1

我在 Kubernetes 中遇到网络问题。我试图保留对 clusterIP 服务的传入请求的源 IP,但我发现这些请求似乎是源 NAT'd。也就是说,它们携带节点的 IP 地址作为源 IP,而不是发出请求的 pod 的 IP。我在这里关注集群 IP 的示例:https : //kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-type-clusterip 但我发现 Kubernetes 的行为对我来说完全不同。上面的示例让我部署了一个报告源 IP 的回显服务器。这部署在我从运行busybox的单独pod请求的clusterIP服务后面。来自回显服务器的响应如下:

CLIENT VALUES:
client_address=10.1.36.1
command=GET
real path=/
query=nil
request_version=1.1
request_uri=http://10.152.183.99:8080/
SERVER VALUES:
server_version=nginx: 1.10.0 - lua: 10001
HEADERS RECEIVED:
connection=close
host=10.152.183.99
user-agent=Wget
BODY

源 IP 10.1.36.1 属于该节点。我希望看到busybox的地址是10.1.36.168。有谁知道为什么要为 clusterIP 启用 SNAT?我真的很奇怪,这直接与官方文档相矛盾。(已编辑)

所有这些都在同一个节点上运行。该节点以 iptables 模式运行。我正在使用 microk8s。

我的 microk8s 版本:

Client:
  Version:  v1.2.5
  Revision: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
Server:
  Version:  v1.2.5
  Revision: bb71b10fd8f58240ca47fbb579b9d1028eea7c84

输出kubectl describe service clusterip

Name:              clusterip
Namespace:         default
Labels:            app=source-ip-app
Annotations:       <none>
Selector:          app=source-ip-app
Type:              ClusterIP
IP:                10.152.183.106
Port:              <unset>  80/TCP
TargetPort:        8080/TCP
Endpoints:         10.1.36.225:8080
Session Affinity:  None
Events:            <none>

输出kubectl describe pod source-ip-app-7c79c78698-xgd5w

Name:         source-ip-app-7c79c78698-xgd5w
Namespace:    default
Priority:     0
Node:         riley-virtualbox/10.0.2.15
Start Time:   Wed, 12 Feb 2020 09:19:18 -0600
Labels:       app=source-ip-app
              pod-template-hash=7c79c78698
Annotations:  <none>
Status:       Running
IP:           10.1.36.225
IPs:
  IP:           10.1.36.225
Controlled By:  ReplicaSet/source-ip-app-7c79c78698
Containers:
  echoserver:
    Container ID:   containerd://6775c010145d3951d067e3bb062bea9b70d305f96f84aa870963a8b385a4a118
    Image:          k8s.gcr.io/echoserver:1.4
    Image ID:       sha256:523cad1a4df732d41406c9de49f932cd60d56ffd50619158a2977fd1066028f9
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Wed, 12 Feb 2020 09:19:23 -0600
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-7pszf (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  default-token-7pszf:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-7pszf
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type    Reason     Age        From                       Message
  ----    ------     ----       ----                       -------
  Normal  Scheduled  <unknown>  default-scheduler          Successfully assigned default/source-ip-app-7c79c78698-xgd5w to riley-virtualbox
  Normal  Pulled     2m58s      kubelet, riley-virtualbox  Container image "k8s.gcr.io/echoserver:1.4" already present on machine
  Normal  Created    2m55s      kubelet, riley-virtualbox  Created container echoserver
  Normal  Started    2m54s      kubelet, riley-virtualbox  Started container echoserver
4

0 回答 0