Ping Pod網絡問題不通定位記錄
1.驗證牆是否通
flannel默認使用8285端口作為UDP封裝報文的端口,VxLan使用8472端口,下面命令驗證一下確定其在8472端口
ip -d link show flannel.1 flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT link/ether aa:a1:54:36:e0:a9 brd ff:ff:ff:ff:ff:ff promiscuity 0 vxlan id 1 local 192.168.16.139 dev ens3 srcport 0 0 dstport 8472 nolearning ageing 300 addrgenmode none
在源端發起
nc -u 10.93.0.131 (host B) 8472
輸入字符
再host B上,運行
tcpdump -i eth0 -nn host hostA
驗證是否能收到報文
2.驗證訪問源端和目標端的ipforward參數
iptables -nvL iptables -P FORWARD ACCEPT sysctl -a | grep ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/sysctl.conf
net.ipv4.ip_forward = 1
3.源端ping包,查看鏈路
源端
ping hostb-pod-ip =================== tcpdump -i flannel.1 -nn host hosta-flannel-ip tcpdump -i eth0 -nn host hosta-eth0-ip
目標端
tcpdump -i eth0 -nn host hostb-eth0-ip tcpdump -i flannel.1 -nn host hostb-flannel-ip tcpdump -i docker0 -nn host hostb-pod-ip
4.檢查etcd內的記錄
etcdctl --endpoints=https://A:2379,https://B:2379,https://C:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd.pem --key-file=/etc/etcd/ssl/etcd-key.pem ls / etcdctl --endpoints=https://A:2379,https://B:2379,https://C:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd.pem --key-file=/etc/etcd/ssl/etcd-key.pem ls /kubernetes/network/subnets etcdctl --endpoints=https://A:2379,https://B:2379,https://C:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/etcd/ssl/etcd.pem --key-file=/etc/etcd/ssl/etcd-key.pem get /kubernetes/network/subnets/.....
5.源端查看是否發到目標端正確的地址
bridge fdb show | grep flannel.1
發現問題重啟flannel,docker以及Kubelet
6.Ingress 終端模式驗證是否通
curl -v http://nodeip:80/foo -H 'host: foo.bar.com'
給node打標簽
kubectl label nodes kube-node-name(ip) labelkey=labelvalue --overwrite