Windows 上的 Kubernetes POD 无法解析 DNS 并无法访问 Internet

我在 hyper-v 上构建了一个集群（v1.15.4），

- linux node (master)
- linux node (worker)
- windows node (worker)
- networking - flannel (host-gw)
- mac spoofing enabled for vms

部署 win-webserver.yaml 来测试 Windows 是否正常工作。 https://kubernetes.io/docs/setup/production-environment/windows/user-guide-windows-containers/

kubectl get pods -o wide 
NAME                             READY   STATUS    RESTARTS   AGE   IP           NODE   NOMINATED NODE   READINESS GATES
win-webserver-7779dc4df7-58qs2   1/1     Running   0          18m   10.42.2.41   node01   <none>           <none>
win-webserver-7779dc4df7-mb4sf   1/1     Running   0          18m   10.42.2.43   node01   <none>           <none>
win-webserver-7779dc4df7-w5kjt   1/1     Running   0          18m   10.42.2.44   node01   <none>           <none>
win-webserver-7779dc4df7-wm245   1/1     Running   0          18m   10.42.2.45   node01   <none>           <none>

kubectl get svc
NAME            TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
kubernetes      ClusterIP   10.43.0.1      <none>        443/TCP        122m
win-webserver   NodePort    10.43.91.255   <none>        80:30378/TCP   72m

部署运行良好，但是在 Windows 上运行的容器无法解析 DNS 和访问互联网。

来自 Windows pod 的 DNS 请求

DNS request timed out. 
timeout was 2 seconds. 
Server:  UnKnown     
Address:  10.43.0.10 

DNS request timed out. 
timeout was 2 seconds. 
DNS request timed out. 

也无法使用服务从 Linux 访问 pod。

curl http://10.43.91.255 --connect-timeout 30
curl: (28) Connection timed out after 30000 milliseconds

Flannel 原木

kubectl logs -n kube-system pod/kube-flannel-8dqcc -c kube-flannel
I1015 12:48:40.437400       1 main.go:527] Using interface with name eth0 and address 192.168.x.x
I1015 12:48:40.437491       1 main.go:544] Defaulting external address to interface address (192.168.x.x)
I1015 12:48:40.538336       1 kube.go:126] Waiting 10m0s for node controller to sync
I1015 12:48:40.538380       1 kube.go:309] Starting kube subnet manager
I1015 12:48:41.538500       1 kube.go:133] Node controller sync successful
I1015 12:48:41.538539       1 main.go:244] Created subnet manager: Kubernetes Subnet Manager - node02
I1015 12:48:41.538551       1 main.go:247] Installing signal handlers
I1015 12:48:41.538676       1 main.go:386] Found network config - Backend type: vxlan
I1015 12:48:41.538751       1 vxlan.go:120] VXLAN config: VNI=4096 Port=4789 GBP=false DirectRouting=false
W1015 12:48:41.539007       1 device.go:84] "flannel.4096" already exists with incompatable configuration: vtep (external) interface: 2 vs 3; recreating device
I1015 12:48:41.632647       1 main.go:317] Wrote subnet file to /run/flannel/subnet.env
I1015 12:48:41.632666       1 main.go:321] Running backend.
I1015 12:48:41.632675       1 main.go:339] Waiting for all goroutines to exit
I1015 12:48:41.632695       1 vxlan_network.go:60] watching for new subnet leases
E1015 13:01:19.765370       1 vxlan_network.go:101] error decoding subnet lease JSON: invalid MAC address
E1015 13:11:30.468144       1 vxlan_network.go:101] error decoding subnet lease JSON: invalid MAC address

任何建议都值得赞赏。

更新

我设法使集群正常运行。通信失败的原因是我将两个网络连接到每个 kubernetes 机器。

linux master - internet facing eth0 (192.168.6.2) eth1 (192.168.3.12)
linux worker - internet facing eth0 (192.168.6.3) eth1 (192.168.3.13)
windows node - internet facing Ethernet_LB (192.168.6.4) Ethernet_FW (192.168.3.14)  

Windows 上的虚拟交换机是在没有互联网连接的 Ethernet_FW 上创建的。运行 Wireshark 和 tdcdump 后，我发现
- 主节点上的 pod 通过 eth0 向 Windows pod 发送流量
- Windows 节点上的 pod 通过 Ethernet_FW 向 Linux pod 发送流量
- Windows 上的 pod 通过 Ethernet_FW 向互联网发送流量，
这导致 pod 之间的通信失败。
我能够配置 Windows 节点以在具有互联网访问权限的 Ethernet_LB 上创建虚拟交换机，并且此接口（Ethernet_LB）正在接受来自主节点和 Linux 工作节点的数据包。

对于集群创建我使用了此资源https://kubernetes.io/docs/setup/production-environment/windows/user-guide-windows-nodes/
我必须将正确的接口名称放入配置文件中

"InterfaceName" : "Ethernet_LB"