In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/01 Report--
Kubernetes node firewall problems lead to pod ip can not access what to do, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.
Environment:
1. On the hadoop36 machine, the pod ip of the ping hadoop38 machine is 172.30.1.4
two。 The ip of the external-ip of the service of the pod is the ip of the hadoop36
3. The ip of the following machine has already used xx.xx.xx. To replace and add layers to overwrite
Problem: you cannot access the corresponding pod service through the service EXTERNAL-IP+port. To put it bluntly, you cannot access pod ip+port or ping 172.30.1.4.
Steps:
1. Stop the service first.
[root@hadoop38 ~] # systemctl stop etcd flanneld docker kubelet kube-proxy
two。 View the current rule and clear it
[root@hadoop38] # iptables-L-n
[root@hadoop38] # iptables-F & & iptables-X & & iptables-F-t nat & & iptables-X-t nat
[root@hadoop38] # iptables-L-n
Chain INPUT (policy ACCEPT)
Target prot opt source destination
Chain FORWARD (policy ACCEPT)
Target prot opt source destination
Chain OUTPUT (policy ACCEPT)
Target prot opt source destination
[root@hadoop38 ~] #
3. Restart iptables and start the service
[root@hadoop38 ~] # systemctl restart iptables
[root@hadoop38 ~] # systemctl start etcd flanneld docker kubelet kube-proxy
4. Check the firewall policy again and clear it out
[root@hadoop38] # iptables-L-n
[root@hadoop38] # iptables-F & & iptables-X & & iptables-F-t nat & & iptables-X-t nat
5. Wait a while and finally check the firewall policy.
[root@hadoop38] # iptables-L-n
Chain INPUT (policy ACCEPT)
Target prot opt source destination
KUBE-FIREWALL all-- 0.0.0.0Universe 0 0.0.0.0Universe 0
Chain FORWARD (policy ACCEPT)
Target prot opt source destination
Chain OUTPUT (policy ACCEPT)
Target prot opt source destination
KUBE-FIREWALL all-- 0.0.0.0Universe 0 0.0.0.0Universe 0
KUBE-SERVICES all-0.0.0.0amp 0 0.0.0.0Comp0 / * kubernetes service portals *
Chain KUBE-FIREWALL (2 references)
Target prot opt source destination
DROP all-0.0.0.0amp 0 0.0.0.0Comp0 / * kubernetes firewall for dropping marked packets * / mark match 0x8000/0x8000
Chain KUBE-SERVICES (1 references)
Target prot opt source destination
[root@hadoop38 ~] # destination
6. Machine verification ping and telnet inspection in 36
[root@hadoop36 dns] # kubectl get all-n cdh-o wide
NAME READY STATUS RESTARTS AGE IP NODE
Po/mysql-master-64k8r 1/1 Running 5 1h 172.30.1.4 xx.xx.xx.38
NAME DESIRED CURRENT READY AGE CONTAINER (S) IMAGE (S) SELECTOR
Rc/mysql-master 1 1 1 1h master hadoop35.jiuye/k8sregister/jiuye/mysql5.6-master:v1.6 name=mysql-master
NAME CLUSTER-IP EXTERNAL-IP PORT (S) AGE SELECTOR
Svc/mysql-master 10.254.56.245 xx.xx.xx.36 13307/TCP 1h name=mysql-master
[root@hadoop36 dns] #
[root@hadoop36 dns] # ping 172.30.1.4
PING 172.30.1.4 (172.30.1.4) 56 (84) bytes of data.
64 bytes from 172.30.1.4: icmp_seq=1 ttl=63 time=0.388 ms
^ Z
[31] + Stopped ping 172.30.1.4
[root@hadoop36 dns] # telnet xx.xx.xx.36 13307
Trying xx.xx.xx..36...
Connected to xx.xx.xx..36.
Escape character is'^]'
Remarks:
1. This has happened twice (both because the vm machine is rebooted), so record the steps for reference.
After reading the above, do you know what to do when Kubernetes node's firewall problems make pod ip unable to access it? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.