我有一个带有两个容器(这是一个Dapr应用程序)的 pod,online 和 daprd。可以访问在线的端点,但是无法访问daprd。我不知道为什么。
Namespace: default
Priority: 0
Node: k8s-node1/10.110.55.216
Start Time: Tue, 26 Oct 2021 14:20:00 +0800
Labels: app=online
pod-template-hash=6bfd96bf48
Annotations: dapr.io/app-id: online
dapr.io/app-port: 5001
dapr.io/enabled: true
dapr.io/log-level: debug
dapr.io/sidecar-liveness-probe-threshold: 300
dapr.io/sidecar-readiness-probe-threshold: 300
Status: Running
IP: 172.16.1.39
IPs:
IP: 172.16.1.39
Controlled By: ReplicaSet/online-6bfd96bf48
Containers:
online:
Container ID: docker://c8a3757bd63386cef1b9c8d1d6e78f995e32b6aa33bb9a6f05f641e744714bfc
Image: 192.168.9.37/shouyou/online:1.0.0
Image ID: docker-pullable://192.168.9.37/shouyou/online@sha256:1897c8ce12bea57b382ac53a293c33518a8629088fa2c9facb330407d42fad0e
Port: 5001/TCP
Host Port: 0/TCP
State: Running
Started: Tue, 26 Oct 2021 14:57:31 +0800
Last State: Terminated
Reason: Error
Exit Code: 1
Started: Tue, 26 Oct 2021 14:20:01 +0800
Finished: Tue, 26 Oct 2021 14:57:31 +0800
Ready: True
Restart Count: 1
Environment:
ADDRESS: :5001
DAPR_HTTP_PORT: 80
DAPR_GRPC_PORT: 50001
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-sqtrm (ro)
daprd:
Container ID: docker://5e39ca3e813ecd38d882b3cd43ef0ce58d31f5344d7b1d04c0480ae6d5a90a23
Image: 192.168.9.37/daprio/daprd:1.4.3
Image ID: docker-pullable://192.168.9.37/daprio/daprd@sha256:3296f6bcf3ebcd1bab8974567b087109d906ee23f3fb7761e5e41ecdc6f09d52
Ports: 3500/TCP, 50001/TCP, 50002/TCP, 9090/TCP
Host Ports: 0/TCP, 0/TCP, 0/TCP, 0/TCP
Command:
/daprd
Args:
--mode
kubernetes
--dapr-http-port
3500
--dapr-grpc-port
50001
--dapr-internal-grpc-port
50002
--dapr-listen-addresses
[::1],127.0.0.1
--dapr-public-port
3501
--app-port
5001
--app-id
online
--control-plane-address
dapr-api.dapr-system.svc.cluster.local:80
--app-protocol
http
--placement-host-address
dapr-placement-server.dapr-system.svc.cluster.local:50005
--config
--log-level
debug
--app-max-concurrency
-1
--sentry-address
dapr-sentry.dapr-system.svc.cluster.local:80
--enable-metrics=true
--metrics-port
9090
--dapr-http-max-request-size
-1
--enable-mtls
State: Running
Started: Tue, 26 Oct 2021 14:20:01 +0800
Ready: True
Restart Count: 0
Liveness: http-get http://:3501/v1.0/healthz delay=3s timeout=3s period=6s #success=1 #failure=300
Readiness: http-get http://:3501/v1.0/healthz delay=3s timeout=3s period=6s #success=1 #failure=300
Environment:
NAMESPACE: default
DAPR_TRUST_ANCHORS: -----BEGIN CERTIFICATE-----
MIIB2zCCAYKgAwIBAgIRALrdsALbO3Sdjl9WYO/cS5AwCgYIKoZIzj0EAwIwMTEX
MBUGA1UEChMOZGFwci5pby9zZW50cnkxFjAUBgNVBAMTDWNsdXN0ZXIubG9jYWww
HhcNMjExMDIxMDczNDQ0WhcNMjIxMDIxMDc0OTQ0WjAxMRcwFQYDVQQKEw5kYXBy
LmlvL3NlbnRyeTEWMBQGA1UEAxMNY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABJAVUdMjFUG/tWZvKzm6wMO5WzOlFZmg8ceoZ1Y2CTmSqrjd
CkSlxyL0hB3D/PUZPIUPuqY2ic2MBGSZauVDXnOjezB5MA4GA1UdDwEB/wQEAwIC
BDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB
/zAdBgNVHQ4EFgQUGgx9+898+fap3uay1ECCII5RPncwGAYDVR0RBBEwD4INY2x1
c3Rlci5sb2NhbDAKBggqhkjOPQQDAgNHADBEAiBnAp9F0S9rp1XD9UMCgakoNFGb
SiaPx5JYWiwZUoX2vAIge49PekPtKh0Sc1GgLZO0X4DuQagB044Kx2qjbWVR0Zo=
-----END CERTIFICATE-----
DAPR_CERT_CHAIN: -----BEGIN CERTIFICATE-----
MIIBxjCCAWugAwIBAgIRAOWjQFTkhm5QqEQa3MMg4MEwCgYIKoZIzj0EAwIwMTEX
MBUGA1UEChMOZGFwci5pby9zZW50cnkxFjAUBgNVBAMTDWNsdXN0ZXIubG9jYWww
HhcNMjExMDIxMDczNDQ0WhcNMjIxMDIxMDc0OTQ0WjAYMRYwFAYDVQQDEw1jbHVz
dGVyLmxvY2FsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErMiOR5OnWX+GX2Uk
Leo02JBk6S6EXiR7VgSvh8kou5DO8g7mniTSxIt0BHhDw2qtWjV4AJnOTvham5lb
sNgRK6N9MHswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
BBYEFKr5oz/p1SgMnog6zBWH9kkWBzD6MB8GA1UdIwQYMBaAFBoMffvPfPn2qd7m
stRAgiCOUT53MBgGA1UdEQQRMA+CDWNsdXN0ZXIubG9jYWwwCgYIKoZIzj0EAwID
SQAwRgIhAJOgSzPyBgpkyagcitpUhOJ5ikZFld4SDta5L4MbrvwqAiEA2HHATL5d
tbzInp4Q+jDRPzXyKIuHJ8/XYaRoK3ZppvY=
-----END CERTIFICATE-----
DAPR_CERT_KEY: -----BEGIN EC PRIVATE KEY-----
MHcCAQEEIHNfpOQX1YkPHPUvJAJKrII9zIAela4QkCQHG3+hNoTJoAoGCCqGSM49
AwEHoUQDQgAErMiOR5OnWX+GX2UkLeo02JBk6S6EXiR7VgSvh8kou5DO8g7mniTS
xIt0BHhDw2qtWjV4AJnOTvham5lbsNgRKw==
-----END EC PRIVATE KEY-----
SENTRY_LOCAL_IDENTITY: default:default
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-sqtrm (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kube-api-access-sqtrm:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events: <none>
和两个 svc。
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 172.96.0.1 <none> 443/TCP 5d2h
online ClusterIP 172.96.68.7 <none> 80/TCP 4h6m
online-dapr ClusterIP None <none> 80/TCP,50001/TCP,50002/TCP,9090/TCP 4h6m
服务在线的描述是:
Name: online
Namespace: default
Labels: app=online
Annotations: <none>
Selector: app=online
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 172.96.68.7
IPs: 172.96.68.7
Port: <unset> 80/TCP
TargetPort: 5001/TCP
Endpoints: 172.16.1.39:5001
Session Affinity: None
Events: <none>
online-dapr 是:
Name: online-dapr
Namespace: default
Labels: dapr.io/enabled=true
Annotations: dapr.io/app-id: online
prometheus.io/path: /
prometheus.io/port: 9090
prometheus.io/scrape: true
Selector: app=online
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: None
IPs: None
Port: dapr-http 80/TCP
TargetPort: 3500/TCP
Endpoints: 172.16.1.39:3500
Port: dapr-grpc 50001/TCP
TargetPort: 50001/TCP
Endpoints: 172.16.1.39:50001
Port: dapr-internal 50002/TCP
TargetPort: 50002/TCP
Endpoints: 172.16.1.39:50002
Port: dapr-metrics 9090/TCP
TargetPort: 9090/TCP
Endpoints: 172.16.1.39:9090
Session Affinity: None
Events: <none>
获取在线地址
kubectl exec dnsutils -it -- nslookup online
Server: 172.96.0.10
Address: 172.96.0.10#53
Name: online.default.svc.cluster.local
Address: 172.96.68.7
和 online-dapr 的地址
kubectl exec dnsutils -it -- nslookup online-dapr
Server: 172.96.0.10
Address: 172.96.0.10#53
Name: online-dapr.default.svc.cluster.local
Address: 172.16.1.39
现在,从另一个 pod 做一些测试。
对在线端点的请求:
curl 172.16.1.39:5001/userOnline
OK
通过在线服务请求:
curl 172.96.68.7/userOnline
OK
curl online.default.svc.cluster.local/userOnline
OK
但是,它将无法访问 daprd 的端点。
curl 172.16.1.39:3500
curl: (7) Failed to connect to 172.16.1.39 port 3500: Connection refused
curl 172.16.1.39
curl: (7) Failed to connect to 172.16.1.39 port 80: Connection refused
它也会通过 online-dapr 服务失败。
curl online-dapr.default.svc.cluster.local
curl: (7) Failed to connect to online-dapr.default.svc.cluster.local port 80: Connection refused