Ping Pod网络问题不通定位记录
1.验证墙是否通
flannel默认使用8285端口作为UDP封装报文的端口,VxLan使用8472端口,下面命令验证一下确定其在8472端口
ip -d link show flannel.1 flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT link/ether aa:a1:54:36:e0:a9 brd ff:ff:ff:ff:ff:ff promiscuity 0 vxlan id 1 local 192.168.16.139 dev ens3 srcport 0 0 dstport 8472 nolearning ageing 300 addrgenmode none
在源端发起
nc -u 10.93.0.131 (host B) 8472
输入字符
再host B上,运行
tcpdump -i eth0 -nn host hostA
验证是否能收到报文
2.验证访问源端和目标端的ipforward参数
iptables -nvL iptables -P FORWARD ACCEPT sysctl -a | grep ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/sysctl.conf
net.ipv4.ip_forward = 1
3.源端ping包,查看链路
源端
ping hostb-pod-ip =================== tcpdump -i flannel.1 -nn host hosta-flannel-ip tcpdump -i eth0 -nn host hosta-eth0-ip
目标端
tcpdump -i eth0 -nn host hostb-eth0-ip tcpdump -i flannel.1 -nn host hostb-flannel-ip tcpdump -i docker0 -nn host hostb-pod-ip
4.检查etcd内的记录
etcdctl --endpoints=https://A:2379,https://B:2379,https://C:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd.pem --key-file=/etc/etcd/ssl/etcd-key.pem ls / etcdctl --endpoints=https://A:2379,https://B:2379,https://C:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd.pem --key-file=/etc/etcd/ssl/etcd-key.pem ls /kubernetes/network/subnets etcdctl --endpoints=https://A:2379,https://B:2379,https://C:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd.pem --key-file=/etc/etcd/ssl/etcd-key.pem get /kubernetes/network/subnets/.....
5.源端查看是否发到目标端正确的地址
bridge fdb show | grep flannel.1
发现问题重启flannel,docker以及Kubelet
6.Ingress 终端模式验证是否通
curl -v http://nodeip:80/foo -H 'host: foo.bar.com'
给node打标签
kubectl label nodes kube-node-name(ip) labelkey=labelvalue --overwrite