0

我在 Kubernetes 集群中的一个节点上运行了一个 heapster pod。它能够http://<node-with-heapster-pod>:10255/stats/summary正常工作,但只要它在另一个节点上运行相同的 get 请求,它就不能。当我从任何给定节点运行 curl 时,我可以访问该端口,但是当我从另一台机器 curl 任何节点时,我收到以下错误:

Failed to connect to 128.180.120.229 port 10255: No route to host

以下是 kubelet 正在侦听的所有端口的 netstat 输出:

netstat -ap | grep -i "listen" | grep "kubelet"
tcp        0      0 localhost:10248         0.0.0.0:*               LISTEN 7562/kubelet        
tcp6       0      0 [::]:4194               [::]:*                  LISTEN     7562/kubelet        
tcp6       0      0 [::]:10250              [::]:*                  LISTEN 7562/kubelet
tcp6       0      0 [::]:10255              [::]:*                  LISTEN      7562/kubelet      
unix  2      [ ACC ]     STREAM     LISTENING     621349   7562/kubelet       /var/run/dockershim.sock

我为凌乱的最后一栏道歉。任何想法为什么会这样?我的 iptables 规则设置为接受所有传入连接,并且任何节点都可以正常 ping 端口 10250,而不是 10255。

4

2 回答 2

0

If anybody still cares, port 10255 is the kubelet's read only port and may or may not be configured. You can confirm this by accessing the worker node in question then looking at the kubelet's startup command.

systemctl status kubelet-worker.service

Some on-prem kubernetes solutions set this to 0 as mentioned below

https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/

--read-only-port int32 The read-only port for the Kubelet to serve on with no authentication/authorization (set to 0 to disable) (default 10255) (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.)

于 2020-08-13T18:23:38.620 回答
0

您的系统上可能没有启用ip_forward 。你能检查一下这个设置吗?

 sysctl -n net.ipv4.ip_forward
于 2017-10-27T19:24:02.510 回答