一千萬個為什麽

搜索

如何在AWS實例上獲取eth1 ENI以響應NodePort請求?



在AWS中運行的Kubernetes 1.5群集。節點1(工作者)有一個額外的網絡接口分配給它一個靜態IP,所以如果你在節點上運行“ip addr show”,你會看到eth0,eth1和虛擬設備組。

有一個使用NodePort服務公開的web應用程序。該webapp的窗格正在Node1上運行。當我進入Node1時,我可以使用eth0或eth1的IP卷曲webapp,沒問題。當我跳入集群中的另一個工作節點時,我可以使用eth0而不是eth1來卷曲webapp。

有人可以告訴我需要做什麽來讓eth1響應對webapp pod的請求嗎?

這裏是ss -laptn |的結果grep kube:

LISTEN     0      128    127.0.0.1:10248                    *:*                   users:(("kubelet",pid=1270,fd=14))
LISTEN     0      128    127.0.0.1:10249                    *:*                   users:(("hyperkube",pid=2512,fd=5))
ESTAB      0      0      172.30.13.74:39240              172.30.10.12:8080                users:(("kubelet",pid=1270,fd=13))
ESTAB      0      0      172.30.13.74:45184              172.30.10.10:8080                users:(("kubelet",pid=1270,fd=30))
ESTAB      0      0      172.30.13.74:48968              172.30.10.11:443                 users:(("hyperkube",pid=2512,fd=26))
ESTAB      0      0      172.30.13.74:38854              172.30.10.10:8080                users:(("kubelet",pid=1270,fd=10))
ESTAB      0      0      172.30.13.74:42890              172.30.10.11:8080                users:(("kubelet",pid=1270,fd=20))
ESTAB      0      0      172.30.13.74:56880              172.30.10.10:8080                users:(("kubelet",pid=1270,fd=31))

它只列出了eth0的IP。雖然用於NodePort服務的端口正在監聽所有接口:

LISTEN     0      128         :::31102                   :::*                   users:(("hyperkube",pid=2512,fd=29))

這裏是iptables輸出,因為有人認為這可能是問題:

sudo iptables -L -v
Chain INPUT (policy ACCEPT 39 packets, 9060 bytes)
 pkts bytes target     prot opt in     out     source               destination
 194M   44G KUBE-FIREWALL  all  --  any    any     anywhere             anywhere

Chain FORWARD (policy ACCEPT 6 packets, 328 bytes)
 pkts bytes target     prot opt in     out     source               destination
 368M   67G DOCKER-ISOLATION  all  --  any    any     anywhere             anywhere
 181M   28G DOCKER     all  --  any    docker0  anywhere             anywhere
 179M   28G ACCEPT     all  --  any    docker0  anywhere             anywhere             ctstate RELATED,ESTABLISHED
 177M   38G ACCEPT     all  --  docker0 !docker0  anywhere             anywhere
19176 1151K ACCEPT     all  --  docker0 docker0  anywhere             anywhere

Chain OUTPUT (policy ACCEPT 43 packets, 7339 bytes)
 pkts bytes target     prot opt in     out     source               destination
 198M   73G KUBE-SERVICES  all  --  any    any     anywhere             anywhere             /* kubernetes service portals */
 198M   73G KUBE-FIREWALL  all  --  any    any     anywhere             anywhere

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER-ISOLATION (1 references)
 pkts bytes target     prot opt in     out     source               destination
 368M   67G RETURN     all  --  any    any     anywhere             anywhere

Chain KUBE-FIREWALL (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  any    any     anywhere             anywhere             /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000

在我嘗試從下列群集中的示例節點上路由表:

default via 172.30.11.1 dev eth0  proto dhcp  src 172.30.11.119  metric 1024
10.2.0.0/16 dev flannel.1
10.2.13.0/24 dev docker0  proto kernel  scope link  src 10.2.13.1
172.30.11.0/24 dev eth0  proto kernel  scope link  src 172.30.11.119
172.30.11.1 dev eth0  proto dhcp  scope link  src 172.30.11.119  metric 1024

來自多宿主節點的路由表,我試圖將其中一個:

default via 172.30.13.1 dev eth0  proto dhcp  src 172.30.13.74  metric 1024
default via 172.30.13.1 dev eth1  proto dhcp  src 172.30.13.250  metric 1024
10.2.0.0/16 dev flannel.1
10.2.75.0/24 dev docker0  proto kernel  scope link  src 10.2.75.1
172.30.13.0/24 dev eth0  proto kernel  scope link  src 172.30.13.74
172.30.13.0/24 dev eth1  proto kernel  scope link  src 172.30.13.250
172.30.13.1 dev eth0  proto dhcp  scope link  src 172.30.13.74  metric 1024
172.30.13.1 dev eth1  proto dhcp  scope link  src 172.30.13.250  metric 1024

轉載註明原文: 如何在AWS實例上獲取eth1 ENI以響應NodePort請求?

一共有 0 個回答: