当前位置: 文江博客话题详情

为什么访问K8S服务需要太长时间?

发布于 2025-02-09 03:45:57 字数 7398 浏览 0 评论 0原文

我创建了一个简单的K8S群集,并在kallqvist/microsocks的帮助下部署了Microsocks服务器。通过服务公开它后,卷曲命令需要太长时间才能连接到此服务并检索信息。

先决条件:

  • Kubernetes Calico的最后版本
  • CNI插件的

重现问题的步骤:

  1. 这是一个简单的命令,可以在群集内运行此POD:
k run socks --namespace testns --rm -it --image=kallqvist/microsocks:latest --command -- microsocks -1 -p 1080 -u suser -P spassword

// take a look:
# k -n testns get pods -o wide
NAME    READY   STATUS    RESTARTS   AGE   IP              NODE      NOMINATED NODE   READINESS GATES
socks   1/1     Running   0          61m   10.244.225.48   node-fi   <none>           <none>
  1. 之后,您可以创建一个简单的服务(NodePort Service)到公开我的豆荚,这是命令:
k -n testns expose pods/socks --type NodePort --port 1080
  1. 通过此命令获取服务节点端口:
# k -n testns get svc
NAME    TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
socks   NodePort   10.99.188.25   <none>        1080:31410/TCP   50m
  1. 此时您可以访问服务,但大约需要3分钟。您可以使用此curl命令进行测试:
curl -x socks5://suser:spassword@<your-server-ip>:31410 http://ifconfig.ovh

这是我的TCPDUMP数据包: 

2286    3.279178    5.125.188.197   xxx.xxx.xxx.105 TCP 76  14767 → 31410 [SYN] Seq=0 Win=64240 Len=0 MSS=1400 SACK_PERM=1 TSval=2144430994 TSecr=0 WS=128
2289    3.279248    xxx.xxx.xxx.105 10.244.225.48   TCP 76  44194 → 1080 [SYN] Seq=0 Win=64240 Len=0 MSS=1400 SACK_PERM=1 TSval=2144430994 TSecr=0 WS=128
2292    3.279289    10.244.225.48   xxx.xxx.xxx.105 TCP 76  1080 → 44194 [SYN, ACK] Seq=0 Ack=1 Win=64260 Len=0 MSS=1440 SACK_PERM=1 TSval=3395052955 TSecr=2144430994 WS=128
2293    3.279301    xxx.xxx.xxx.105 5.125.188.197   TCP 76  31410 → 14767 [SYN, ACK] Seq=0 Ack=1 Win=64260 Len=0 MSS=1440 SACK_PERM=1 TSval=3395052955 TSecr=2144430994 WS=128
2500    3.413135    5.125.188.197   xxx.xxx.xxx.105 TCP 68  14767 → 31410 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=2144431131 TSecr=3395052955
2501    3.413148    xxx.xxx.xxx.105 10.244.225.48   TCP 68  44194 → 1080 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=2144431131 TSecr=3395052955
155590  229.785623  5.125.188.197   xxx.xxx.xxx.105 TCP 73  14767 → 31410 [PSH, ACK] Seq=1 Ack=1 Win=64256 Len=5 TSval=2144657489 TSecr=3395052955
155593  229.785729  xxx.xxx.xxx.105 10.244.225.48   Socks   73  Version: 5
155596  229.785792  10.244.225.48   xxx.xxx.xxx.105 TCP 68  1080 → 44194 [ACK] Seq=1 Ack=6 Win=64256 Len=0 TSval=3395279461 TSecr=2144657489
155597  229.785811  xxx.xxx.xxx.105 5.125.188.197   TCP 68  31410 → 14767 [ACK] Seq=1 Ack=6 Win=64256 Len=0 TSval=3395279461 TSecr=2144657489
155598  229.785871  10.244.225.48   xxx.xxx.xxx.105 Socks   70  Version: 5
155599  229.785928  xxx.xxx.xxx.105 5.125.188.197   TCP 70  31410 → 14767 [PSH, ACK] Seq=1 Ack=6 Win=64256 Len=2 TSval=3395279461 TSecr=2144657489
155654  229.922585  5.125.188.197   xxx.xxx.xxx.105 TCP 68  14767 → 31410 [ACK] Seq=6 Ack=3 Win=64256 Len=0 TSval=2144657639 TSecr=3395279461
155655  229.922621  xxx.xxx.xxx.105 10.244.225.48   TCP 68  44194 → 1080 [ACK] Seq=6 Ack=3 Win=64256 Len=0 TSval=2144657639 TSecr=3395279461
155743  230.314622  5.125.188.197   xxx.xxx.xxx.105 TCP 78  14767 → 31410 [PSH, ACK] Seq=6 Ack=3 Win=64256 Len=10 TSval=2144658027 TSecr=3395279461
155744  230.314659  xxx.xxx.xxx.105 10.244.225.48   Socks   78  Version: 5
155745  230.314708  10.244.225.48   xxx.xxx.xxx.105 TCP 68  1080 → 44194 [ACK] Seq=3 Ack=16 Win=64256 Len=0 TSval=3395279990 TSecr=2144658027
155746  230.314732  xxx.xxx.xxx.105 5.125.188.197   TCP 68  31410 → 14767 [ACK] Seq=3 Ack=16 Win=64256 Len=0 TSval=3395279990 TSecr=2144658027
155747  230.314864  10.244.225.48   213.186.33.50   TCP 76  53530 → 80 [SYN] Seq=0 Win=64800 Len=0 MSS=1440 SACK_PERM=1 TSval=2621910285 TSecr=0 WS=128
155772  230.343254  213.186.33.50   10.244.225.48   TCP 76  80 → 53530 [SYN, ACK] Seq=0 Ack=1 Win=17520 Len=0 MSS=1460 SACK_PERM=1 WS=4096 TSval=23 TSecr=2621910285
155773  230.343307  10.244.225.48   213.186.33.50   TCP 68  53530 → 80 [ACK] Seq=1 Ack=1 Win=64896 Len=0 TSval=2621910314 TSecr=23
155777  230.343418  10.244.225.48   xxx.xxx.xxx.105 Socks   78  Version: 5
155778  230.343454  xxx.xxx.xxx.105 5.125.188.197   TCP 78  31410 → 14767 [PSH, ACK] Seq=3 Ack=16 Win=64256 Len=10 TSval=3395280019 TSecr=2144658027
155945  230.472819  5.125.188.197   xxx.xxx.xxx.105 TCP 68  14767 → 31410 [ACK] Seq=16 Ack=13 Win=64256 Len=0 TSval=2144658198 TSecr=3395280019
155946  230.472819  5.125.188.197   xxx.xxx.xxx.105 HTTP    144 GET / HTTP/1.1 
155947  230.472847  xxx.xxx.xxx.105 10.244.225.48   TCP 68  44194 → 1080 [ACK] Seq=16 Ack=13 Win=64256 Len=0 TSval=2144658198 TSecr=3395280019
155948  230.472857  xxx.xxx.xxx.105 10.244.225.48   HTTP    144 GET / HTTP/1.1 
155949  230.472952  10.244.225.48   xxx.xxx.xxx.105 TCP 68  1080 → 44194 [ACK] Seq=13 Ack=92 Win=64256 Len=0 TSval=3395280148 TSecr=2144658199
155950  230.472973  xxx.xxx.xxx.105 5.125.188.197   TCP 68  31410 → 14767 [ACK] Seq=13 Ack=92 Win=64256 Len=0 TSval=3395280148 TSecr=2144658199
155951  230.472984  10.244.225.48   213.186.33.50   HTTP    144 GET / HTTP/1.1 
155958  230.503135  213.186.33.50   10.244.225.48   HTTP    370 HTTP/1.1 200 OK  (text/html)
155959  230.503178  10.244.225.48   213.186.33.50   TCP 68  53530 → 80 [ACK] Seq=77 Ack=303 Win=64640 Len=0 TSval=2621910474 TSecr=56
155961  230.503197  10.244.225.48   xxx.xxx.xxx.105 HTTP    370 HTTP/1.1 200 OK  (text/html)
155962  230.503210  xxx.xxx.xxx.105 5.125.188.197   HTTP    370 HTTP/1.1 200 OK  (text/html)
156054  230.631555  5.125.188.197   xxx.xxx.xxx.105 TCP 68  14767 → 31410 [ACK] Seq=92 Ack=315 Win=64128 Len=0 TSval=2144658357 TSecr=3395280179
156055  230.631555  5.125.188.197   xxx.xxx.xxx.105 TCP 68  14767 → 31410 [FIN, ACK] Seq=92 Ack=315 Win=64128 Len=0 TSval=2144658357 TSecr=3395280179
156056  230.631589  xxx.xxx.xxx.105 10.244.225.48   TCP 68  44194 → 1080 [ACK] Seq=92 Ack=315 Win=64128 Len=0 TSval=2144658357 TSecr=3395280179
156057  230.631599  xxx.xxx.xxx.105 10.244.225.48   TCP 68  44194 → 1080 [FIN, ACK] Seq=92 Ack=315 Win=64128 Len=0 TSval=2144658357 TSecr=3395280179
156058  230.631719  10.244.225.48   213.186.33.50   TCP 68  53530 → 80 [FIN, ACK] Seq=77 Ack=303 Win=64640 Len=0 TSval=2621910602 TSecr=56
156060  230.631739  10.244.225.48   xxx.xxx.xxx.105 TCP 68  1080 → 44194 [FIN, ACK] Seq=315 Ack=93 Win=64256 Len=0 TSval=3395280307 TSecr=2144658357
156061  230.631745  xxx.xxx.xxx.105 5.125.188.197   TCP 68  31410 → 14767 [FIN, ACK] Seq=315 Ack=93 Win=64256 Len=0 TSval=3395280307 TSecr=2144658357
156063  230.660167  213.186.33.50   10.244.225.48   TCP 68  80 → 53530 [FIN, ACK] Seq=303 Ack=78 Win=2097152 Len=0 TSval=95 TSecr=2621910602
156064  230.660191  10.244.225.48   213.186.33.50   TCP 68  53530 → 80 [ACK] Seq=78 Ack=304 Win=64640 Len=0 TSval=2621910631 TSecr=95
156107  230.766792  5.125.188.197   xxx.xxx.xxx.105 TCP 68  14767 → 31410 [ACK] Seq=93 Ack=316 Win=64128 Len=0 TSval=2144658494 TSecr=3395280307
156108  230.766838  xxx.xxx.xxx.105 10.244.225.48   TCP 68  44194 → 1080 [ACK] Seq=93 Ack=316 Win=64128 Len=0 TSval=2144658494 TSecr=3395280307
原文

I've created a simple k8s cluster and deployed a microsocks server with the help of kallqvist/microsocks. After exposing it via service, it takes too long for a curl command to connect to this service and retrieve the info.

Prerequisites:

  • last version of Kubernetes
  • calico for cni plugin

Steps to reproduce the problem:

  1. Here is a simple command to run this pod inside your cluster:
k run socks --namespace testns --rm -it --image=kallqvist/microsocks:latest --command -- microsocks -1 -p 1080 -u suser -P spassword

// take a look:
# k -n testns get pods -o wide
NAME    READY   STATUS    RESTARTS   AGE   IP              NODE      NOMINATED NODE   READINESS GATES
socks   1/1     Running   0          61m   10.244.225.48   node-fi   <none>           <none>
  1. After that, you can create a simple service (NodePort Service) to expose my pod, here is the command:
k -n testns expose pods/socks --type NodePort --port 1080
  1. Get the service node port by this command:
# k -n testns get svc
NAME    TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
socks   NodePort   10.99.188.25   <none>        1080:31410/TCP   50m
  1. At this moment you can access the service, but it takes approximately 3 minutes. You can test it with this curl command:
curl -x socks5://suser:spassword@<your-server-ip>:31410 http://ifconfig.ovh

Here is my tcpdump packets:
enter image description here

2286    3.279178    5.125.188.197   xxx.xxx.xxx.105 TCP 76  14767 → 31410 [SYN] Seq=0 Win=64240 Len=0 MSS=1400 SACK_PERM=1 TSval=2144430994 TSecr=0 WS=128
2289    3.279248    xxx.xxx.xxx.105 10.244.225.48   TCP 76  44194 → 1080 [SYN] Seq=0 Win=64240 Len=0 MSS=1400 SACK_PERM=1 TSval=2144430994 TSecr=0 WS=128
2292    3.279289    10.244.225.48   xxx.xxx.xxx.105 TCP 76  1080 → 44194 [SYN, ACK] Seq=0 Ack=1 Win=64260 Len=0 MSS=1440 SACK_PERM=1 TSval=3395052955 TSecr=2144430994 WS=128
2293    3.279301    xxx.xxx.xxx.105 5.125.188.197   TCP 76  31410 → 14767 [SYN, ACK] Seq=0 Ack=1 Win=64260 Len=0 MSS=1440 SACK_PERM=1 TSval=3395052955 TSecr=2144430994 WS=128
2500    3.413135    5.125.188.197   xxx.xxx.xxx.105 TCP 68  14767 → 31410 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=2144431131 TSecr=3395052955
2501    3.413148    xxx.xxx.xxx.105 10.244.225.48   TCP 68  44194 → 1080 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=2144431131 TSecr=3395052955
155590  229.785623  5.125.188.197   xxx.xxx.xxx.105 TCP 73  14767 → 31410 [PSH, ACK] Seq=1 Ack=1 Win=64256 Len=5 TSval=2144657489 TSecr=3395052955
155593  229.785729  xxx.xxx.xxx.105 10.244.225.48   Socks   73  Version: 5
155596  229.785792  10.244.225.48   xxx.xxx.xxx.105 TCP 68  1080 → 44194 [ACK] Seq=1 Ack=6 Win=64256 Len=0 TSval=3395279461 TSecr=2144657489
155597  229.785811  xxx.xxx.xxx.105 5.125.188.197   TCP 68  31410 → 14767 [ACK] Seq=1 Ack=6 Win=64256 Len=0 TSval=3395279461 TSecr=2144657489
155598  229.785871  10.244.225.48   xxx.xxx.xxx.105 Socks   70  Version: 5
155599  229.785928  xxx.xxx.xxx.105 5.125.188.197   TCP 70  31410 → 14767 [PSH, ACK] Seq=1 Ack=6 Win=64256 Len=2 TSval=3395279461 TSecr=2144657489
155654  229.922585  5.125.188.197   xxx.xxx.xxx.105 TCP 68  14767 → 31410 [ACK] Seq=6 Ack=3 Win=64256 Len=0 TSval=2144657639 TSecr=3395279461
155655  229.922621  xxx.xxx.xxx.105 10.244.225.48   TCP 68  44194 → 1080 [ACK] Seq=6 Ack=3 Win=64256 Len=0 TSval=2144657639 TSecr=3395279461
155743  230.314622  5.125.188.197   xxx.xxx.xxx.105 TCP 78  14767 → 31410 [PSH, ACK] Seq=6 Ack=3 Win=64256 Len=10 TSval=2144658027 TSecr=3395279461
155744  230.314659  xxx.xxx.xxx.105 10.244.225.48   Socks   78  Version: 5
155745  230.314708  10.244.225.48   xxx.xxx.xxx.105 TCP 68  1080 → 44194 [ACK] Seq=3 Ack=16 Win=64256 Len=0 TSval=3395279990 TSecr=2144658027
155746  230.314732  xxx.xxx.xxx.105 5.125.188.197   TCP 68  31410 → 14767 [ACK] Seq=3 Ack=16 Win=64256 Len=0 TSval=3395279990 TSecr=2144658027
155747  230.314864  10.244.225.48   213.186.33.50   TCP 76  53530 → 80 [SYN] Seq=0 Win=64800 Len=0 MSS=1440 SACK_PERM=1 TSval=2621910285 TSecr=0 WS=128
155772  230.343254  213.186.33.50   10.244.225.48   TCP 76  80 → 53530 [SYN, ACK] Seq=0 Ack=1 Win=17520 Len=0 MSS=1460 SACK_PERM=1 WS=4096 TSval=23 TSecr=2621910285
155773  230.343307  10.244.225.48   213.186.33.50   TCP 68  53530 → 80 [ACK] Seq=1 Ack=1 Win=64896 Len=0 TSval=2621910314 TSecr=23
155777  230.343418  10.244.225.48   xxx.xxx.xxx.105 Socks   78  Version: 5
155778  230.343454  xxx.xxx.xxx.105 5.125.188.197   TCP 78  31410 → 14767 [PSH, ACK] Seq=3 Ack=16 Win=64256 Len=10 TSval=3395280019 TSecr=2144658027
155945  230.472819  5.125.188.197   xxx.xxx.xxx.105 TCP 68  14767 → 31410 [ACK] Seq=16 Ack=13 Win=64256 Len=0 TSval=2144658198 TSecr=3395280019
155946  230.472819  5.125.188.197   xxx.xxx.xxx.105 HTTP    144 GET / HTTP/1.1 
155947  230.472847  xxx.xxx.xxx.105 10.244.225.48   TCP 68  44194 → 1080 [ACK] Seq=16 Ack=13 Win=64256 Len=0 TSval=2144658198 TSecr=3395280019
155948  230.472857  xxx.xxx.xxx.105 10.244.225.48   HTTP    144 GET / HTTP/1.1 
155949  230.472952  10.244.225.48   xxx.xxx.xxx.105 TCP 68  1080 → 44194 [ACK] Seq=13 Ack=92 Win=64256 Len=0 TSval=3395280148 TSecr=2144658199
155950  230.472973  xxx.xxx.xxx.105 5.125.188.197   TCP 68  31410 → 14767 [ACK] Seq=13 Ack=92 Win=64256 Len=0 TSval=3395280148 TSecr=2144658199
155951  230.472984  10.244.225.48   213.186.33.50   HTTP    144 GET / HTTP/1.1 
155958  230.503135  213.186.33.50   10.244.225.48   HTTP    370 HTTP/1.1 200 OK  (text/html)
155959  230.503178  10.244.225.48   213.186.33.50   TCP 68  53530 → 80 [ACK] Seq=77 Ack=303 Win=64640 Len=0 TSval=2621910474 TSecr=56
155961  230.503197  10.244.225.48   xxx.xxx.xxx.105 HTTP    370 HTTP/1.1 200 OK  (text/html)
155962  230.503210  xxx.xxx.xxx.105 5.125.188.197   HTTP    370 HTTP/1.1 200 OK  (text/html)
156054  230.631555  5.125.188.197   xxx.xxx.xxx.105 TCP 68  14767 → 31410 [ACK] Seq=92 Ack=315 Win=64128 Len=0 TSval=2144658357 TSecr=3395280179
156055  230.631555  5.125.188.197   xxx.xxx.xxx.105 TCP 68  14767 → 31410 [FIN, ACK] Seq=92 Ack=315 Win=64128 Len=0 TSval=2144658357 TSecr=3395280179
156056  230.631589  xxx.xxx.xxx.105 10.244.225.48   TCP 68  44194 → 1080 [ACK] Seq=92 Ack=315 Win=64128 Len=0 TSval=2144658357 TSecr=3395280179
156057  230.631599  xxx.xxx.xxx.105 10.244.225.48   TCP 68  44194 → 1080 [FIN, ACK] Seq=92 Ack=315 Win=64128 Len=0 TSval=2144658357 TSecr=3395280179
156058  230.631719  10.244.225.48   213.186.33.50   TCP 68  53530 → 80 [FIN, ACK] Seq=77 Ack=303 Win=64640 Len=0 TSval=2621910602 TSecr=56
156060  230.631739  10.244.225.48   xxx.xxx.xxx.105 TCP 68  1080 → 44194 [FIN, ACK] Seq=315 Ack=93 Win=64256 Len=0 TSval=3395280307 TSecr=2144658357
156061  230.631745  xxx.xxx.xxx.105 5.125.188.197   TCP 68  31410 → 14767 [FIN, ACK] Seq=315 Ack=93 Win=64256 Len=0 TSval=3395280307 TSecr=2144658357
156063  230.660167  213.186.33.50   10.244.225.48   TCP 68  80 → 53530 [FIN, ACK] Seq=303 Ack=78 Win=2097152 Len=0 TSval=95 TSecr=2621910602
156064  230.660191  10.244.225.48   213.186.33.50   TCP 68  53530 → 80 [ACK] Seq=78 Ack=304 Win=64640 Len=0 TSval=2621910631 TSecr=95
156107  230.766792  5.125.188.197   xxx.xxx.xxx.105 TCP 68  14767 → 31410 [ACK] Seq=93 Ack=316 Win=64128 Len=0 TSval=2144658494 TSecr=3395280307
156108  230.766838  xxx.xxx.xxx.105 10.244.225.48   TCP 68  44194 → 1080 [ACK] Seq=93 Ack=316 Win=64128 Len=0 TSval=2144658494 TSecr=3395280307

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

梦忆晨望 2025-02-16 03:45:57

尝试一下,它可能会

在服务中解决您的问题,更改external Trafficpolicy value。
我的猜测是,您具有cluster的默认值,将其更改为本地,并在解决问题的情况下进行更新。

### externalTrafficPolicy: Local

apiVersion: v1
kind: Service
spec:
  ports:
    - name: port-8080
      protocol: TCP
      port: 8080
      targetPort: 8080
      nodePort: 32600
  selector:
    app: my-service
  externalTrafficPolicy: Local
  internalTrafficPolicy: Cluster

外部Trafficpolicy表示此服务是否希望路由外部流量到节点 - 局部群集整个端点

  • “ local”保留了客户端源IP,并避免了对负载量和NodePort类型服务的第二次跳跃,但风险可能会出现不平衡的流量扩张。
  • “ cluster”遮盖了客户端源IP,并可能引起第二个节点,但应该具有良好的总体负载分析。

卡利科默认值:

“在此处输入图像描述”

https:> https://projectcalico.docs .tigera.io/security/services-cluster-ips

Try this out and it might solve your issue

In your service change the externalTrafficPolicy value.
My guess is that you have the default value which is cluster, change it to local and update if it's solved your issue.

### externalTrafficPolicy: Local

apiVersion: v1
kind: Service
spec:
  ports:
    - name: port-8080
      protocol: TCP
      port: 8080
      targetPort: 8080
      nodePort: 32600
  selector:
    app: my-service
  externalTrafficPolicy: Local
  internalTrafficPolicy: Cluster

externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints.

  • "Local" preserves the client source IP and avoids a second hop for LoadBalancer and NodePort type services, but risks potentially imbalanced traffic spreading.
  • "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading.

Calico defaults:

enter image description here

https://projectcalico.docs.tigera.io/security/services-cluster-ips

回复 原文
~没有更多了~

关于作者

咆哮

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

李珊平

文章 0 评论 0

Quxin

文章 0 评论 0

范无咎

文章 0 评论 0

github_ZOJ2N8YxBm

文章 0 评论 0

若言

文章 0 评论 0

南…巷孤猫

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文