ShadowOvO
flannel设置的accept规则就是kubespheredev那两条,说明数据包不是在这被拦截的

    kevendeng
    ks-console 内部监听,没问题,数据包都进来了也处理返回了,但就宿主机那块儿一直没有回包没法响应浏览器。。。我吐了。加了MASQ怎么就不行呢:)

      ShadowOvO 从目前的信息来看我认为组件都工作正常,唯一可能是人为的错误配置或者别的组件,不过我没注意到的。
      期待你查到root cause并分享。

        3 个月 后
        5 个月 后

        ShadowOvO

        我也碰到了这样 问题,从pod无法ping公网,在cni0 上不能抓到ICMP包。
        如果直接ping cni0的ip,可以抓到ICMP包。

        `

        jacarrichan@jcpc:~/k8s$ !714

        kubectl exec -it traceroute – ping 10.240.0.1

        PING 10.240.0.1 (10.240.0.1): 56 data bytes

        64 bytes from 10.240.0.1: seq=0 ttl=64 time=0.080 ms

        64 bytes from 10.240.0.1: seq=1 ttl=64 time=0.156 ms

        64 bytes from 10.240.0.1: seq=2 ttl=64 time=0.155 ms

        C

        --- 10.240.0.1 ping statistics —

        3 packets transmitted, 3 packets received, 0% packet loss

        round-trip min/avg/max = 0.080/0.130/0.156 ms

        jacarrichan@jcpc:~/k8s$ kubectl exec -it traceroute – ping 114.114.114.114

        PING 114.114.114.114 (114.114.114.114): 56 data bytes

        C

        --- 114.114.114.114 ping statistics —

        10 packets transmitted, 0 packets received, 100% packet loss

        command terminated with exit code 1

        `