,但是RHEL8上的“Iptables”实际上是在后台使用内核的nft框架--看看“RHEL8上运行Iptables”)。
9.2.1.nftables取代iptables作为默认的网络数据包过滤框架
我认为nftables可能会导致此网络问题,因为我们可以在nftables采用页面上找到:
Kubernetes还不支持nftables。
注意:现在我强烈建议您使用RHEL7而不是RHEL8。
-
null
root@kmaster:~# kubectl get pod,svc -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/web 1/1 Running 0 112s 10.99.32.1 kworker <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes ClusterIP 10.99.0.1 <none> 443/TCP 5m51s <none>
root@kmaster:~# kubectl exec -it web -- bash
root@web:/# nslookup kubernetes.default
Server: 10.99.0.10
Address: 10.99.0.10#53
Name: kubernetes.default.svc.cluster.local
Address: 10.99.0.1
root@web:/#
-
工作节点1上的Curl对群集IP来说是最合适的(这是运行pod的节点) Curl在其他工作节点上也失败:
-
我在我的Ubuntu服务器上安装了jenkins。它说它正在运行,但我无法从本地计算机连接浏览器,也无法访问服务器的桌面以检查是否可以从本地主机连接。 补充信息: 返回: ● 詹金斯。服务-LSB:启动时启动Jenkins加载:加载(/etc/init.d/Jenkins;错误;供应商预设:启用)激活:自2018-09-13 14:46:08-03起激活(退出);1小时11分钟前文档:man:sy
-
我正在遵循这个教程,在数字海洋Ubuntu发行版上设置一个节点项目。显示服务处于联机状态: 但是,当我试图导航到域时,我得到了一个拒绝连接的错误。如果我使用npm Start运行,应用程序在端口5000上启动良好。我已经安装并配置了Nginx,如下所示: 节点版本为V6.3.0,pm2版本为1.1.3。
-
我正在尝试在minikube(Windows-10)上部署简单的spring boot REST服务。下面是我的配置 Docker文件 docker image运行良好,我能够运行该应用程序。 部署 服务 我无法使用< code > service-IP:node port/Uri < br > http://127 . 0 . 0 . 1:30008/hello访问restendpoint ht
-
jps输出正确: 在主机上: 在5个从节点上:
-
我在威睿vSphere私有云上裸机部署了库伯内特斯集群。 规格: 操作系统:Ubuntu 20.04.3云映像(也尝试18.04和21.04) 库伯内特斯:1.23.1(也尝试1.21.8)-使用kubeadm和库贝-agent(具有严格的ARP和ipvs模式) CRI:Docker 20.10.12 MetalLB v0.11.0(第2层模式) 纤毛1.11.1 子网192.168.50.0/2