I installed calico according to the steps on the official website, and it can run normally, and there is no error reported in the log. However, when I Ping the clusterip, the Ping fails, and there is no error in the pod log, so I can't locate the problem. there is the
root@qhwk-k8s-master-0:/work/k8s/calico-v3.16.3# kcp -n calico-system
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
calico-kube-controllers-6bbcdcb447-kcb4k 1/1 Running 7 23m 192.168.74.193 qhwk-k8s-node-2 <none> <none>
calico-node-5spbv 1/1 Running 0 23m 10.58.221.192 qhwk-k8s-master-0 <none> <none>
calico-node-f5xfn 1/1 Running 0 23m 10.58.221.47 qhwk-k8s-master-1 <none> <none>
calico-node-fgbsc 1/1 Running 0 23m 10.58.221.50 qhwk-k8s-node-0 <none> <none>
calico-node-mfxpv 1/1 Running 0 23m 10.58.221.153 qhwk-k8s-master-2 <none> <none>
calico-node-pnksj 1/1 Running 0 23m 10.58.221.52 qhwk-k8s-node-2 <none> <none>
calico-node-rhbjt 1/1 Running 0 23m 10.58.221.132 qhwk-k8s-node-1 <none> <none>
calico-typha-66865d84cf-629ws 1/1 Running 0 21m 10.58.221.153 qhwk-k8s-master-2 <none> <none>
calico-typha-66865d84cf-77z2q 1/1 Running 0 23m 10.58.221.132 qhwk-k8s-node-1 <none> <none>
calico-typha-66865d84cf-f49kw 1/1 Running 0 21m 10.58.221.52 qhwk-k8s-node-2 <none> <none>
calico-typha-66865d84cf-jwhq5 1/1 Running 0 21m 10.58.221.50 qhwk-k8s-node-0 <none> <none>
root@qhwk-k8s-master-0:/work/k8s/calico-v3.16.3# kc get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
centos-service ClusterIP 172.18.173.199 <none> 80/TCP 120m
default-http-backend ClusterIP 172.18.28.240 <none> 80/TCP 4h42m
gateway-nginx-service ClusterIP 172.18.190.4 <none> 80/TCP 5h18m
nacos-service ClusterIP 172.18.160.214 <none> 80/TCP 5h42m
nginx-ingress-service NodePort 172.18.236.7 <none> 80:30080/TCP,443:30081/TCP,18080:31648/TCP 4h42m
nginx-service ClusterIP 172.18.89.51 <none> 80/TCP 135m
root@qhwk-k8s-master-0:/work/k8s/calico-v3.16.3# ping 172.18.190.4
PING 172.18.190.4 (172.18.190.4) 56(84) bytes of data.
^C
--- 172.18.190.4 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1007ms
root@qhwk-k8s-master-0:/work/k8s/calico-v3.16.3# ping 172.18.173.199
PING 172.18.173.199 (172.18.173.199) 56(84) bytes of data.
^C
--- 172.18.173.199 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3023ms
root@qhwk-k8s-master-0:/work/k8s/calico-v3.16.3#
From the operation record below, it can be seen that neither curl serviceip nor curl podip work on the node. However, if you enter the pod,both serviceip and podip can be connected by curl
root@qhwk-k8s-master-0:~# kc get svc -n bn-public
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
centos-service ClusterIP 172.18.173.199 <none> 80/TCP 6h12m
default-http-backend ClusterIP 172.18.28.240 <none> 80/TCP 8h
gateway-nginx-service ClusterIP 172.18.190.4 <none> 80/TCP 9h
nacos-service ClusterIP 172.18.160.214 <none> 80/TCP 9h
nginx-ingress-service NodePort 172.18.236.7 <none> 80:30080/TCP,443:30081/TCP,18080:31648/TCP 8h
nginx-service ClusterIP 172.18.89.51 <none> 80/TCP 6h27m
root@qhwk-k8s-master-0:~# kc get pods -o wide -n bn-public
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
default-http-backend-84489c7cf-7cdgl 1/1 Running 0 8h 192.168.74.213 qhwk-k8s-node-2 <none> <none>
default-http-backend-84489c7cf-8kdg6 1/1 Running 0 8h 192.168.21.206 qhwk-k8s-node-1 <none> <none>
default-http-backend-84489c7cf-94hrk 1/1 Running 0 8h 192.168.21.207 qhwk-k8s-node-1 <none> <none>
default-http-backend-84489c7cf-cqmv4 1/1 Running 0 8h 192.168.35.212 qhwk-k8s-node-0 <none> <none>
gateway-nginx-deploy-7f67dc9c75-f5x56 1/2 CrashLoopBackOff 103 9h 192.168.35.210 qhwk-k8s-node-0 <none> <none>
nacos-deploy-795df8675b-v4998 1/1 Running 0 9h 192.168.74.210 qhwk-k8s-node-2 <none> <none>
networktool-nftnw 1/1 Running 0 177m 192.168.21.193 qhwk-k8s-node-1 <none> <none>
nginx-ingress-controller-77d68ddfc5-5qx5h 1/1 Running 0 8h 192.168.21.205 qhwk-k8s-node-1 <none> <none>
nginx-ingress-controller-77d68ddfc5-dflvk 1/1 Running 0 8h 192.168.35.211 qhwk-k8s-node-0 <none> <none>
nginx-ingress-controller-77d68ddfc5-njhmh 1/1 Running 0 8h 192.168.74.211 qhwk-k8s-node-2 <none> <none>
nginx-ingress-controller-77d68ddfc5-pnlq9 1/1 Running 0 8h 192.168.74.212 qhwk-k8s-node-2 <none> <none>
test-centos-864b48b597-nnnh4 1/1 Running 6 6h2m 192.168.74.214 qhwk-k8s-node-2 <none> <none>
test-nginx-6568c89cf-4tpq6 1/1 Running 0 6h28m 192.168.21.208 qhwk-k8s-node-1 <none> <none>
root@qhwk-k8s-master-0:~# ping 192.168.21.208
PING 192.168.21.208 (192.168.21.208) 56(84) bytes of data.
^C
--- 192.168.21.208 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2014ms
root@qhwk-k8s-master-0:~# curl 192.168.21.208
^C
root@qhwk-k8s-master-0:~# curl 172.18.89.51
^C
root@qhwk-k8s-master-0:~# kc get ep -n bn-public |grep nginx
gateway-nginx-service <none> 9h
nginx-ingress-service 192.168.21.205:443,192.168.35.211:443,192.168.74.211:443 + 9 more... 8h
nginx-service 192.168.21.208:80 6h30m
root@qhwk-k8s-master-0:~# kc exec -it test-nginx-6568c89cf-4tpq6 sh -n bn-public
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
# curl localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
# curl nginx-service
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
#
It is working as designed- you cannot ping Service's IP because it is virtual IP- it is not attached to any network interface, but you can curl it. It's just bunch of iptable rules that helps forwarding traffic between pods.
However you are able to ping pod's IP.