我已经在我的家庭实验室中的Ubuntu 16.04上使用kubeadm构建了一个Kubernetes集群,该集群中有1个主节点和2个节点,其中Calico作为CNI。所有节点都可以在其控制台上解析Internet地址,但是我注意到我部署的Pod无法访问Internet的问题。 CoreDNS似乎工作正常。话虽这么说,我在Kubernetes集群上需要做些什么或进行配置,以便默认情况下部署的Pod可以访问Internet?
cloudadmin@vra-vmwlab-cloud-vm-318:~$ kubectl exec -ti busybox -- nslookup kubernetes.default
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name: kubernetes.default
Address 1: 10.96.0.1 kubernetes.default.svc.cluster.local
cloudadmin@vra-vmwlab-cloud-vm-318:~$ kubectl exec -ti busybox -- ping google.com
ping: bad address 'google.com'
from the busybox Pod i can see its pointing to the right dns ip but still it cant reach google.com as you see above
cloudadmin@vra-vmwlab-cloud-vm-318:~$ kubectl exec -ti busybox -- sh
/ # cat /etc/resolv.conf
nameserver 10.96.0.10
search default.svc.cluster.local svc.cluster.local cluster.local vmwlab.local
options ndots:5
对此有任何帮助,我们深表感谢。谢谢
答案 0 :(得分:1)
问题已解决..
在文档https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/中,它提到了以下内容:
Letting iptables see bridged traffic
Make sure that the br_netfilter module is loaded. This can be done by running lsmod | grep br_netfilter. To load it explicitly call sudo modprobe br_netfilter.
As a requirement for your Linux Node's iptables to correctly see bridged traffic, you should ensure net.bridge.bridge-nf-call-iptables is set to 1 in your sysctl config, e.g.
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
我还选择使用Weave Net代替calico作为CNI