我正在尝试使用 HAProxy 设置 kubernetes 集群。目前只有两个节点。负载均衡器位于主节点上。但我从日志中看到,尝试连接时使用的虚拟 IP 并不存在。以下是 kubernetes 集群的端点。
NAME ENDPOINTS AGE
activemq-svc 10.0.86.2:1883,10.0.86.2:8161,10.0.86.2:8161 + 1 more... 2h
admin-svc 10.0.86.7:8080,10.0.86.7:9840,10.0.86.7:9841 2h
kube-dns 10.0.54.2:53,10.0.54.2:4001,10.0.54.2:53 2h
kubernetes 172.31.16.18:6443 4h
mysql-admin-svc 10.0.86.6:3306 2h
mysql-edu-svc 10.0.86.4:10050,10.0.86.4:3306 2h
mysql-stat-svc 10.0.54.4:3306 2h
platform-riak-cs-service 10.0.54.3:8087,10.0.54.3:8080,10.0.54.3:8098 2h
redis-svc 10.0.86.3:6379 2h
server-svc 10.0.86.10:8080,10.0.86.10:9840,10.0.86.10:9841 + 1 more... 2h
statistics-svc 10.0.86.8:8080,10.0.86.8:9840,10.0.86.8:9841 2h
但在日志中,我看到我的 IP 地址尝试连接到端点列表中不存在的地址。HAProxy.cfg 中也没有规则。.86.5. 有人能告诉我发生了什么事吗?
servicelb [INFO] Connect from 118.102.239.85:39812 to **10.0.86.5:443** (httpsfrontend/HTTP)
servicelb [INFO] Connect from 118.102.239.85:40418 to 10.0.86.5:443 (httpsfrontend/HTTP)
servicelb [INFO] Connect from 118.102.239.85:41057 to 10.0.86.5:443 (httpsfrontend/HTTP)
servicelb [INFO] Connect from 118.102.239.85:41100 to 10.0.86.5:443 (httpsfrontend/HTTP)
servicelb [INFO] Connect from 118.102.239.85:41143 to 10.0.86.5:443 (httpsfrontend/HTTP)
servicelb [INFO] Connect from 10.0.86.1:49589 to 10.0.86.5:80 (httpfrontend/HTTP)
servicelb [INFO] Connect from 10.0.86.1:49611 to 10.0.86.5:80 (httpfrontend/HTTP)
servicelb [INFO] Connect from 10.0.86.10:53882 to 10.0.86.5:80 (httpfrontend/HTTP)
servicelb [INFO] 10.0.86.10:55668 [21/Dec/2015:11:45:15.526] httpsfrontend/1: SSL handshake failure
答案1
这是正常的,当您创建服务时,kube-proxy在每个节点上创建一个 iptables 规则来将流量重定向到端点,因此使用云提供商您将拥有以下方案。
{external load balancer ip:port}->{NodePort(iptables PREROUTING RULE by kubeproxy)}->{pod internal ip address}
所以不需要配置内部集群服务ip。
答案2
kube-proxy 端点默认执行 TCP 端到端代理,因此 IP 地址会丢失。
如果你激活基于 IP 表的代理:
https://github.com/kubernetes/contrib/tree/master/scale-demo#activate-iptables-proxying