Calico works well in my k8s, but I can't Ping clusterip on the node

10/19/2020

I installed calico according to the steps on the official website, and it can run normally, and there is no error reported in the log. However, when I Ping the clusterip, the Ping fails, and there is no error in the pod log, so I can't locate the problem. there is the

root@qhwk-k8s-master-0:/work/k8s/calico-v3.16.3# kcp -n calico-system
NAME                                       READY   STATUS    RESTARTS   AGE   IP               NODE                NOMINATED NODE   READINESS GATES
calico-kube-controllers-6bbcdcb447-kcb4k   1/1     Running   7          23m   192.168.74.193   qhwk-k8s-node-2     <none>           <none>
calico-node-5spbv                          1/1     Running   0          23m   10.58.221.192    qhwk-k8s-master-0   <none>           <none>
calico-node-f5xfn                          1/1     Running   0          23m   10.58.221.47     qhwk-k8s-master-1   <none>           <none>
calico-node-fgbsc                          1/1     Running   0          23m   10.58.221.50     qhwk-k8s-node-0     <none>           <none>
calico-node-mfxpv                          1/1     Running   0          23m   10.58.221.153    qhwk-k8s-master-2   <none>           <none>
calico-node-pnksj                          1/1     Running   0          23m   10.58.221.52     qhwk-k8s-node-2     <none>           <none>
calico-node-rhbjt                          1/1     Running   0          23m   10.58.221.132    qhwk-k8s-node-1     <none>           <none>
calico-typha-66865d84cf-629ws              1/1     Running   0          21m   10.58.221.153    qhwk-k8s-master-2   <none>           <none>
calico-typha-66865d84cf-77z2q              1/1     Running   0          23m   10.58.221.132    qhwk-k8s-node-1     <none>           <none>
calico-typha-66865d84cf-f49kw              1/1     Running   0          21m   10.58.221.52     qhwk-k8s-node-2     <none>           <none>
calico-typha-66865d84cf-jwhq5              1/1     Running   0          21m   10.58.221.50     qhwk-k8s-node-0     <none>           <none>
root@qhwk-k8s-master-0:/work/k8s/calico-v3.16.3# kc get svc
NAME                    TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                                      AGE
centos-service          ClusterIP   172.18.173.199   <none>        80/TCP                                       120m
default-http-backend    ClusterIP   172.18.28.240    <none>        80/TCP                                       4h42m
gateway-nginx-service   ClusterIP   172.18.190.4     <none>        80/TCP                                       5h18m
nacos-service           ClusterIP   172.18.160.214   <none>        80/TCP                                       5h42m
nginx-ingress-service   NodePort    172.18.236.7     <none>        80:30080/TCP,443:30081/TCP,18080:31648/TCP   4h42m
nginx-service           ClusterIP   172.18.89.51     <none>        80/TCP                                       135m
root@qhwk-k8s-master-0:/work/k8s/calico-v3.16.3# ping 172.18.190.4
PING 172.18.190.4 (172.18.190.4) 56(84) bytes of data.
^C
--- 172.18.190.4 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1007ms

root@qhwk-k8s-master-0:/work/k8s/calico-v3.16.3# ping 172.18.173.199
PING 172.18.173.199 (172.18.173.199) 56(84) bytes of data.
^C
--- 172.18.173.199 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3023ms

root@qhwk-k8s-master-0:/work/k8s/calico-v3.16.3#

From the operation record below, it can be seen that neither curl serviceip nor curl podip work on the node. However, if you enter the pod,both serviceip and podip can be connected by curl

root@qhwk-k8s-master-0:~# kc get svc -n bn-public
NAME                    TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                                      AGE
centos-service          ClusterIP   172.18.173.199   <none>        80/TCP                                       6h12m
default-http-backend    ClusterIP   172.18.28.240    <none>        80/TCP                                       8h
gateway-nginx-service   ClusterIP   172.18.190.4     <none>        80/TCP                                       9h
nacos-service           ClusterIP   172.18.160.214   <none>        80/TCP                                       9h
nginx-ingress-service   NodePort    172.18.236.7     <none>        80:30080/TCP,443:30081/TCP,18080:31648/TCP   8h
nginx-service           ClusterIP   172.18.89.51     <none>        80/TCP                                       6h27m
root@qhwk-k8s-master-0:~# kc get pods -o wide -n bn-public 
NAME                                        READY   STATUS             RESTARTS   AGE     IP               NODE              NOMINATED NODE   READINESS GATES
default-http-backend-84489c7cf-7cdgl        1/1     Running            0          8h      192.168.74.213   qhwk-k8s-node-2   <none>           <none>
default-http-backend-84489c7cf-8kdg6        1/1     Running            0          8h      192.168.21.206   qhwk-k8s-node-1   <none>           <none>
default-http-backend-84489c7cf-94hrk        1/1     Running            0          8h      192.168.21.207   qhwk-k8s-node-1   <none>           <none>
default-http-backend-84489c7cf-cqmv4        1/1     Running            0          8h      192.168.35.212   qhwk-k8s-node-0   <none>           <none>
gateway-nginx-deploy-7f67dc9c75-f5x56       1/2     CrashLoopBackOff   103        9h      192.168.35.210   qhwk-k8s-node-0   <none>           <none>
nacos-deploy-795df8675b-v4998               1/1     Running            0          9h      192.168.74.210   qhwk-k8s-node-2   <none>           <none>
networktool-nftnw                           1/1     Running            0          177m    192.168.21.193   qhwk-k8s-node-1   <none>           <none>
nginx-ingress-controller-77d68ddfc5-5qx5h   1/1     Running            0          8h      192.168.21.205   qhwk-k8s-node-1   <none>           <none>
nginx-ingress-controller-77d68ddfc5-dflvk   1/1     Running            0          8h      192.168.35.211   qhwk-k8s-node-0   <none>           <none>
nginx-ingress-controller-77d68ddfc5-njhmh   1/1     Running            0          8h      192.168.74.211   qhwk-k8s-node-2   <none>           <none>
nginx-ingress-controller-77d68ddfc5-pnlq9   1/1     Running            0          8h      192.168.74.212   qhwk-k8s-node-2   <none>           <none>
test-centos-864b48b597-nnnh4                1/1     Running            6          6h2m    192.168.74.214   qhwk-k8s-node-2   <none>           <none>
test-nginx-6568c89cf-4tpq6                  1/1     Running            0          6h28m   192.168.21.208   qhwk-k8s-node-1   <none>           <none>
root@qhwk-k8s-master-0:~# ping  192.168.21.208
PING 192.168.21.208 (192.168.21.208) 56(84) bytes of data.
^C
--- 192.168.21.208 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2014ms

root@qhwk-k8s-master-0:~# curl   192.168.21.208
^C
root@qhwk-k8s-master-0:~# curl  172.18.89.51
^C
root@qhwk-k8s-master-0:~# kc get ep -n bn-public |grep nginx
gateway-nginx-service   <none>                                                                    9h
nginx-ingress-service   192.168.21.205:443,192.168.35.211:443,192.168.74.211:443 + 9 more...      8h
nginx-service           192.168.21.208:80                                                         6h30m
root@qhwk-k8s-master-0:~# kc exec -it test-nginx-6568c89cf-4tpq6 sh -n bn-public
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
# curl localhost             
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
# curl nginx-service
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
#
-- Esc
calico
cni
kubernetes
project-calico

1 Answer

10/19/2020

It is working as designed- you cannot ping Service's IP because it is virtual IP- it is not attached to any network interface, but you can curl it. It's just bunch of iptable rules that helps forwarding traffic between pods.

However you are able to ping pod's IP.

-- kool
Source: StackOverflow