kubernetes K8s端口转发到网络命名空间-拒绝连接

k2arahey  于 2023-06-21  发布在  Kubernetes
关注(0)|答案(1)|浏览(306)

我在K8s上托管Open Telemetry Collector时遇到了问题。我们使用open telemetry helm-charts在OKE集群中进行部署。部署成功,但到Pod的端口转发失败,并出现以下错误:

E0607 13:04:55.415015 48206 portforward.go:407] an error occurred forwarding 55679 -> 55679: 
error forwarding port 55679 to pod 0f6ea4c9367d6748039fd42da1b7c08c43f1d442859aff087c0c061a0a27d6ff, uid : port forward into network namespace "/var/run/netns/483d52c1-0107-4dbc-9153-d47a6bc64779": failed to connect to localhost:55679 inside namespace 0f6ea4c9367d6748039fd42da1b7c08c43f1d442859aff087c0c061a0a27d6ff: dial tcp [::1]:55679: connect: connection refused
E0607 13:04:55.416590   48206 portforward.go:233] lost connection to pod

pod还暴露了其他端口,如4318,并且端口转发到该端口的工作符合预期。v0.47.0版本中的Open-Telemetry,将IP从www.example.com更改0.0.0.0为POD_IP,这阻止了端口转发。我将更改恢复到0.0.0.0,之后4318开始工作,但仍然遇到端口55679的问题。
下面是我的pod规范:

Name:             otel-opentelemetry-collector-65cc995479-rkz97
Namespace:        monitoring
Priority:         0
Service Account:  opentelemetry-collector
Node:             10.36.92.85/10.36.92.85
Start Time:       Wed, 07 Jun 2023 12:54:17 +0530
Labels:           app=opentelemetry-collector
                  app.kubernetes.io/instance=otel
                  app.kubernetes.io/name=opentelemetry-collector
                  component=standalone-collector
                  environment=test
                  pod-template-hash=65cc995479
Annotations:      checksum/config: 622eb05ba3357fc2b4a4e4dc4afa8e1da114f69335daaadd932c4f906f073941
Status:           Running
IP:               100.64.0.124
IPs:
  IP:           100.64.0.124
Controlled By:  ReplicaSet/otel-opentelemetry-collector-65cc995479
Containers:
  opentelemetry-collector:
    Container ID:  cri-o://e5ea6e6b499d0a036d5e5a073b78b2f3df416440c6ae767c48f7f0612d5c8102
    Image:         otel/opentelemetry-collector-contrib@sha256:42e8ba40f9f70d604684c3a2a0ed321206b7e2e3509fdb2c8836d34f2edfb57b
    Image ID:      docker.io/otel/opentelemetry-collector-contrib@sha256:2746e53e8f510d5c2f30a8c805c904e9d22257fd9bec4ddfed2776d55fabeb06
    Ports:         8006/TCP, 8889/TCP, 4317/TCP, 4318/TCP, 55679/TCP
    Host Ports:    0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP
    Command:
      /otelcol-contrib
      --config=/conf/relay.yaml
    State:          Running
      Started:      Wed, 07 Jun 2023 12:54:18 +0530
    Ready:          True
    Restart Count:  0
    Liveness:       http-get http://:13133/ delay=0s timeout=1s period=10s #success=1 #failure=3
    Readiness:      http-get http://:13133/ delay=0s timeout=1s period=10s #success=1 #failure=3
    Environment:
      MY_POD_IP:   (v1:status.podIP)
    Mounts:
      /conf from opentelemetry-collector-configmap (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-rvkhs (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  opentelemetry-collector-configmap:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      otel-opentelemetry-collector
    Optional:  false
  kube-api-access-rvkhs:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason     Age    From               Message
  ----     ------     ----   ----               -------
  Normal   Scheduled  2m34s  default-scheduler  Successfully assigned monitoring/otel-opentelemetry-collector-65cc995479-rkz97 to 10.36.92.85
  Normal   Pulled     2m34s  kubelet            Container image "otel/opentelemetry-collector-contrib@sha256:42e8ba40f9f70d604684c3a2a0ed321206b7e2e3509fdb2c8836d34f2edfb57b" already present on machine
  Normal   Created    2m34s  kubelet            Created container opentelemetry-collector
  Normal   Started    2m34s  kubelet            Started container opentelemetry-collector
  Warning  Unhealthy  2m34s  kubelet            Readiness probe failed: Get "http://100.64.0.124:13133/": dial tcp 100.64.0.124:13133: connect: connection refused

我一直坚持这一点,因为过去3天,所以感谢任何帮助或方向,以进一步进行

更新

1.我尝试从我的localhost cURL到pod上的端口4318。这很有效
1.我在我的MAC上的Docker容器中运行一个服务,并在我的主机上的4318端口上使用host.docker.internal。它的错误与上面的错误类似。
1.已尝试在端口转发时添加--address 0.0.0.0。那也没用
要点是,来自我的MAC上的localhost的cURL可以工作,而来自MAC上的Docker容器内部的cURL则不行。

kubernetes

1条答案

按热度按时间
jei2mxaa

jei2mxaa1#

连接被拒绝,因为没有进程侦听端口55679。那个港口没有暴露。
要获取您的pod正在监听的端口,您可以运行以下命令:
1.获取指定命名空间中的pod的名称
kubectl get po -n <namespace>
1.检查您要转发的pod的暴露端口。
kubectl get pod <pod-name> -n <namespace> --template='{{(index (index .spec.containers 0).ports 0).containerPort}}{{"\n"}}'
现在使用上面得到的暴露端口运行port-forward命令:

kubectl port-forward pod/<pod-name><local-port>:<exposed-port>

其中local-port是从浏览器访问容器的端口。而暴露端口是容器监听的端口。
有关详细信息,请参阅Use port forwarding to access applications in a cluster上的文档。

赞(0)分享  回复(0)举报  2023-06-21
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com