Asking for help? Comment out what you need so we can get more information to help you!
Cluster information:
Kubernetes version: 1.16
Cloud being used: bar-metal
Installation method: rke
Host OS: CentOS 8
CNI and version:
CRI and version:
I’ve successfully installed kubernetes 1.16 with rke 0.3.2
however, there is no connection from the pods outside.
connection from pod
bash-5.0# traceroute 172.217.168.14
traceroute to 172.217.168.14 (172.217.168.14), 30 hops max, 46 byte packets
1 x.x.x.x (x.x.x.x) 0.012 ms 0.098 ms 0.004 ms
2 * * *
3 * * *
4 * * *
5 *c^C
bash-5.0# curl 172.217.168.14
curl: (7) Failed to connect to 172.217.168.14 port 80: Operation timed out
connection from node
The connection on the hosts seems fine
[user@node001 ~]$ ping google.com
PING google.com(fra16s25-in-x0e.1e100.net (2a00:1450:4001:825::200e)) 56 data bytes
64 bytes from fra16s25-in-x0e.1e100.net (2a00:1450:4001:825::200e): icmp_seq=1 ttl=57 time=4.84 ms
64 bytes from fra16s25-in-x0e.1e100.net (2a00:1450:4001:825::200e): icmp_seq=2 ttl=57 time=4.86 ms
^C
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 4.836/4.850/4.864/0.014 ms
[user@node001 ~]$ curl 172.217.168.14
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
The k8s nodes themselves to not run firewalld
and I checked several things which seem fine
selinux disabled
[user@node001 ~]$ cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
# SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
sysctl
[user@node001 ~]$ sysctl net.bridge
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
....
[user@node001 ~]$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
[user@node001 ~]$ sysctl net.ipv6.ip_forward
net.ipv6.conf.all.forwarding = 1
iptables
sudo iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
145K 6575K DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
145K 6575K DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
190 18756 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
63 3780 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
296 15245 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
296 15245 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
145K 6575K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0
296 15245 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
145K 6575K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Not sure what else to check. Any hints