ITKeyword,专注技术干货聚合推荐

注册 | 登录

解决docker - Can not access kubernetes master from the container of pods according DNS

itPublisher 分享于

2020腾讯云10周年活动,优惠非常大!(领取2860元代金券),
地址https://cloud.tencent.com/act/cps/redirect?redirect=1040

2020阿里云最低价产品入口,含代金券(新老用户有优惠),
地址https://www.aliyun.com/minisite/goods

I use DNS in kubernetes. and test result like:

core@core-1-86 ~ $ kubectl exec busybox -- nslookup kubernetes
Server:    10.100.0.10
Address 1: 10.100.0.10

Name:      kubernetes
Address 1: 10.100.0.1

And then I entried to busybox container, and ping kubernetes, like:

core@core-1-86 ~ $ kubectl exec -it busybox sh
/ # ping kubernetes
PING kubernetes (10.100.0.1): 56 data bytes
^C
--- kubernetes ping statistics ---
55 packets transmitted, 0 packets received, 100% packet loss
/ #

if I ping another ip , it ok!

/ # ping 10.12.1.85
PING 10.12.1.85 (10.12.1.85): 56 data bytes
64 bytes from 10.12.1.85: seq=0 ttl=63 time=0.262 ms
64 bytes from 10.12.1.85: seq=1 ttl=63 time=0.218 ms
^C
--- 10.12.1.85 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.218/0.240/0.262 ms
/ #

who can help me and tell me why?

dns docker kubernetes
|
  this question
asked Sep 16 '15 at 11:20 sope 168 12      And How to find kubernetes master from DNS? –  sope Sep 16 '15 at 11:30

 | 

1 Answers
1

解决方法

The kubernetes service is a virtual IP and doesn't currently handle ICMP requests (see #2259). You should be able to verify connectivity to the kubernetes service using a TCP connection, e.g. curl https://kubernetes/.


|
  this answer
answered Sep 16 '15 at 16:51 Robert Bailey 9,105 1 16 33      Yes, doesn't currently handle ICMP requests as you say. I use curl and can get response from other domain, like: root@hello-world:/# curl monitoring-influxdb:8086 404 page not found root@hello-world:/# curl kubernetes curl: (6) Could not resolve host: kubernetes but could not resolve host: kubernetes –  sope Sep 17 '15 at 4:08      Can you curl https://kubernetes or https://10.100.0.1? –  Robert Bailey Sep 17 '15 at 4:48      Nope, the response is the same to curl kubernetes. root@hello-world:/# curl kubernetes curl: (6) Could not resolve host: kubernetes –  sope Sep 17 '15 at 6:00      but if I curl https://10.100.0.1; , the result like follow, Is this mean I can access the master from the container of the pod ? curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option – –  sope Sep 17 '15 at 6:09      For the certificates that we generate via the shell scripts, we add the service IP to the list of subject alternate names (SANs) that are valid. If you create a cluster on GCE, for instance, you'd be able to curl the kubernetes service IP without getting a certificate warning. You can either pass --insecure to curl or re-generate a server certificate for your apiserver that includes 10.100.0.1 as a SAN. –  Robert Bailey Sep 17 '15 at 18:58  |  show more comments


相关阅读排行


相关内容推荐

最新文章

×

×

请激活账号

为了能正常使用评论、编辑功能及以后陆续为用户提供的其他产品,请激活账号。

您的注册邮箱: 修改

重新发送激活邮件 进入我的邮箱

如果您没有收到激活邮件,请注意检查垃圾箱。