K8s pod 容器无法ping通外网, kubesphere devOps 无法使用
- 已编辑
这是iptables
可以在宿主机上抓包看pod访问外网的流量,然后看看flannel的配置/run/flannel/subnet.env是否和flannel.1的地址匹配
建议咨询阿里云服务排查相关网络配置是否正确,如安全组、防火墙等
kevendeng 对,内网访问没有任何问题。
—————-flannel 配置————————
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: “2021-06-07T07:19:24Z”
generateName: kube-flannel-ds-
labels:
app: flannel
controller-revision-hash: 7fb8b954f9
pod-template-generation: “1”
tier: node
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:generateName: {}
f:labels:
.: {}
f:app: {}
f:controller-revision-hash: {}
f:pod-template-generation: {}
f:tier: {}
f:ownerReferences:
.: {}
k:{“uid”:“eeffaee4-c706-4902-943a-dc674ed5fac9”}:
.: {}
f:apiVersion: {}
f:blockOwnerDeletion: {}
f:controller: {}
f:kind: {}
f:name: {}
f:uid: {}
f:spec:
f:affinity:
.: {}
f:nodeAffinity:
.: {}
f:requiredDuringSchedulingIgnoredDuringExecution:
.: {}
f:nodeSelectorTerms: {}
f:containers:
k:{“name”:“kube-flannel”}:
.: {}
f:args: {}
f:command: {}
f:env:
.: {}
k:{“name”:“POD_NAME”}:
.: {}
f:name: {}
f:valueFrom:
.: {}
f:fieldRef:
.: {}
f:apiVersion: {}
f:fieldPath: {}
k:{“name”:“POD_NAMESPACE”}:
.: {}
f:name: {}
f:valueFrom:
.: {}
f:fieldRef:
.: {}
f:apiVersion: {}
f:fieldPath: {}
f:image: {}
f:imagePullPolicy: {}
f:name: {}
f:resources:
.: {}
f:limits:
.: {}
f:cpu: {}
f:memory: {}
f:requests:
.: {}
f:cpu: {}
f:memory: {}
f:securityContext:
.: {}
f:capabilities:
.: {}
f:add: {}
f:privileged: {}
f:terminationMessagePath: {}
f:terminationMessagePolicy: {}
f:volumeMounts:
.: {}
k:{“mountPath”:“/etc/kube-flannel/”}:
.: {}
f:mountPath: {}
f:name: {}
k:{“mountPath”:“/run/flannel”}:
.: {}
f:mountPath: {}
f:name: {}
f:dnsPolicy: {}
f:enableServiceLinks: {}
f:hostNetwork: {}
f:initContainers:
.: {}
k:{“name”:“install-cni”}:
.: {}
f:args: {}
f:command: {}
f:image: {}
f:imagePullPolicy: {}
f:name: {}
f:resources: {}
f:terminationMessagePath: {}
f:terminationMessagePolicy: {}
f:volumeMounts:
.: {}
k:{“mountPath”:“/etc/cni/net.d”}:
.: {}
f:mountPath: {}
f:name: {}
k:{“mountPath”:“/etc/kube-flannel/”}:
.: {}
f:mountPath: {}
f:name: {}
f:priorityClassName: {}
f:restartPolicy: {}
f:schedulerName: {}
f:securityContext: {}
f:serviceAccount: {}
f:serviceAccountName: {}
f:terminationGracePeriodSeconds: {}
f:tolerations: {}
f:volumes:
.: {}
k:{“name”:“cni”}:
.: {}
f:hostPath:
.: {}
f:path: {}
f:type: {}
f:name: {}
k:{“name”:“flannel-cfg”}:
.: {}
f:configMap:
.: {}
f:defaultMode: {}
f:name: {}
f:name: {}
k:{“name”:“run”}:
.: {}
f:hostPath:
.: {}
f:path: {}
f:type: {}
f:name: {}
manager: kube-controller-manager
operation: Update
time: “2021-06-07T07:19:24Z” - apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:status:
f:conditions:
k:{“type”:“ContainersReady”}:
.: {}
f:lastProbeTime: {}
f:lastTransitionTime: {}
f:status: {}
f:type: {}
k:{“type”:“Initialized”}:
.: {}
f:lastProbeTime: {}
f:lastTransitionTime: {}
f:status: {}
f:type: {}
k:{“type”:“Ready”}:
.: {}
f:lastProbeTime: {}
f:lastTransitionTime: {}
f:status: {}
f:type: {}
f:containerStatuses: {}
f:hostIP: {}
f:initContainerStatuses: {}
f:phase: {}
f:podIP: {}
f:podIPs:
.: {}
k:{“ip”:“172.27.200.160”}:
.: {}
f:ip: {}
f:startTime: {}
manager: kubelet
operation: Update
time: “2021-06-07T07:22:58Z”
name: kube-flannel-ds-zckq2
namespace: kube-system
ownerReferences: - apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: DaemonSet
name: kube-flannel-ds
uid: eeffaee4-c706-4902-943a-dc674ed5fac9
resourceVersion: “45705”
selfLink: /api/v1/namespaces/kube-system/pods/kube-flannel-ds-zckq2
uid: 107e0185-230e-44ca-b6b7-25a153ed91d0
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchFields:
- key: metadata.name
operator: In
values:
- kubernetesdev
containers: - args:
- –ip-masq
- –kube-subnet-mgr
command: - /opt/bin/flanneld
env: - name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name - name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: quay.io/coreos/flannel:v0.14.0
imagePullPolicy: IfNotPresent
name: kube-flannel
resources:
limits:
cpu: 100m
memory: 50Mi
requests:
cpu: 100m
memory: 50Mi
securityContext:
capabilities:
add:- NET_ADMIN
- NET_RAW
privileged: false
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /run/flannel
name: run - mountPath: /etc/kube-flannel/
name: flannel-cfg - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: flannel-token-6nqmq
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
hostNetwork: true
initContainers:
- args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
command: - cp
image: quay.io/coreos/flannel:v0.14.0
imagePullPolicy: IfNotPresent
name: install-cni
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts: - mountPath: /etc/cni/net.d
name: cni - mountPath: /etc/kube-flannel/
name: flannel-cfg - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: flannel-token-6nqmq
readOnly: true
nodeName: kubernetesdev
preemptionPolicy: PreemptLowerPriority
priority: 2000001000
priorityClassName: system-node-critical
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: flannel
serviceAccountName: flannel
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoSchedule
operator: Exists - effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists - effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists - effect: NoSchedule
key: node.kubernetes.io/disk-pressure
operator: Exists - effect: NoSchedule
key: node.kubernetes.io/memory-pressure
operator: Exists - effect: NoSchedule
key: node.kubernetes.io/pid-pressure
operator: Exists - effect: NoSchedule
key: node.kubernetes.io/unschedulable
operator: Exists - effect: NoSchedule
key: node.kubernetes.io/network-unavailable
operator: Exists
volumes: - hostPath:
path: /run/flannel
type: ""
name: run - hostPath:
path: /etc/cni/net.d
type: ""
name: cni - configMap:
defaultMode: 420
name: kube-flannel-cfg
name: flannel-cfg - name: flannel-token-6nqmq
secret:
defaultMode: 420
secretName: flannel-token-6nqmq
status:
conditions: - lastProbeTime: null
lastTransitionTime: “2021-06-07T07:19:25Z”
status: “True”
type: Initialized - lastProbeTime: null
lastTransitionTime: “2021-06-07T07:22:49Z”
status: “True”
type: Ready - lastProbeTime: null
lastTransitionTime: “2021-06-07T07:22:49Z”
status: “True”
type: ContainersReady - lastProbeTime: null
lastTransitionTime: “2021-06-07T07:19:24Z”
status: “True”
type: PodScheduled
containerStatuses: - containerID: docker://37ae778489c6ee9202dbb9e0cc376afe12555f5bb6102052c332872532a3bb43
image: quay.io/coreos/flannel:v0.14.0
imageID: docker-pullable://quay.io/coreos/flannel@sha256:4a330b2f2e74046e493b2edc30d61fdebbdddaaedcb32d62736f25be8d3c64d5
lastState:
terminated:
containerID: docker://0adbc7924866769ed23b88816c7f5cf02d397154a0eb44c5ed767427edf16b94
exitCode: 0
finishedAt: “2021-06-07T07:19:30Z”
reason: Completed
startedAt: “2021-06-07T07:19:25Z”
name: kube-flannel
ready: true
restartCount: 1
started: true
state:
running:
startedAt: “2021-06-07T07:22:47Z”
hostIP: 172.27.200.160
initContainerStatuses: - containerID: docker://7d1e1d33afcf0eed98928c71c89e5381c7af2fbd28b413ebaf0a405d641df44d
image: quay.io/coreos/flannel:v0.14.0
imageID: docker-pullable://quay.io/coreos/flannel@sha256:4a330b2f2e74046e493b2edc30d61fdebbdddaaedcb32d62736f25be8d3c64d5
lastState: {}
name: install-cni
ready: true
restartCount: 1
state:
terminated:
containerID: docker://7d1e1d33afcf0eed98928c71c89e5381c7af2fbd28b413ebaf0a405d641df44d
exitCode: 0
finishedAt: “2021-06-07T07:22:46Z”
reason: Completed
startedAt: “2021-06-07T07:22:46Z”
phase: Running
podIP: 172.27.200.160
podIPs: - ip: 172.27.200.160
qosClass: Burstable
startTime: “2021-06-07T07:19:24Z”