kubernetes Pod无法访问外网 flannel

k8s version: 1.18.3
flannel
cni网络插件

在kubernetes中部署jenkins的时候发现jenkins的Pod无法解析域名,使用kubectl exec进入Pod检查发现在Pod内部没法访问公网。
Pod日志:

2020-09-17 07:19:11.435+0000 [id=77]	INFO	hudson.util.Retrier#start: Calling the listener of the allowed exception 'mirrors.tuna.tsinghua.edu.cn' at the attempt #1 to do the action check updates server
2020-09-17 07:19:11.435+0000 [id=77]	INFO	hudson.util.Retrier#start: Attempted the action check updates server for 1 time(s) with no success
2020-09-17 07:19:11.436+0000 [id=77]	SEVERE	hudson.PluginManager#doCheckUpdatesServer: Error checking update sites for 1 attempt(s). Last exception was: UnknownHostException: mirrors.tuna.tsinghua.edu.cn
2020-09-17 07:19:11.427+0000 [id=79]	INFO	hudson.util.Retrier#start: Calling the listener of the allowed exception 'mirrors.tuna.tsinghua.edu.cn' at the attempt #1 to do the action check updates server
2020-09-17 07:19:11.436+0000 [id=79]	INFO	hudson.util.Retrier#start: Attempted the action check updates server for 1 time(s) with no success
2020-09-17 07:19:11.436+0000 [id=79]	SEVERE	hudson.PluginManager#doCheckUpdatesServer: Error checking update sites for 1 attempt(s). Last exception was: UnknownHostException: mirrors.tuna.tsinghua.edu.cn
2020-09-17 07:19:25.188+0000 [id=77]	INFO	hudson.util.Retrier#start: Attempt #1 to do the action check updates server
2020-09-17 07:19:45.204+0000 [id=77]	INFO	hudson.util.Retrier#start: The attempt #1 to do the action check updates server failed with an allowed exception:
java.net.UnknownHostException: mirrors.tuna.tsinghua.edu.cn
	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
	at java.net.Socket.connect(Socket.java:607)
	at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:666)
	at sun.net.NetworkClient.doConnect(NetworkClient.java:175)

解决:
在node节点执行
cat /var/run/flannel/subnet.env
FLANNEL_NETWORK=10.244.0.0/16
FLANNEL_SUBNET=10.244.3.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true

执行
iptables -t nat -I POSTROUTING -s 10.244.0.0/16 -j MASQUERADE

完成后测试正常。特此记录,以备后用。

posted @ 2021-06-16 17:56  30岁再次出发  阅读(1238)  评论(0编辑  收藏  举报