我的集群中有 3 个节点,一个是主节点,两个是工作节点。我对 Kubernetes 集群使用 CNI flannel。我在集群中为负载均衡器运行 Nginx ingress,主机名为 host.com
这是我的集群中的 pod
namespace deploy-4yhghhf4d-345ck 1/1 Running 0 2d14h 10.45.0.55 agent-02 <none> <none>
namespace deploy-4yhghhf4d-a4fcf 1/1 Running 0 2d14h 10.45.1.25 master <none> <none>
namespace deploy-4yhghhf4d-87678 1/1 Running 0 2d14h 10.45.2.30 agent-03 <none> <none>
我尝试从浏览器和命令行进行访问。通过 host.com 访问 deploy-fdtt88f4d-345ck 和 deploy-4yhghhf4d-a4fcf 成功。我可以在命令行或通过浏览器 host.com 进行 curl。
当然,pod 有一个 IP 地址。我想尝试通过命令行访问或 ping 这些 IP 地址。
从主端
master ping itself: ping 10.45.1.25 (success)
master ping agent-02: ping 10.45.0.55 (failed)
master ping agent-03: ping 10.45.2.30 (failed)
从代理端
agent-03 ping agent-02: ping 10.45.0.55 (success)
agent-02 ping agent-03: ping 10.45.2.30 (success)
agent-02 ping master: ping 10.45.1.25 (failed)
问题是,无论何时我们 ping 或 curl 到主机或从主机 ping 或 curl 总是会失败。没有回应。但代理到代理却成功了。
我刷新了主机上的 iptables,但它仍然不起作用。
iptables -L
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain KUBE-EXTERNAL-SERVICES (0 references)
target prot opt source destination
Chain KUBE-FIREWALL (0 references)
target prot opt source destination
Chain KUBE-FORWARD (0 references)
target prot opt source destination
Chain KUBE-KUBELET-CANARY (0 references)
target prot opt source destination
Chain KUBE-NODEPORTS (0 references)
target prot opt source destination
Chain KUBE-NWPLCY-DEFAULT (0 references)
target prot opt source destination
Chain KUBE-PROXY-CANARY (0 references)
target prot opt source destination
Chain KUBE-ROUTER-FORWARD (0 references)
target prot opt source destination
Chain KUBE-ROUTER-INPUT (0 references)
target prot opt source destination
Chain KUBE-ROUTER-OUTPUT (0 references)
target prot opt source destination
Chain KUBE-SERVICES (0 references)
target prot opt source destination
#ip route
10.45.0.0/24 via 10.45.0.0 dev flannel.1 onlink
10.45.1.0/24 via 10.45.1.0 dev flannel.1 onlink
10.45.2.0/24 via 10.45.2.0 dev flannel.1 onlink
#cat /run/flannel/subnet.env
FLANNEL_NETWORK=10.45.0.0/16
FLANNEL_SUBNET=10.45.0.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true
kubectl get nodes -o yaml |grep flannel.alpha
flannel.alpha.coreos.com/backend-data: '{"VNI":1,"VtepMAC":"16:cb:5c:78:57:cb"}'
flannel.alpha.coreos.com/backend-type: vxlan
flannel.alpha.coreos.com/kube-subnet-manager: "true"
flannel.alpha.coreos.com/public-ip: 192.168.14.3
flannel.alpha.coreos.com/backend-data: '{"VNI":1,"VtepMAC":"7e:1e:e8:f6:8f:77"}'
flannel.alpha.coreos.com/backend-type: vxlan
flannel.alpha.coreos.com/kube-subnet-manager: "true"
flannel.alpha.coreos.com/public-ip: 192.168.14.4
flannel.alpha.coreos.com/backend-data: '{"VNI":1,"VtepMAC":"06:cd:6a:ba:6b:54"}'
flannel.alpha.coreos.com/backend-type: vxlan
flannel.alpha.coreos.com/kube-subnet-manager: "true"
flannel.alpha.coreos.com/public-ip: 10.0.3.15
flannel.alpha.coreos.com/backend-data: '{"VNI":1,"VtepMAC":"96:71:0e:48:52:4d"}'
flannel.alpha.coreos.com/backend-type: vxlan
flannel.alpha.coreos.com/kube-subnet-manager: "true"
flannel.alpha.coreos.com/public-ip: 192.168.14.2