I installed my K8s cluster from latest source code, just cloned from https://github.com/kubernetes/kubernetes.git, and ran "make" to build all the K8s binaries, and started the whole cluster manually (1 master + 2 nodes, all OS is Ubuntu 14.04 with kernel 3.13.0-32-generic).
On master: ./kube-apiserver --v=3 --cert-dir=/home/stack/tmp/kubernetes --service-account-key-file=/home/stack/tmp/kube-serviceaccount.key --service-account-lookup=false --admission-control=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota --insecure-bind-address=0.0.0.0 --insecure-port=8080 --etcd-servers=http://127.0.0.1:4001 --service-cluster-ip-range=172.17.17.0/24 --cors-allowed-origins="/127.0.0.1(:[0-9]+)?$,/localhost(:[0-9]+)?$" ./kube-controller-manager --v=3 --service-account-private-key-file=/home/stack/tmp/kube-serviceaccount.key --root-ca-file=/home/stack/tmp/kubernetes/apiserver.crt --master=127.0.0.1:8080 ./kube-scheduler --v=3 --master=http://127.0.0.1:8080 Node: sudo ./kubelet --v=3 --chaos-chance=0.0 --container-runtime=docker --address=0.0.0.0 --api-servers=192.168.122.190:8080 --cpu-cfs-quota=false --port=10250 --cluster-dns=172.17.17.17 --cluster-domain=k8s sudo ./kube-proxy --v=3 --master=http://192.168.122.190:8080 And I see the following in kube-proxy log, maybe something wrong with it? I0529 08:49:52.046704 9069 server.go:201] Using iptables Proxier. *I0529 08:49:52.046840 9069 proxier.go:209] missing br-netfilter module or unset br-nf-call-iptables; proxy may not work as intended* I0529 08:49:52.046901 9069 server.go:214] Tearing down userspace rules. I also tried to edit the service to change its type to NodePort, and then I see it works perfectly, i.e., curl <node-ip>:<node-port> always works. On Sunday, May 29, 2016 at 12:39:41 AM UTC+8, Rodrigo Campos wrote: > > > On Saturday, May 28, 2016, Qian Zhang <[email protected] <javascript:>> > wrote: > >> Hi, >> >> I created a Nginx deployment and service in my K8s env which has flannel >> as network solution. >> *$ kubectl describe deployment * >> Name: my-nginx >> Namespace: default >> CreationTimestamp: Sat, 28 May 2016 17:29:58 +0800 >> Labels: run=my-nginx >> Selector: run=my-nginx >> Replicas: 2 updated | 2 total | 2 available | 0 unavailable >> StrategyType: RollingUpdate >> MinReadySeconds: 0 >> RollingUpdateStrategy: 1 max unavailable, 1 max surge >> OldReplicaSets: <none> >> NewReplicaSet: my-nginx-994817687 (2/2 replicas created) >> No events. >> >> *$ kubectl describe svc/my-nginx * >> Name: my-nginx >> Namespace: default >> Labels: run=my-nginx >> Selector: run=my-nginx >> Type: ClusterIP >> IP: 172.17.17.222 >> Port: <unset> 80/TCP >> Endpoints: 10.0.13.2:80,10.0.8.2:80 >> Session Affinity: None >> No events. >> >> I can always access the Nginx via service's endpoints (10.0.13.2:80, >> 10.0.8.2:80), but sometime can access it via service ClusterIP >> (172.17.17.222), but sometime cannot. >> *$ curl 172.17.17.222* >> <!DOCTYPE html> >> ... >> <title>Welcome to nginx!</title> >> ...</html> >> >> *$ curl 172.17.17.222 * >> curl: (7) Failed to connect to 172.17.17.222 port 80: Connection timed out >> >> Any ideas on what's wrong in my env? Thanks! >> > > It can easily be kube-proxy, or flannel. > > Not sure how the virtual IP is managed on that setup, maybe with iptables > rules too. If that is the case, check if they are up to date when it fails, > with tcpdump where packets are not being sent, etc. > > You can also try to use the service with type node port and check again > for the above and see if it gives you any hint (like this node does not > forward the packets to pods, etc.). > > It is probably something wrong with the installation, so how did you > install? Did you use the kube-up script ? > -- You received this message because you are subscribed to the Google Groups "Containers at Google" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-containers. For more options, visit https://groups.google.com/d/optout.
