kubernetes Pod無法訪問外網 flannel
阿新 • • 發佈:2021-06-16
k8s version: 1.18.3
flannel
cni網路外掛
在kubernetes中部署jenkins的時候發現jenkins的Pod無法解析域名,使用kubectl exec進入Pod檢查發現在Pod內部沒法訪問公網。
Pod日誌:
2020-09-17 07:19:11.435+0000 [id=77] INFO hudson.util.Retrier#start: Calling the listener of the allowed exception 'mirrors.tuna.tsinghua.edu.cn' at the attempt #1 to do the action check updates server 2020-09-17 07:19:11.435+0000 [id=77] INFO hudson.util.Retrier#start: Attempted the action check updates server for 1 time(s) with no success 2020-09-17 07:19:11.436+0000 [id=77] SEVERE hudson.PluginManager#doCheckUpdatesServer: Error checking update sites for 1 attempt(s). Last exception was: UnknownHostException: mirrors.tuna.tsinghua.edu.cn 2020-09-17 07:19:11.427+0000 [id=79] INFO hudson.util.Retrier#start: Calling the listener of the allowed exception 'mirrors.tuna.tsinghua.edu.cn' at the attempt #1 to do the action check updates server 2020-09-17 07:19:11.436+0000 [id=79] INFO hudson.util.Retrier#start: Attempted the action check updates server for 1 time(s) with no success 2020-09-17 07:19:11.436+0000 [id=79] SEVERE hudson.PluginManager#doCheckUpdatesServer: Error checking update sites for 1 attempt(s). Last exception was: UnknownHostException: mirrors.tuna.tsinghua.edu.cn 2020-09-17 07:19:25.188+0000 [id=77] INFO hudson.util.Retrier#start: Attempt #1 to do the action check updates server 2020-09-17 07:19:45.204+0000 [id=77] INFO hudson.util.Retrier#start: The attempt #1 to do the action check updates server failed with an allowed exception: java.net.UnknownHostException: mirrors.tuna.tsinghua.edu.cn at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:607) at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:666) at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
解決:
在node節點執行
cat /var/run/flannel/subnet.env
FLANNEL_NETWORK=10.244.0.0/16
FLANNEL_SUBNET=10.244.3.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true
執行
iptables -t nat -I POSTROUTING -s 10.244.0.0/16 -j MASQUERADE
完成後測試正常。特此記錄,以備後用。