kubernetes无法通过pod内部的ip访问其他机器
kubernetes无法通过pod内部的ip访问其他机器kubernetes无法通过pod内部的ip访问其他机器,kubernetes,Kubernetes,kubernetes无法通过pod内部的ip访问其他机器 kubectl exec dnsutils -it /bin/bash root@dnsutils:/# ping 10.116.197.60 PING 10.116.197.60 (10.116.197.60) 56(84) bytes of data. 但它在机器上工作 ping 10.116.197.60 PING 10.116.197.60 (10.116.197.60) 56(84) bytes of data. 64 by
kubectl exec dnsutils -it /bin/bash
root@dnsutils:/# ping 10.116.197.60
PING 10.116.197.60 (10.116.197.60) 56(84) bytes of data.
但它在机器上工作
ping 10.116.197.60
PING 10.116.197.60 (10.116.197.60) 56(84) bytes of data.
64 bytes from 10.116.197.60: icmp_seq=1 ttl=64 time=0.854 ms
64 bytes from 10.116.197.60: icmp_seq=2 ttl=64 time=0.906 ms
...
并在docker容器上工作
docker exec -it bind /bin/bash
root@0f356bf598c5:/# ping 10.116.197.60
PING 10.116.197.60 (10.116.197.60): 56 data bytes
64 bytes from 10.116.197.60: icmp_seq=0 ttl=63 time=1.172 ms
64 bytes from 10.116.197.60: icmp_seq=1 ttl=63 time=1.007 ms
64 bytes from 10.116.197.60: icmp_seq=2 ttl=63 time=1.260 ms
64 bytes from 10.116.197.60: icmp_seq=3 ttl=63 time=1.307 ms
64 bytes from 10.116.197.60: icmp_seq=4 ttl=63 time=1.118 ms
64 bytes from 10.116.197.60: icmp_seq=5 ttl=63 time=1.023 ms
...
在吊舱中使用外部跟踪器
/ # traceroute -n -m 5 -q 4 -w 3 10.116.197.60
traceroute to 10.116.197.60 (10.116.197.60), 5 hops max, 46 byte packets
1 10.233.0.1 0.008 ms 0.005 ms 0.004 ms 0.004 ms
2 * * * *
3 * * * *
4 * * * *
5 * * * *
/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: eth0@if64: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue state UP
link/ether 82:71:94:c7:fe:90 brd ff:ff:ff:ff:ff:ff
inet 10.233.0.139/24 brd 10.233.0.255 scope global eth0
valid_lft forever preferred_lft forever
ip
10.233.0.156
是pod的ip,机器无法回复添加iptables规则以捕获pod ip
iptables -t nat -A POSTROUTING -s 10.233.0.0/24 -j MASQUERADE
10.233.0.0/24
是--pod网络cidr
yum install iptables-services -y
iptables -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -s 10.233.0.0/24 -j MASQUERADE
service iptables save
systemctl enable iptables.service
yum install iptables-services -y
iptables -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -s 10.233.0.0/24 -j MASQUERADE
service iptables save
systemctl enable iptables.service