开发者社区> 问答> 正文

为什么某些kube系统Pod(例如kube-proxy)与它们所在的节点具有相同的Pod IP?

k8s小能手 2019-02-22 15:58:39 494

我注意到了一些我没想到的东西,在我的一个集群中找不到今天的解释。许多kube系统Pod的Pod IP与它们所在的节点相同。我想理解为什么会这样,但我找不到任何关于此事或其他地方讨论的文件。这是我看到的:

k get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
aks-agentpool-14855512-0 Ready agent 47m v1.12.5 10.240.0.66 Ubuntu 16.04.5 LTS 4.15.0-1037-azure docker://3.0.4
aks-agentpool-14855512-1 Ready agent 47m v1.12.5 10.240.0.4 Ubuntu 16.04.5 LTS 4.15.0-1037-azure docker://3.0.4
aks-agentpool-14855512-2 Ready agent 47m v1.12.5 10.240.0.35 Ubuntu 16.04.5 LTS 4.15.0-1037-azure docker://3.0.4
k get po -n kube-system -o wide | grep '10.240.0.4 '
azure-cni-networkmonitor-rqs8q 1/1 Running 0 48m 10.240.0.4 aks-agentpool-14855512-1
azure-ip-masq-agent-dj8w5 1/1 Running 0 48m 10.240.0.4 aks-agentpool-14855512-1
kube-proxy-jpjjc 1/1 Running 0 48m 10.240.0.4 aks-agentpool-14855512-1
kube-svc-redirect-bfvlk 2/2 Running 0 48m 10.240.0.4 aks-agentpool-14855512-1
我的理解是Pod应该具有与其所在节点不同的IP。要暴露Pod,应使用服务。但是,我不认为是这种情况:

k get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
heapster ClusterIP 10.0.0.57 80/TCP 55m
kube-dns ClusterIP 10.0.0.10 53/UDP,53/TCP 55m
kubernetes-dashboard ClusterIP 10.0.105.92 80/TCP 55m
metrics-server ClusterIP 10.0.179.25 443/TCP 55m
起初我认为这个实现是针对AKS的,但是,相同的结果适用于GKE。

我担心我可能会错过一个非常基本的概念,这个概念阻碍了我更好地理解这一点。

更新:这是因为在Pod YAML hostNetworking: true中设置了。

你可以通过运行来观察:

k get po kube-proxy-jpjjc -n kube-system -o yaml
apiVersion: v1
kind: Pod
metadata:
annotations:

aks.microsoft.com/release-time: 'seconds:1550597164 nanos:675278758 '

creationTimestamp: "2019-02-19T17:29:15Z"
generateName: kube-proxy-
labels:

component: kube-proxy
controller-revision-hash: 68c8cf5db6
pod-template-generation: "1"
tier: node

name: kube-proxy-jpjjc
namespace: kube-system
ownerReferences:

  • apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: DaemonSet
    name: kube-proxy
    uid: 75df85c8-346b-11e9-a1db-667e55a73bba
    resourceVersion: "693"

selfLink: /api/v1/namespaces/kube-system/pods/kube-proxy-jpjjc
uid: e1004b3e-346b-11e9-a1db-667e55a73bba
spec:
affinity:

nodeAffinity:
  requiredDuringSchedulingIgnoredDuringExecution:
    nodeSelectorTerms:
    - matchFields:
      - key: metadata.name
        operator: In
        values:
        - aks-agentpool-14855512-1

containers:

  • command:

    • /hyperkube
    • proxy
    • --kubeconfig=/var/lib/kubelet/kubeconfig
    • --cluster-cidr=10.240.0.0/16
    • --feature-gates=ExperimentalCriticalPodAnnotation=true
      env:
    • name: KUBERNETES_PORT_443_TCP_ADDR
      value: nodeport-test-cni-87e6d01c.hcp.westus2.azmk8s.io
    • name: KUBERNETES_PORT
      value: tcp://nodeport-test-cni-87e6d01c.hcp.westus2.azmk8s.io:443
    • name: KUBERNETES_PORT_443_TCP
      value: tcp://nodeport-test-cni-87e6d01c.hcp.westus2.azmk8s.io:443
    • name: KUBERNETES_SERVICE_HOST
      value: nodeport-test-cni-87e6d01c.hcp.westus2.azmk8s.io

    image: k8s.gcr.io/hyperkube-amd64:v1.12.5
    imagePullPolicy: IfNotPresent
    name: kube-proxy
    resources:
    requests:

    cpu: 100m

    securityContext:
    privileged: true
    procMount: Default
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:

    • mountPath: /var/lib/kubelet
      name: kubeconfig

    readOnly: true

    • mountPath: /etc/kubernetes/certs
      name: certificates

    readOnly: true

    • mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: default-token-7m959

    readOnly: true
    dnsPolicy: ClusterFirst

hostNetwork: true
nodeName: aks-agentpool-14855512-1
nodeSelector:

beta.kubernetes.io/os: linux

priority: 1000000
priorityClassName: high-priority
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:

  • effect: NoSchedule
    key: node-role.kubernetes.io/master
    operator: Equal
    value: "true"
  • effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
  • effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
  • effect: NoSchedule
    key: node.kubernetes.io/disk-pressure
    operator: Exists
  • effect: NoSchedule
    key: node.kubernetes.io/memory-pressure
    operator: Exists
  • effect: NoSchedule
    key: node.kubernetes.io/unschedulable
    operator: Exists
  • effect: NoSchedule
    key: node.kubernetes.io/network-unavailable
    operator: Exists
    volumes:
  • hostPath:

    path: /var/lib/kubelet
    type: ""

    name: kubeconfig

  • hostPath:

    path: /etc/kubernetes/certs
    type: ""

    name: certificates

  • name: default-token-7m959
    secret:

    defaultMode: 420
    secretName: default-token-7m959

    status:

conditions:

  • lastProbeTime: null
    lastTransitionTime: "2019-02-19T17:29:18Z"
    status: "True"
    type: Initialized
  • lastProbeTime: null
    lastTransitionTime: "2019-02-19T17:29:29Z"
    status: "True"
    type: Ready
  • lastProbeTime: null
    lastTransitionTime: "2019-02-19T17:29:29Z"
    status: "True"
    type: ContainersReady
  • lastProbeTime: null
    lastTransitionTime: "2019-02-19T17:29:15Z"
    status: "True"
    type: PodScheduled
    containerStatuses:
  • containerID: docker://8934a2ec756bf77ad34b352ab78f70f41c7a52f126e511b235378b65c708ff15
    image: k8s.gcr.io/hyperkube-amd64:v1.12.5
    imageID: docker-pullable://k8s.gcr.io/hyperkube-amd64@sha256:82add6703e6e28b50f2457b3a3e4eec573a2603437cb9df1af5670dd7e640e75
    lastState: {}
    name: kube-proxy
    ready: true
    restartCount: 0
    state:

    running:
      startedAt: "2019-02-19T17:29:28Z"

    hostIP: 10.240.0.4

phase: Running
podIP: 10.240.0.4
qosClass: Burstable
startTime: "2019-02-19T17:29:18Z"

Kubernetes 网络协议 Ubuntu Linux API Docker Python Perl 容器
分享到
取消 提交回答
全部回答(1)
  • k8s小能手
    2019-07-17 23:29:11

    这是因为在Pod YAML hostNetworking: true中设置了。

    你可以通过运行来观察:

    k get po kube-proxy-jpjjc -n kube-system -o yaml
    apiVersion: v1
    kind: Pod
    metadata:
    annotations:

    aks.microsoft.com/release-time: 'seconds:1550597164 nanos:675278758 '

    creationTimestamp: "2019-02-19T17:29:15Z"
    generateName: kube-proxy-
    labels:

    component: kube-proxy
    controller-revision-hash: 68c8cf5db6
    pod-template-generation: "1"
    tier: node

    name: kube-proxy-jpjjc
    namespace: kube-system
    ownerReferences:

    • apiVersion: apps/v1
      blockOwnerDeletion: true
      controller: true
      kind: DaemonSet
      name: kube-proxy
      uid: 75df85c8-346b-11e9-a1db-667e55a73bba
      resourceVersion: "693"

    selfLink: /api/v1/namespaces/kube-system/pods/kube-proxy-jpjjc
    uid: e1004b3e-346b-11e9-a1db-667e55a73bba
    spec:
    affinity:

    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchFields:
          - key: metadata.name
            operator: In
            values:
            - aks-agentpool-14855512-1

    containers:

    • command:

      • /hyperkube
      • proxy
      • --kubeconfig=/var/lib/kubelet/kubeconfig
      • --cluster-cidr=10.240.0.0/16
      • --feature-gates=ExperimentalCriticalPodAnnotation=true
        env:
      • name: KUBERNETES_PORT_443_TCP_ADDR
        value: nodeport-test-cni-87e6d01c.hcp.westus2.azmk8s.io
      • name: KUBERNETES_PORT
        value: tcp://nodeport-test-cni-87e6d01c.hcp.westus2.azmk8s.io:443
      • name: KUBERNETES_PORT_443_TCP
        value: tcp://nodeport-test-cni-87e6d01c.hcp.westus2.azmk8s.io:443
      • name: KUBERNETES_SERVICE_HOST
        value: nodeport-test-cni-87e6d01c.hcp.westus2.azmk8s.io

      image: k8s.gcr.io/hyperkube-amd64:v1.12.5
      imagePullPolicy: IfNotPresent
      name: kube-proxy
      resources:
      requests:

      cpu: 100m

      securityContext:
      privileged: true
      procMount: Default
      terminationMessagePath: /dev/termination-log
      terminationMessagePolicy: File
      volumeMounts:

      • mountPath: /var/lib/kubelet
        name: kubeconfig

      readOnly: true

      • mountPath: /etc/kubernetes/certs
        name: certificates

      readOnly: true

      • mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: default-token-7m959

      readOnly: true
      dnsPolicy: ClusterFirst

    hostNetwork: true
    nodeName: aks-agentpool-14855512-1
    nodeSelector:

    beta.kubernetes.io/os: linux

    priority: 1000000
    priorityClassName: high-priority
    restartPolicy: Always
    schedulerName: default-scheduler
    securityContext: {}
    serviceAccount: default
    serviceAccountName: default
    terminationGracePeriodSeconds: 30
    tolerations:

    • effect: NoSchedule
      key: node-role.kubernetes.io/master
      operator: Equal
      value: "true"
    • effect: NoExecute
      key: node.kubernetes.io/not-ready
      operator: Exists
    • effect: NoExecute
      key: node.kubernetes.io/unreachable
      operator: Exists
    • effect: NoSchedule
      key: node.kubernetes.io/disk-pressure
      operator: Exists
    • effect: NoSchedule
      key: node.kubernetes.io/memory-pressure
      operator: Exists
    • effect: NoSchedule
      key: node.kubernetes.io/unschedulable
      operator: Exists
    • effect: NoSchedule
      key: node.kubernetes.io/network-unavailable
      operator: Exists
      volumes:
    • hostPath:

      path: /var/lib/kubelet
      type: ""

      name: kubeconfig

    • hostPath:

      path: /etc/kubernetes/certs
      type: ""

      name: certificates

    • name: default-token-7m959
      secret:

      defaultMode: 420
      secretName: default-token-7m959

      status:

    conditions:

    • lastProbeTime: null
      lastTransitionTime: "2019-02-19T17:29:18Z"
      status: "True"
      type: Initialized
    • lastProbeTime: null
      lastTransitionTime: "2019-02-19T17:29:29Z"
      status: "True"
      type: Ready
    • lastProbeTime: null
      lastTransitionTime: "2019-02-19T17:29:29Z"
      status: "True"
      type: ContainersReady
    • lastProbeTime: null
      lastTransitionTime: "2019-02-19T17:29:15Z"
      status: "True"
      type: PodScheduled
      containerStatuses:
    • containerID: docker://8934a2ec756bf77ad34b352ab78f70f41c7a52f126e511b235378b65c708ff15
      image: k8s.gcr.io/hyperkube-amd64:v1.12.5
      imageID: docker-pullable://k8s.gcr.io/hyperkube-amd64@sha256:82add6703e6e28b50f2457b3a3e4eec573a2603437cb9df1af5670dd7e640e75
      lastState: {}
      name: kube-proxy
      ready: true
      restartCount: 0
      state:

      running:
        startedAt: "2019-02-19T17:29:28Z"

      hostIP: 10.240.0.4

    phase: Running
    podIP: 10.240.0.4
    qosClass: Burstable
    startTime: "2019-02-19T17:29:18Z"

    1 0

集结各类场景实战经验,助你开发运维畅行无忧

推荐文章
相似问题