질문) pod 접근 안됨

알파로그·2023년 7월 25일
0

Error

목록 보기
34/37

문제점

  • pod 접근과 관련된 작업을 하면 time out 이 발생함
# curl gateway
curl: (7) Failed connect to gateway:80; Connection timed out

# kubectl logs -f gateway-6b8fcd9bc4-g5vxg
Error from server: 
  Get "https://10.178.0.9:10250/containerLogs/default/gateway-6b8fcd9bc4-g5vxg/gateway?follow=true": 
  dial tcp 10.178.0.9:10250: 
  i/o timeout

세팅 상황

  • node 목록
NAME          STATUS   ROLES           AGE   VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION                CONTAINER-RUNTIME
kube-master   Ready    control-plane   62m   v1.27.3   10.178.0.7    <none>        CentOS Linux 7 (Core)   3.10.0-1160.92.1.el7.x86_64   containerd://1.6.21
kube001       Ready    <none>          61m   v1.27.3   10.178.0.8    <none>        CentOS Linux 7 (Core)   3.10.0-1160.92.1.el7.x86_64   containerd://1.6.21
kube002       Ready    <none>          61m   v1.27.3   10.178.0.9    <none>        CentOS Linux 7 (Core)   3.10.0-1160.92.1.el7.x86_64   containerd://1.6.21
  • cluster 상황
NAME                           READY   STATUS    RESTARTS   AGE   IP            NODE      NOMINATED NODE   READINESS GATES
pod/gateway-6b8fcd9bc4-g5vxg   1/1     Running   0          60m   10.10.133.2   kube002   <none>           <none>

NAME                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE   SELECTOR
service/gateway      ClusterIP   10.96.36.235   <none>        9000/TCP   60m   app=gateway
service/kubernetes   ClusterIP   10.96.0.1      <none>        443/TCP    79m   <none>

NAME                      READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES           SELECTOR
deployment.apps/gateway   1/1     1            1           60m   gateway      wy9295/gateway   app=gateway

NAME                                 DESIRED   CURRENT   READY   AGE   CONTAINERS   IMAGES           SELECTOR
replicaset.apps/gateway-6b8fcd9bc4   1         1         1       60m   gateway      wy9295/gateway   app=gateway,pod-template-hash=6b8fcd9bc4

  • 보안규칙 상태

    • 공통으로 허용하는 포트
      • TCP : 80, 443, 6443, 22
    • 각 서버의 ip 에 대해 허용한 프로토콜과 포트
      • TCP , UDP : 1-65535
      • ICMP
    • master 서버만 npm 접근을 위해 TCP 81 번 포트 허용함

  • 서버 방화벽 아래 명령어로 비활성화 함

systemctl status firewalld

systemctl stop firewalld

systemctl disable firewalld
  • 셀리눅스 비활성화 완료
# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
profile
알파로그
잘못된 내용 PR 환영
이전 포스트

질문) 외부에서 노멀 포트로 load balancer 타입에 접근하는 방법

다음 포스트

Object Mapper Local Date Time 직렬화 안되는 문제

0개의 댓글