我正在设置一个k8s测试集群环境。但是k8s部署的Pod无法访问外部IP地址。
pod ip地址为173.16.2.5/24 该节点在接口eth0上具有ip 10.168.99.198/24,在cni网络上具有173.16.2.1/24。
#ping 10.168.99.197
PING 10.168.99.197 (10.168.99.197) 56(84) bytes of data.
64 bytes from 10.168.99.197: icmp_seq=1 ttl=64 time=0.120 ms
#ping 10.168.99.197
PING 10.168.99.197 (10.168.99.197): 56 data bytes
<-- no response
在由k8s创建的busybox容器上路由:
# ip route
default via 173.16.2.1 dev eth0
10.244.0.0/16 via 173.16.2.1 dev eth0
173.16.2.0/24 dev eth0 scope link src 173.16.2.5
如果我启动不是由k8s创建的busybox容器,则网络正常: 在由docker创建的busybox容器上路由:
# ip route
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 scope link src 172.17.0.2
# ping 10.168.99.197
PING 10.168.99.197 (10.168.99.197): 56 data bytes
64 bytes from 10.168.99.197: seq=0 ttl=63 time=0.554 ms
节点上的路由表:
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default localhost 0.0.0.0 UG 0 0 0 eth0
10.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
link-local 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
173.16.0.0 173-16-0-0.clie 255.255.255.0 UG 0 0 0 flannel.1
173.16.1.0 173-16-1-0.clie 255.255.255.0 UG 0 0 0 flannel.1
173.16.2.0 0.0.0.0 255.255.255.0 U 0 0 0 cni0
如何解决此问题以使由k8s创建的Pod到达外部ip?
答案 0 :(得分:0)
pod无法访问外部ip的原因是绒布网络配置与cni网络不匹配,更改绒布设置解决了此问题:
# kubectl get configmap -n kube-system -o yaml kube-flannel-cfg
...
net-conf.json: |
{
"Network": "172.30.0.0/16",
"Backend": {
"Type": "vxlan"
}
}
...