Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

What should I do if pod ip is unable to access due to firewall problems in Kubernetes node?

2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

Kubernetes node firewall problems lead to pod ip can not access what to do, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

Environment:

1. On the hadoop36 machine, the pod ip of the ping hadoop38 machine is 172.30.1.4

two。 The ip of the external-ip of the service of the pod is the ip of the hadoop36

3. The ip of the following machine has already used xx.xx.xx. To replace and add layers to overwrite

Problem: you cannot access the corresponding pod service through the service EXTERNAL-IP+port. To put it bluntly, you cannot access pod ip+port or ping 172.30.1.4.

Steps:

1. Stop the service first.

[root@hadoop38 ~] # systemctl stop etcd flanneld docker kubelet kube-proxy

two。 View the current rule and clear it

[root@hadoop38] # iptables-L-n

[root@hadoop38] # iptables-F & & iptables-X & & iptables-F-t nat & & iptables-X-t nat

[root@hadoop38] # iptables-L-n

Chain INPUT (policy ACCEPT)

Target prot opt source destination

Chain FORWARD (policy ACCEPT)

Target prot opt source destination

Chain OUTPUT (policy ACCEPT)

Target prot opt source destination

[root@hadoop38 ~] #

3. Restart iptables and start the service

[root@hadoop38 ~] # systemctl restart iptables

[root@hadoop38 ~] # systemctl start etcd flanneld docker kubelet kube-proxy

4. Check the firewall policy again and clear it out

[root@hadoop38] # iptables-L-n

[root@hadoop38] # iptables-F & & iptables-X & & iptables-F-t nat & & iptables-X-t nat

5. Wait a while and finally check the firewall policy.

[root@hadoop38] # iptables-L-n

Chain INPUT (policy ACCEPT)

Target prot opt source destination

KUBE-FIREWALL all-- 0.0.0.0Universe 0 0.0.0.0Universe 0

Chain FORWARD (policy ACCEPT)

Target prot opt source destination

Chain OUTPUT (policy ACCEPT)

Target prot opt source destination

KUBE-FIREWALL all-- 0.0.0.0Universe 0 0.0.0.0Universe 0

KUBE-SERVICES all-0.0.0.0amp 0 0.0.0.0Comp0 / * kubernetes service portals *

Chain KUBE-FIREWALL (2 references)

Target prot opt source destination

DROP all-0.0.0.0amp 0 0.0.0.0Comp0 / * kubernetes firewall for dropping marked packets * / mark match 0x8000/0x8000

Chain KUBE-SERVICES (1 references)

Target prot opt source destination

[root@hadoop38 ~] # destination

6. Machine verification ping and telnet inspection in 36

[root@hadoop36 dns] # kubectl get all-n cdh-o wide

NAME READY STATUS RESTARTS AGE IP NODE

Po/mysql-master-64k8r 1/1 Running 5 1h 172.30.1.4 xx.xx.xx.38

NAME DESIRED CURRENT READY AGE CONTAINER (S) IMAGE (S) SELECTOR

Rc/mysql-master 1 1 1 1h master hadoop35.jiuye/k8sregister/jiuye/mysql5.6-master:v1.6 name=mysql-master

NAME CLUSTER-IP EXTERNAL-IP PORT (S) AGE SELECTOR

Svc/mysql-master 10.254.56.245 xx.xx.xx.36 13307/TCP 1h name=mysql-master

[root@hadoop36 dns] #

[root@hadoop36 dns] # ping 172.30.1.4

PING 172.30.1.4 (172.30.1.4) 56 (84) bytes of data.

64 bytes from 172.30.1.4: icmp_seq=1 ttl=63 time=0.388 ms

^ Z

[31] + Stopped ping 172.30.1.4

[root@hadoop36 dns] # telnet xx.xx.xx.36 13307

Trying xx.xx.xx..36...

Connected to xx.xx.xx..36.

Escape character is'^]'

Remarks:

1. This has happened twice (both because the vm machine is rebooted), so record the steps for reference.

After reading the above, do you know what to do when Kubernetes node's firewall problems make pod ip unable to access it? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report