【发布时间】:2018-07-25 03:05:54
【问题描述】:
我的 kubernetes 集群中运行了一个 influxdb 服务,它公开了以下两个端口
---
apiVersion: v1
kind: Service
metadata:
labels:
task: influxdb
name: influxdb
namespace: my-namespace
spec:
type: NodePort
ports:
- port: 8086
name: influxdb-port
targetPort: 8086
nodePort: 30101
- port: 2003
name: graphite-port
targetPort: 2003
nodePort: 30103
selector:
k8s-app: influxdb
我还在 influxdb.conf 中启用了石墨,如下所示
[[graphite]]
enabled = true
bind-address = ":2003"
protocol = "tcp"
当我在集群中部署此服务时,我可以从 k8s 集群外部以及任何 k8s 节点写入石墨数据库端口。
echo "local.random.diceroll 4 `date +%s`" | nc -v 10.233.26.252 2003
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.233.26.252:2003.
Ncat: 35 bytes sent, 0 bytes received in 0.01 seconds.
但是,如果我从在同一命名空间中运行的客户端 pod 运行相同的命令,该命令将挂起。从同一个客户端 pod 我可以毫无问题地编写 influxdb 端口。
以下是 nc 命令从客户端 pod 发送到石墨端口 2003 的 tcpdump 跟踪
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
03:02:17.133367 In b2:7c:b9:93:b8:9c ethertype IPv4 (0x0800), length 76: 10.233.102.131.60272 > 10.233.26.252.cfinger: Flags [S], seq 3653742255, win 29200, options [mss 1460,sackOK,TS val 629141248 ecr 0,nop,wscale 7], length 0
03:02:17.133414 Out ethertype IPv4 (0x0800), length 76: 10.233.102.131.60272 > 10.233.71.26.cfinger: Flags [S], seq 3653742255, win 29200, options [mss 1460,sackOK,TS val 629141248 ecr 0,nop,wscale 7], length 0
03:02:17.133783 In ethertype IPv4 (0x0800), length 76: 10.233.71.26.cfinger > 10.233.102.131.60272: Flags [S.], seq 4245034624, ack 3653742256, win 28960, options [mss 1460,sackOK,TS val 629140002 ecr 629141248,nop,wscale 7], length 0
03:02:17.133791 Out ee:ee:ee:ee:ee:ee ethertype IPv4 (0x0800), length 76: 10.233.26.252.cfinger > 10.233.102.131.60272: Flags [S.], seq 4245034624, ack 3653742256, win 28960, options [mss 1460,sackOK,TS val 629140002 ecr 629141248,nop,wscale 7], length 0
03:02:17.133805 In b2:7c:b9:93:b8:9c ethertype IPv4 (0x0800), length 68: 10.233.102.131.60272 > 10.233.26.252.cfinger: Flags [.], ack 1, win 229, options [nop,nop,TS val 629141248 ecr 629140002], length 0
03:02:17.133809 Out ethertype IPv4 (0x0800), length 68: 10.233.102.131.60272 > 10.233.71.26.cfinger: Flags [.], ack 1, win 229, options [nop,nop,TS val 629141248 ecr 629140002], length 0
03:02:17.134036 In b2:7c:b9:93:b8:9c ethertype IPv4 (0x0800), length 103: 10.233.102.131.60272 > 10.233.26.252.cfinger: Flags [P.], seq 1:36, ack 1, win 229, options [nop,nop,TS val 629141249 ecr 629140002], length 35
03:02:17.134049 Out ethertype IPv4 (0x0800), length 103: 10.233.102.131.60272 > 10.233.71.26.cfinger: Flags [P.], seq 1:36, ack 1, win 229, options [nop,nop,TS val 629141249 ecr 629140002], length 35
03:02:17.134235 In ethertype IPv4 (0x0800), length 68: 10.233.71.26.cfinger > 10.233.102.131.60272: Flags [.], ack 36, win 227, options [nop,nop,TS val 629140002 ecr 629141249], length 0
03:02:17.134258 Out ee:ee:ee:ee:ee:ee ethertype IPv4 (0x0800), length 68: 10.233.26.252.cfinger > 10.233.102.131.60272: Flags [.], ack 36, win 227, options [nop,nop,TS val 629140002 ecr 629141249], length 0
^C
10 packets captured
10 packets received by filter
【问题讨论】:
标签: kubernetes influxdb graphite tcpdump flannel