k8s svc can not find pod in other worker node

7/3/2019

I have two identical pod running on two working nodes, which are served externally via a svc. as follows:

root@master1:~# kubectl get pod -o wide
NAME          READY   STATUS    RESTARTS   AGE   IP            NODE
kubia-nwjcc   1/1     Running   0          33m   10.244.1.27   worker1
kubia-zcpbb   1/1     Running   0          33m   10.244.2.11   worker2

root@master1:~# kubectl get svc
NAME         TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.96.0.1     <none>        443/TCP   26h
kubia        ClusterIP   10.98.41.49   <none>        80/TCP    34m

But when I try to access the svc in one of the pod, I can only get the response of the pod on the same node. When svc accesses the pod on the other node. When svc tries to access the pod on other nodes, it will return command terminated with exit code 7. correct output and bad output seem to be randomly generated, as follows

correct output

root@master1:~# k exec kubia-nwjcc -- curl http://10.98.41.49
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    23    0    23    0     0   8543      0 --:--:-- --:--:-- --:--:-- 11500
You've hit kubia-nwjcc

bad output

root@master1:~# kubectl exec kubia-nwjcc -- curl http://10.98.41.49   
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (7) Failed to connect to 10.98.41.49 port 80: No route to host
command terminated with exit code 7

The following is the software version I am using:

  • ubuntu: v18.04
  • kubelet / kubeadm / kubectl: v1.15.0
  • docker: v18.09.5

The following is svc describe:

root@master1:~# kubectl describe svc kubia
Name:              kubia
Namespace:         default
Labels:            <none>
Annotations:       <none>
Selector:          app=kubia
Type:              ClusterIP
IP:                10.98.41.49
Port:              <unset>  80/TCP
TargetPort:        8080/TCP
Endpoints:         10.244.1.27:8080,10.244.2.11:8080
Session Affinity:  None
Events:            <none>

The following is return results with using -v=9:

root@master1:~# kubectl exec kubia-nwjcc -v=9 -- curl -s http://10.98.41.49
I0702 11:45:52.481239   23171 loader.go:359] Config loaded from file:  /root/.kube/config
I0702 11:45:52.501154   23171 round_trippers.go:419] curl -k -v -XGET  -H "Accept: application/json, */*" -H "User-Agent: kubectl/v1.15.0 (linux/amd64) kubernetes/e8462b5" 'https://192.168.56.11:6443/api/v1/namespaces/default/pods/kubia-nwjcc'
I0702 11:45:52.525926   23171 round_trippers.go:438] GET https://192.168.56.11:6443/api/v1/namespaces/default/pods/kubia-nwjcc 200 OK in 24 milliseconds
I0702 11:45:52.525980   23171 round_trippers.go:444] Response Headers:
I0702 11:45:52.525992   23171 round_trippers.go:447]     Content-Type: application/json
I0702 11:45:52.526003   23171 round_trippers.go:447]     Content-Length: 2374
I0702 11:45:52.526012   23171 round_trippers.go:447]     Date: Tue, 02 Jul 2019 11:45:52 GMT
I0702 11:45:52.526063   23171 request.go:947] Response Body: {"kind":"Pod","apiVersion":"v1","metadata":{"name":"kubia-nwjcc","generateName":"kubia-","namespace":"default","selfLink":"/api/v1/namespaces/default/pods/kubia-nwjcc","uid":"2fd67789-c48d-4459-8b03-ac562b4a3f5c","resourceVersion":"188689","creationTimestamp":"2019-07-02T10:51:34Z","labels":{"app":"kubia"},"ownerReferences":[{"apiVersion":"apps/v1","kind":"ReplicaSet","name":"kubia","uid":"f3a4c457-dee4-4aec-ad73-1f0ca41628aa","controller":true,"blockOwnerDeletion":true}]},"spec":{"volumes":[{"name":"default-token-6pgh8","secret":{"secretName":"default-token-6pgh8","defaultMode":420}}],"containers":[{"name":"kubia","image":"luksa/kubia","ports":[{"containerPort":8080,"protocol":"TCP"}],"resources":{},"volumeMounts":[{"name":"default-token-6pgh8","readOnly":true,"mountPath":"/var/run/secrets/kubernetes.io/serviceaccount"}],"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","imagePullPolicy":"Always"}],"restartPolicy":"Always","terminationGracePeriodSeconds":30,"dnsPolicy":"ClusterFirst","serviceAccountName":"default","serviceAccount":"default","nodeName":"worker1","securityContext":{},"schedulerName":"default-scheduler","tolerations":[{"key":"node.kubernetes.io/not-ready","operator":"Exists","effect":"NoExecute","tolerationSeconds":300},{"key":"node.kubernetes.io/unreachable","operator":"Exists","effect":"NoExecute","tolerationSeconds":300}],"priority":0,"enableServiceLinks":true},"status":{"phase":"Running","conditions":[{"type":"Initialized","status":"True","lastProbeTime":null,"lastTransitionTime":"2019-07-03T01:35:15Z"},{"type":"Ready","status":"True","lastProbeTime":null,"lastTransitionTime":"2019-07-03T01:35:20Z"},{"type":"ContainersReady","status":"True","lastProbeTime":null,"lastTransitionTime":"2019-07-03T01:35:20Z"},{"type":"PodScheduled","status":"True","lastProbeTime":null,"lastTransitionTime":"2019-07-02T10:51:34Z"}],"hostIP":"192.168.56.21","podIP":"10.244.1.27","startTime":"2019-07-03T01:35:15Z","containerStatuses":[{"name":"kubia","state":{"running":{"startedAt":"2019-07-03T01:35:19Z"}},"lastState":{},"ready":true,"restartCount":0,"image":"luksa/kubia:latest","imageID":"docker-pullable://luksa/kubia@sha256:3f28e304dc0f63dc30f273a4202096f0fa0d08510bd2ee7e1032ce600616de24","containerID":"docker://27da556930baf857e5af92b13934dcb1b2b2f001ecab5e7b952b2bda5aa27f0b"}],"qosClass":"BestEffort"}}
I0702 11:45:52.543108   23171 round_trippers.go:419] curl -k -v -XPOST  -H "X-Stream-Protocol-Version: v4.channel.k8s.io" -H "X-Stream-Protocol-Version: v3.channel.k8s.io" -H "X-Stream-Protocol-Version: v2.channel.k8s.io" -H "X-Stream-Protocol-Version: channel.k8s.io" -H "User-Agent: kubectl/v1.15.0 (linux/amd64) kubernetes/e8462b5" 'https://192.168.56.11:6443/api/v1/namespaces/default/pods/kubia-nwjcc/exec?command=curl&command=-s&command=http%3A%2F%2F10.98.41.49&container=kubia&stderr=true&stdout=true'
I0702 11:45:52.591166   23171 round_trippers.go:438] POST https://192.168.56.11:6443/api/v1/namespaces/default/pods/kubia-nwjcc/exec?command=curl&command=-s&command=http%3A%2F%2F10.98.41.49&container=kubia&stderr=true&stdout=true 101 Switching Protocols in 47 milliseconds
I0702 11:45:52.591208   23171 round_trippers.go:444] Response Headers:
I0702 11:45:52.591217   23171 round_trippers.go:447]     Connection: Upgrade
I0702 11:45:52.591221   23171 round_trippers.go:447]     Upgrade: SPDY/3.1
I0702 11:45:52.591225   23171 round_trippers.go:447]     X-Stream-Protocol-Version: v4.channel.k8s.io
I0702 11:45:52.591229   23171 round_trippers.go:447]     Date: Wed, 03 Jul 2019 02:29:33 GMT
F0702 11:45:53.783725   23171 helpers.go:114] command terminated with exit code 7

The status of kube-system pod and the two pods providing the service is all Running, as following:

root@master1:~/k8s-yaml# kubectl get --all-namespaces pod -o wide
NAMESPACE     NAME                              READY   STATUS    RESTARTS   AGE     IP              NODE      NOMINATED NODE   READINESS GATES
default       kubia-6pjz9                       1/1     Running   0          5m35s   10.244.2.12     worker2   <none>           <none>
default       kubia-nwjcc                       1/1     Running   0          16h     10.244.1.27     worker1   <none>           <none>
kube-system   coredns-bccdc95cf-792px           1/1     Running   4          5d19h   10.244.0.11     master1   <none>           <none>
kube-system   coredns-bccdc95cf-bc76j           1/1     Running   4          5d19h   10.244.0.10     master1   <none>           <none>
kube-system   etcd-master1                      1/1     Running   8          5d19h   192.168.56.11   master1   <none>           <none>
kube-system   kube-apiserver-master1            1/1     Running   7          5d19h   192.168.56.11   master1   <none>           <none>
kube-system   kube-controller-manager-master1   1/1     Running   7          5d18h   192.168.56.11   master1   <none>           <none>
kube-system   kube-flannel-ds-amd64-9trbq       1/1     Running   3          5d18h   192.168.56.21   worker1   <none>           <none>
kube-system   kube-flannel-ds-amd64-btt74       1/1     Running   5          5d18h   192.168.56.11   master1   <none>           <none>
kube-system   kube-flannel-ds-amd64-swzzd       1/1     Running   0          3d20h   192.168.56.22   worker2   <none>           <none>
kube-system   kube-proxy-27zfk                  1/1     Running   7          5d19h   192.168.56.11   master1   <none>           <none>
kube-system   kube-proxy-79kt9                  1/1     Running   0          3d20h   192.168.56.22   worker2   <none>           <none>
kube-system   kube-proxy-lx4gk                  1/1     Running   3          5d18h   192.168.56.21   worker1   <none>           <none>
kube-system   kube-scheduler-master1            1/1     Running   7          5d19h   192.168.56.11   master1   <none>           <none>

My expected return is: when using curl access svc, svc can randomly access the pod on different nodes as follows:

root@master1:~# kubectl get po
NAME          READY   STATUS    RESTARTS   AGE
kubia-nwjcc   1/1     Running   0          50m
kubia-zcpbb   1/1     Running   0          50m
root@master1:~# k exec kubia-nwjcc -- curl -s http://10.98.41.49
You've hit kubia-nwjcc
root@master1:~# k exec kubia-nwjcc -- curl -s http://10.98.41.49
You've hit kubia-zcpbb
root@master1:~# k exec kubia-nwjcc -- curl -s http://10.98.41.49
You've hit kubia-zcpbb
root@master1:~# k exec kubia-nwjcc -- curl -s http://10.98.41.49
You've hit kubia-nwjcc

And now the return results of five tests are as follows:

root@master1:~# k exec kubia-nwjcc -- curl -s http://10.98.41.49
You've hit kubia-nwjcc
root@master1:~# k exec kubia-nwjcc -- curl -s http://10.98.41.49
You've hit kubia-nwjcc
root@master1:~# k exec kubia-nwjcc -- curl -s http://10.98.41.49
command terminated with exit code 7
root@master1:~# k exec kubia-nwjcc -- curl -s http://10.98.41.49
You've hit kubia-nwjcc
root@master1:~# k exec kubia-nwjcc -- curl -s http://10.98.41.49
command terminated with exit code 7
-- hopgoldy
curl
kubernetes

1 Answer

7/4/2019

This problem is solved. The official documentation of the flannel mentions that need to use --iface to specify the network card to be used when running in a vagrant type virtual machine. You can use the command kubectl edit daemonset kube-flannel-ds-amd64 -n kube-system to edit the fllannel configuration file. Then use kubectl delete pod -n kube-system <pod-name> to all flannel pods. K8s will rebuild them.

You can find detailed answers in Kubernetes with Flannel and flannel - troubleshooting.

-- hopgoldy
Source: StackOverflow