Fatal编程技术网
  • kubernetes/
  • kubernetes无法通过pod内部的ip访问其他机器

kubernetes无法通过pod内部的ip访问其他机器

kubernetes

kubernetes无法通过pod内部的ip访问其他机器,kubernetes,Kubernetes,kubernetes无法通过pod内部的ip访问其他机器 kubectl exec dnsutils -it /bin/bash root@dnsutils:/# ping 10.116.197.60 PING 10.116.197.60 (10.116.197.60) 56(84) bytes of data. 但它在机器上工作 ping 10.116.197.60 PING 10.116.197.60 (10.116.197.60) 56(84) bytes of data. 64 by

kubernetes无法通过pod内部的ip访问其他机器

kubectl exec dnsutils  -it /bin/bash
root@dnsutils:/# ping 10.116.197.60
PING 10.116.197.60 (10.116.197.60) 56(84) bytes of data.
但它在机器上工作

ping 10.116.197.60
PING 10.116.197.60 (10.116.197.60) 56(84) bytes of data.
64 bytes from 10.116.197.60: icmp_seq=1 ttl=64 time=0.854 ms
64 bytes from 10.116.197.60: icmp_seq=2 ttl=64 time=0.906 ms
...
并在docker容器上工作

docker exec -it bind /bin/bash
root@0f356bf598c5:/# ping 10.116.197.60
PING 10.116.197.60 (10.116.197.60): 56 data bytes
64 bytes from 10.116.197.60: icmp_seq=0 ttl=63 time=1.172 ms
64 bytes from 10.116.197.60: icmp_seq=1 ttl=63 time=1.007 ms
64 bytes from 10.116.197.60: icmp_seq=2 ttl=63 time=1.260 ms
64 bytes from 10.116.197.60: icmp_seq=3 ttl=63 time=1.307 ms
64 bytes from 10.116.197.60: icmp_seq=4 ttl=63 time=1.118 ms
64 bytes from 10.116.197.60: icmp_seq=5 ttl=63 time=1.023 ms
...
在吊舱中使用外部跟踪器

/ # traceroute -n -m 5 -q 4 -w 3 10.116.197.60
traceroute to 10.116.197.60 (10.116.197.60), 5 hops max, 46 byte packets
 1  10.233.0.1  0.008 ms  0.005 ms  0.004 ms  0.004 ms
 2  *  *  *  *
 3  *  *  *  *
 4  *  *  *  *
 5  *  *  *  *

/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: eth0@if64: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue state UP 
    link/ether 82:71:94:c7:fe:90 brd ff:ff:ff:ff:ff:ff
    inet 10.233.0.139/24 brd 10.233.0.255 scope global eth0
       valid_lft forever preferred_lft forever
ip
10.233.0.156
是pod的ip,机器无法回复

添加iptables规则以捕获pod ip

iptables -t nat -A POSTROUTING -s 10.233.0.0/24 -j MASQUERADE

10.233.0.0/24
--pod网络cidr

yum install iptables-services -y
iptables -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -s 10.233.0.0/24 -j MASQUERADE
service iptables save
systemctl enable iptables.service

yum install iptables-services -y
iptables -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -s 10.233.0.0/24 -j MASQUERADE
service iptables save
systemctl enable iptables.service