Ping Pod不通问题定位及Ingress验证

  Ping Pod网络问题不通定位记录

1.验证墙是否通

 flannel默认使用8285端口作为UDP封装报文的端口，VxLan使用8472端口，下面命令验证一下确定其在8472端口

ip -d link show flannel.1
flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT
    link/ether aa:a1:54:36:e0:a9 brd ff:ff:ff:ff:ff:ff promiscuity 0
    vxlan id 1 local 192.168.16.139 dev ens3 srcport 0 0 dstport 8472 nolearning ageing 300 addrgenmode none

在源端发起

nc -u 10.93.0.131 (host B) 8472

输入字符

再host B上，运行

tcpdump -i eth0 -nn host hostA

验证是否能收到报文

2.验证访问源端和目标端的ipforward参数

iptables -nvL

iptables -P FORWARD ACCEPT

sysctl -a | grep ip_forward

echo 1 > /proc/sys/net/ipv4/ip_forward

 /etc/sysctl.conf 

net.ipv4.ip_forward = 1

3.源端ping包，查看链路

源端

ping hostb-pod-ip

===================

tcpdump -i flannel.1 -nn host hosta-flannel-ip

tcpdump -i eth0 -nn host hosta-eth0-ip

目标端

tcpdump -i eth0 -nn host hostb-eth0-ip

tcpdump -i flannel.1 -nn host hostb-flannel-ip

tcpdump -i docker0 -nn host hostb-pod-ip

4.检查etcd内的记录

etcdctl --endpoints=https://A:2379,https://B:2379,https://C:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd.pem --key-file=/etc/etcd/ssl/etcd-key.pem ls /

etcdctl --endpoints=https://A:2379,https://B:2379,https://C:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd.pem --key-file=/etc/etcd/ssl/etcd-key.pem ls /kubernetes/network/subnets

etcdctl --endpoints=https://A:2379,https://B:2379,https://C:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd.pem --key-file=/etc/etcd/ssl/etcd-key.pem get /kubernetes/network/subnets/.....

 5.源端查看是否发到目标端正确的地址

bridge fdb show | grep flannel.1

 发现问题重启flannel,docker以及Kubelet

6.Ingress 终端模式验证是否通

curl -v http://nodeip:80/foo -H 'host: foo.bar.com'

给node打标签

kubectl label nodes kube-node-name(ip) labelkey=labelvalue --overwrite