kubernetes k8s就绪探测器在GKE中工作,而在Microk8s中不工作(在MacOS上)

fjaof16o  于 2022-11-28  发布在  Kubernetes
关注(0)|答案(1)|浏览(205)

我有一个Kong部署。

apiVersion: apps/v1
kind: Deployment
metadata:
  name: local-test-kong
  labels:
    app: local-test-kong
spec:
  replicas: 1
  selector:
    matchLabels:
      app: local-test-kong
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 0
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: local-test-kong
    spec:
      automountServiceAccountToken: false
      containers:
        - envFrom:
            - configMapRef:
                name: kong-env-vars
          image: kong:2.6
          imagePullPolicy: IfNotPresent
          lifecycle:
            preStop:
              exec:
                command:
                  - /bin/sh
                  - -c
                  - /bin/sleep 15 && kong quit
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /status
              port: status
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 5
          name: proxy
          ports:
            - containerPort: 8000
              name: proxy
              protocol: TCP
            - containerPort: 8100
              name: status
              protocol: TCP
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /status
              port: status
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 5
          resources: # ToDo
            limits:
              cpu: 256m
              memory: 256Mi
            requests:
              cpu: 256m
              memory: 256Mi
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
            - mountPath: /kong_prefix/
              name: kong-prefix-dir
            - mountPath: /tmp
              name: tmp-dir
            - mountPath: /kong_dbless/
              name: kong-custom-dbless-config-volume
      terminationGracePeriodSeconds: 30
      volumes:
        - name: kong-prefix-dir
        - name: tmp-dir
        - configMap:
            defaultMode: 0555
            name: kong-declarative
          name: kong-custom-dbless-config-volume

我在GKE中应用了这个YAML。然后我在它的pod上运行了kubectl describe

➜  kubectl get pods
NAME                               READY   STATUS    RESTARTS   AGE
local-test-kong-678598ffc6-ll9s8   1/1     Running   0          25m
➜  kubectl describe pod/local-test-kong-678598ffc6-ll9s8
Name:         local-test-kong-678598ffc6-ll9s8
Namespace:    local-test-kong
Priority:     0
Node:         gke-paas-cluster-prd-tf9-default-pool-e7cb502a-ggxl/10.128.64.95
Start Time:   Wed, 23 Nov 2022 00:12:56 +0800
Labels:       app=local-test-kong
              pod-template-hash=678598ffc6
Annotations:  kubectl.kubernetes.io/restartedAt: 2022-11-23T00:12:56+08:00
Status:       Running
IP:           10.128.96.104
IPs:
  IP:           10.128.96.104
Controlled By:  ReplicaSet/local-test-kong-678598ffc6
Containers:
  proxy:
    Container ID:   containerd://1bd392488cfe33dcc62f717b3b8831349e8cf573326add846c9c843c7bf15e2a
    Image:          kong:2.6
    Image ID:       docker.io/library/kong@sha256:62eb6d17133b007cbf5831b39197c669b8700c55283270395b876d1ecfd69a70
    Ports:          8000/TCP, 8100/TCP
    Host Ports:     0/TCP, 0/TCP
    State:          Running
      Started:      Wed, 23 Nov 2022 00:12:58 +0800
    Ready:          True
    Restart Count:  0
    Limits:
      cpu:     256m
      memory:  256Mi
    Requests:
      cpu:      256m
      memory:   256Mi
    Liveness:   http-get http://:status/status delay=10s timeout=5s period=10s #success=1 #failure=3
    Readiness:  http-get http://:status/status delay=10s timeout=5s period=10s #success=1 #failure=3
    Environment Variables from:
      kong-env-vars  ConfigMap  Optional: false
    Environment:     <none>
    Mounts:
      /kong_dbless/ from kong-custom-dbless-config-volume (rw)
      /kong_prefix/ from kong-prefix-dir (rw)
      /tmp from tmp-dir (rw)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  kong-prefix-dir:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  tmp-dir:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  kong-custom-dbless-config-volume:
    Type:        ConfigMap (a volume populated by a ConfigMap)
    Name:        kong-declarative
    Optional:    false
QoS Class:       Guaranteed
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  25m   default-scheduler  Successfully assigned local-test-kong/local-test-kong-678598ffc6-ll9s8 to gke-paas-cluster-prd-tf9-default-pool-e7cb502a-ggxl
  Normal  Pulled     25m   kubelet            Container image "kong:2.6" already present on machine
  Normal  Created    25m   kubelet            Created container proxy
  Normal  Started    25m   kubelet            Started container proxy
➜

我在我的本地主机的MicroK8S(在MacOS上)中应用了相同的YAML,然后在它的pod上运行kubectl describe

➜  kubectl get pods
NAME                               READY   STATUS    RESTARTS   AGE
local-test-kong-54cfc585cb-7grj8   1/1     Running   0          86s
➜  kubectl describe pod/local-test-kong-54cfc585cb-7grj8
Name:         local-test-kong-54cfc585cb-7grj8
Namespace:    local-test-kong
Priority:     0
Node:         microk8s-vm/192.168.64.5
Start Time:   Wed, 23 Nov 2022 00:39:33 +0800
Labels:       app=local-test-kong
              pod-template-hash=54cfc585cb
Annotations:  cni.projectcalico.org/podIP: 10.1.254.79/32
              cni.projectcalico.org/podIPs: 10.1.254.79/32
              kubectl.kubernetes.io/restartedAt: 2022-11-23T00:39:33+08:00
Status:       Running
IP:           10.1.254.79
IPs:
  IP:           10.1.254.79
Controlled By:  ReplicaSet/local-test-kong-54cfc585cb
Containers:
  proxy:
    Container ID:   containerd://d60d09ca8b77ee59c80ea060dcb651c3e346c3a5f0147b0d061790c52193d93d
    Image:          kong:2.6
    Image ID:       docker.io/library/kong@sha256:62eb6d17133b007cbf5831b39197c669b8700c55283270395b876d1ecfd69a70
    Ports:          8000/TCP, 8100/TCP
    Host Ports:     0/TCP, 0/TCP
    State:          Running
      Started:      Wed, 23 Nov 2022 00:39:37 +0800
    Ready:          True
    Restart Count:  0
    Limits:
      cpu:     256m
      memory:  256Mi
    Requests:
      cpu:      256m
      memory:   256Mi
    Liveness:   http-get http://:status/status delay=10s timeout=5s period=10s #success=1 #failure=3
    Readiness:  http-get http://:status/status delay=10s timeout=5s period=10s #success=1 #failure=3
    Environment Variables from:
      kong-env-vars  ConfigMap  Optional: false
    Environment:     <none>
    Mounts:
      /kong_dbless/ from kong-custom-dbless-config-volume (rw)
      /kong_prefix/ from kong-prefix-dir (rw)
      /tmp from tmp-dir (rw)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  kong-prefix-dir:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  tmp-dir:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
  kong-custom-dbless-config-volume:
    Type:        ConfigMap (a volume populated by a ConfigMap)
    Name:        kong-declarative
    Optional:    false
QoS Class:       Guaranteed
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason     Age   From               Message
  ----     ------     ----  ----               -------
  Normal   Scheduled  92s   default-scheduler  Successfully assigned local-test-kong/local-test-kong-54cfc585cb-7grj8 to microk8s-vm
  Normal   Pulled     90s   kubelet            Container image "kong:2.6" already present on machine
  Normal   Created    90s   kubelet            Created container proxy
  Normal   Started    89s   kubelet            Started container proxy
  Warning  Unhealthy  68s   kubelet            Readiness probe failed: Get "http://10.1.254.79:8100/status": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
  Warning  Unhealthy  68s   kubelet            Liveness probe failed: Get "http://10.1.254.79:8100/status": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
➜

这是完全相同的部署YAML。然而,在GKE集群内创建的部署运行都很好,没有任何抱怨。但是,在我的localhost microk8s(在MacOS上)内创建的部署显示探测失败。

在部署到microk8(在MacOS上)时,我会错过什么?

ovfsdjhp

ovfsdjhp1#

您的就绪探测在端口8100上的本地pod上失败。看起来您的防火墙规则阻止了内部pod和/或pod到pod的通信。
根据文件:
您可能需要配置防火墙以允许Pod到Pod和Pod到Internet通信:

sudo ufw allow in on cni0 && sudo ufw allow out on cni0
sudo ufw default allow routed

相关问题