运维开发网

解决kubernetes Pod无法访问外网

运维开发网 https://www.qedev.com 2020-09-19 12:09 出处:51CTO 作者:兰朝亚
Pod中无法访问外网

k8s version: 1.18.3

flannel

cni网络插件

在kubernetes中部署jenkins的时候发现jenkins的Pod无法解析域名,使用kubectl exec进入Pod检查发现在Pod内部没法访问公网。

Pod日志:

2020-09-17 07:19:11.435+0000 [id=77]    INFO    hudson.util.Retrier#start: Calling the listener of the allowed exception 'mirrors.tuna.tsinghua.edu.cn' at the attempt #1 to do the action check updates server
2020-09-17 07:19:11.435+0000 [id=77]    INFO    hudson.util.Retrier#start: Attempted the action check updates server for 1 time(s) with no success
2020-09-17 07:19:11.436+0000 [id=77]    SEVERE  hudson.PluginManager#doCheckUpdatesServer: Error checking update sites for 1 attempt(s). Last exception was: UnknownHostException: mirrors.tuna.tsinghua.edu.cn
2020-09-17 07:19:11.427+0000 [id=79]    INFO    hudson.util.Retrier#start: Calling the listener of the allowed exception 'mirrors.tuna.tsinghua.edu.cn' at the attempt #1 to do the action check updates server
2020-09-17 07:19:11.436+0000 [id=79]    INFO    hudson.util.Retrier#start: Attempted the action check updates server for 1 time(s) with no success
2020-09-17 07:19:11.436+0000 [id=79]    SEVERE  hudson.PluginManager#doCheckUpdatesServer: Error checking update sites for 1 attempt(s). Last exception was: UnknownHostException: mirrors.tuna.tsinghua.edu.cn
2020-09-17 07:19:25.188+0000 [id=77]    INFO    hudson.util.Retrier#start: Attempt #1 to do the action check updates server
2020-09-17 07:19:45.204+0000 [id=77]    INFO    hudson.util.Retrier#start: The attempt #1 to do the action check updates server failed with an allowed exception:
java.net.UnknownHostException: mirrors.tuna.tsinghua.edu.cn
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
    at java.net.Socket.connect(Socket.java:607)
    at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:666)
    at sun.net.NetworkClient.doConnect(NetworkClient.java:175)

解决:

在node节点执行

cat /var/run/flannel/subnet.env

FLANNEL_NETWORK=10.244.0.0/16

FLANNEL_SUBNET=10.244.3.1/24

FLANNEL_MTU=1450

FLANNEL_IPMASQ=true

执行

iptables -t nat -I POSTROUTING -s 10.244.0.0/16 -j MASQUERADE

完成后测试正常。特此记录,以备后用。

扫码领视频副本.gif

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号