1.问题背景
私有化部署场景,部署完k8s容器集群后,默认pod打包镜像时一般为了减少镜像大小,镜像中一般都没有安装 curl/ping/telnet/nslookup命令,导致很难验证网络连通性;如何定位Pod容器网络连通性、dns解析问题 , 可以使用一个轻量化容器镜像: radial/busyboxplus:curl (打包安装过ping/curl/nslookup/telnet 工具命令 ),方便定位
2.使用busybox 容器验证网络连通性
1.查看k8s coredns服务 ClusterIP & 宿主机dns配置
kubectl get svc -A|grep dns
cat /etc/resolv.conf
image.png
2.部署busybox容器: 容器中已集成ping/curl/nslookup/telnet 工具命令
使用busybox镜像: radial/busyboxplus:curl
vi busybox-curl-pod.yaml
kubectl apply -f busybox-curl-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: curl-test
spec:
containers:
- name: curl-test
image: radial/busyboxplus:curl
command:
- sleep
- "360000"
3.进入busybox容器中,可以使用 ping/curl/nslookup/telnet 命令验证网路连通性
# 查询已部署 pod容器
kubectl get pod -A|grep curl-test
default curl-test 1/1 Running 13 (4d2h ago) 58d
# 进入busybox容器
kubectl exec -it -n default curl-test -- sh
# 查看pod dns配置: nameserver 10.96.0.10 => k8s coredns ClusterIP地址
[ root@curl-test:/ ]$ cat /etc/resolv.conf
nameserver 10.96.0.10
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5
# 使用curl命令:验证http接口连通性
[ root@curl-test:/ ]$ curl www.baidu.com
<!DOCTYPE html>
<!--STATUS OK--><html> <head><meta http-equiv=content-type content=text/html;charset=utf-8><meta http-equiv=X-UA-Compatible content=IE=Edge><meta content=always name=referrer><link rel=stylesheet type=text/css href=http://s1.bdstatic.com/r/www/cache/bdorz/baidu.min.css><title>百度一下,你就知道</title></head> <body link=#0000cc> <div id=wrapper> <div id=head> <div class=head_wrapper> <div class=s_form> <div class=s_form_wrapper> <div id=lg> <img hidefocus=true src=//www.baidu.com/img/bd_logo1.png width=270 height=129> </div> <form id=form name=f action=//www.baidu.com/s class=fm> <input type=hidden name=bdorz_come value=1> <input type=hidden name=ie value=utf-8> <input type=hidden name=f value=8> <input type=hidden name=rsv_bp value=1> <input type=hidden name=rsv_idx value=1> <input type=hidden name=tn value=baidu><span class="bg s_ipt_wr"><input id=kw name=wd class=s_ipt value maxlength=255 autocomplete=off autofocus></span><span class="bg s_btn_wr"><input type=submit id=su value=百度一下 class="bg s_btn"></span> </form> </div> </div> <div id=u1> <a href=http://news.baidu.com name=tj_trnews class=mnav>新闻</a> <a href=http://www.hao123.com name=tj_trhao123 class=mnav>hao123</a> <a href=http://map.baidu.com name=tj_trmap class=mnav>地图</a> <a href=http://v.baidu.com name=tj_trvideo class=mnav>视频</a> <a href=http://tieba.baidu.com name=tj_trtieba class=mnav>贴吧</a> <noscript> <a href=http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u=http%3A%2F%2Fwww.baidu.com%2f%3fbdorz_come%3d1 name=tj_login class=lb>登录</a> </noscript> <script>document.write('<a href="http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u='+ encodeURIComponent(window.location.href+ (window.location.search === "" ? "?" : "&")+ "bdorz_come=1")+ '" name="tj_login" class="lb">登录</a>');</script> <a href=//www.baidu.com/more/ name=tj_briicon class=bri style="display: block;">更多产品</a> </div> </div> </div> <div id=ftCon> <div id=ftConw> <p id=lh> <a href=http://home.baidu.com>关于百度</a> <a href=http://ir.baidu.com>About Baidu</a> </p> <p id=cp>©2017 Baidu <a href=http://www.baidu.com/duty/>使用百度前必读</a> <a href=http://jianyi.baidu.com/ class=cp-feedback>意见反馈</a> 京ICP证030173号 <img src=//www.baidu.com/img/gs.gif> </p> </div> </div> </div> </body> </html>
# 使用ping命令:验证ip连通性
[ root@curl-test:/ ]$ ping www.baidu.com
PING www.baidu.com (180.101.50.242): 56 data bytes
64 bytes from 180.101.50.242: seq=0 ttl=49 time=17.340 ms
64 bytes from 180.101.50.242: seq=1 ttl=49 time=17.320 ms
64 bytes from 180.101.50.242: seq=2 ttl=49 time=17.310 ms
64 bytes from 180.101.50.242: seq=3 ttl=49 time=17.314 ms
^C
--- www.baidu.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 17.310/17.321/17.340 ms
# 使用nslookup命令: 验证域名解析
[ root@curl-test:/ ]$ nslookup www.baidu.com
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name: www.baidu.com
Address 1: 240e:e9:6002:15c:0:ff:b015:146f
Address 2: 180.101.50.188
Address 3: 180.101.50.242
[ root@curl-test:/ ]$ nslookup calico-api.calico-apiserver
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name: calico-api.calico-apiserver
Address 1: 10.96.1.96 calico-api.calico-apiserver.svc.cluster.local
# 使用telnet命令: 验证ip 端口连通性
[ root@curl-test:/ ]$ telnet 10.96.1.163 8080
^C
Console escape. Commands are:
l go to line mode
c go to character mode
z suspend telnet
e exit telnet
Entering character mode
Escape character is '^]'.
HTTP/1.1 400 Bad Request
date: Wed, 16 Oct 2024 08:56:36 GMT
server: uvicorn
content-type: text/plain; charset=utf-8
content-length: 30
connection: close
