0

我的 k8s 使用 Calico。在我的容器中,我只能 ping 节点和其他 pod。当我尝试访问我的 gitserver 时,它失败了。

    sh-4.1$ ping stash
PING hoffman.domain.local (192.168.33.106) 56(84) bytes of data.
<-- not return ,until ctrl+c

以下是一些信息: 在容器中

    sh-4.1$ ip route
default via 169.254.1.1 dev eth0 
169.254.1.1 dev eth0  scope link

在节点

[clara: ] > ip route
default via 192.168.33.1 dev enp0s31f6 onlink 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
192.168.33.0/24 dev enp0s31f6 proto kernel scope link src 192.168.33.224 
blackhole 192.168.100.192/26 proto bird 
192.168.100.212 dev calicc370d883ea scope link 
192.168.126.0/26 via 192.168.33.223 dev tunl0 proto bird onlink

    sudo kubectl exec -ti -n kube-system calicoctl -- /calicoctl get  ippool -o wide
NAME                  CIDR             NAT    IPIPMODE   VXLANMODE   DISABLED   SELECTOR   
default-ipv4-ippool   192.168.0.0/16   true   Always     Never       false      all()



 sudo kubectl exec -ti -n kube-system calicoctl -- /calicoctl get  ippool -o yaml
apiVersion: projectcalico.org/v3
items:
- apiVersion: projectcalico.org/v3
  kind: IPPool
  metadata:
    creationTimestamp: 2019-11-13T07:01:54Z
    name: default-ipv4-ippool
    resourceVersion: "2025"
    uid: ebbcd7b8-761a-49e9-a7c6-4e2a4d1ceeac
  spec:
    blockSize: 26
    cidr: 192.168.0.0/16
    ipipMode: Always
    natOutgoing: true
    nodeSelector: all()
    vxlanMode: Never
kind: IPPoolList
metadata:
  resourceVersion: "2484183"

参考https://docs.projectcalico.org/v3.10/networking/external-connectivity 我尝试执行

cat << EOF | calicoctl apply -f -
- apiVersion: projectcalico.org/v3
  kind: IPPool
  metadata:
    name: ippool-ext-1
  spec:
    cidr: 192.168.0.0/16
    natOutgoing: true
EOF

它返回

Partial success: applied the first 1 out of 1 'IPPool' resources:
Hit error: error with field IPPool.Spec.CIDR = '192.168.0.0/16' (IPPool(ippool-ext-1) CIDR overlaps with IPPool(default-ipv4-ippool) CIDR 192.168.0.0/16)
command terminated with exit code 1

根据calicoctl get ippool -o yaml的输出,接缝配置正确natOutgoing: true,不需要修改。k8s容器的ip ↓</p> 

sh-4.1$ ifconfig
eth0      Link encap:Ethernet  HWaddr 9E:AE:6D:96:A4:67  
          inet addr:192.168.100.212  Bcast:0.0.0.0  Mask:255.255.255.255

但是在 k8s pod 容器中,我无法 ping 我的 gitserver。我也只是在使用相同图像的节点上运行了一个 docker 容器,它工作正常,git clone 成功。

4

0 回答 0