首页
首页
文章目录
  1. 解决方法:
  2. 原因:

flannel网关可以ping通,但是无法ping通容器内ip解决方法

这几天新部署一套k8s集群。

用的是二进制部署方法,网络采用flannel,在一切都部署好之后,发现主机之间可以ping通flannel网管,但是无法ping通启动的pod中容器ip。

之前一直用docker,这次部署采用的是docker-ce,所以第一想法是不是docker版本太新的问题导致的呢?

解决方法:

google后,在github的一篇帖子中发现,解决方法:

1
iptables -P FORWARD ACCEPT

原因:

With this change if ip_forward is enabled by docker daemon then the iptables FORWARD policy will be set to DROP. On a docker upgrade if ip_forward is already enabled this change will not take effect, because in that case the user might have intended to have the default policy ACCEPT. Changing it to DROP will break such setups. Current users of docker can avoid this issue by either

1、setting the FORWARD policy to DROP manually
2、reload the host before upgrading to 1.13. If docker daemon enabled ip_forward its not persistent. So after a reload the fix will take effect and the policy will be set to DROP.

github来源地址

支持一下
扫一扫,我会更有动力更新
  • 微信扫一扫
  • 支付宝扫一扫