发现不同节点的pod 不能访问

RKE2 版本: v1.28.10+rke2r1

rke2 version v1.28.10+rke2r1 (b0d0d687d98f4fa015e7b30aaf2807b50edcc5d7)
go version go1.21.9 X:boringcrypto

节点 CPU 架构,操作系统和版本:

Linux test1 5.15.0-125-generic #135-Ubuntu SMP Fri Sep 27 13:53:58 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux


1、安装完成之后,发现不同节点的pod 不能访问。以访问ingress为例子

可以ping 通,就是访问不了。同样的安装方式,我在centos 可以正常


INSTALL_RKE2_TYPE=“server” INSTALL_RKE2_MIRROR=cn INSTALL_RKE2_ARTIFACT_PATH=/var/lib/rancher/rke2/agent/images/ sh install.sh
systemctl start rke2-server





ingress 的2个pod 都要可以访问才对。curl 这个也要可以访问。

我之前用centos 7.9 安装的rke2。 都是可以访问

我理解,你的 ingress 没有配置任何的记录,直接访问 ingress 返回 404 是正常啊

而且,你也能 ping 通

上面的截图是ingress 2个pod ,1个是10.42.1.2 另外1个是10.42.0.13
在test1 这台服务器上。只能访问运行在test1的这个pod。 运行在test2的这个pod,访问不到,但是可以ping 通

盲猜是网络问题,检查下 ubuntu 的 ufw ,看看是否已经禁用

还有你的 ubuntu 是什么版本的?

ufw 没有装、ubuntu 22.04

应该就是网络的问题导致跨节点 pod 不通,和 rke2 本身没啥关系,你可以检查下 ip_forward 是否开启

root@test1:~# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
这个是开启的。是可以ping通。我是一直怀疑是防火墙的问题。但是iptables 我清空了。里面的规则rke2会自动加上去

test1 防火墙规则:
root@test1:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
cali-INPUT all – anywhere anywhere /* cali:Cz_u1IQiXIMmKD4c /
KUBE-PROXY-FIREWALL all – anywhere anywhere ctstate NEW /
kubernetes load balancer firewall /
KUBE-NODEPORTS all – anywhere anywhere /
kubernetes health check service ports /
KUBE-EXTERNAL-SERVICES all – anywhere anywhere ctstate NEW /
kubernetes externally-visible service portals */
KUBE-FIREWALL all – anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
cali-FORWARD all – anywhere anywhere /* cali:wUHhoiAYhphO9Mso /
KUBE-PROXY-FIREWALL all – anywhere anywhere ctstate NEW /
kubernetes load balancer firewall /
KUBE-FORWARD all – anywhere anywhere /
kubernetes forwarding rules /
KUBE-SERVICES all – anywhere anywhere ctstate NEW /
kubernetes service portals /
KUBE-EXTERNAL-SERVICES all – anywhere anywhere ctstate NEW /
kubernetes externally-visible service portals /
FLANNEL-FWD all – anywhere anywhere /
flanneld forward /
ACCEPT all – anywhere anywhere /
cali:S93hcgKJrXEqnTfs / / Policy explicitly accepted packet. /
MARK all – anywhere anywhere /
cali:mp77cMpurHhyjLrM */ MARK or 0x10000

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
cali-OUTPUT all – anywhere anywhere /* cali:tVnHkvAo15HuiPy0 /
KUBE-PROXY-FIREWALL all – anywhere anywhere ctstate NEW /
kubernetes load balancer firewall /
KUBE-SERVICES all – anywhere anywhere ctstate NEW /
kubernetes service portals */
KUBE-FIREWALL all – anywhere anywhere

Chain FLANNEL-FWD (1 references)
target prot opt source destination
ACCEPT all – test1/16 anywhere /* flanneld forward /
ACCEPT all – anywhere test1/16 /
flanneld forward */

Chain KUBE-EXTERNAL-SERVICES (2 references)
target prot opt source destination

Chain KUBE-FIREWALL (2 references)
target prot opt source destination
DROP all – !localhost/8 localhost/8 /* block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT

Chain KUBE-FORWARD (1 references)
target prot opt source destination
DROP all – anywhere anywhere ctstate INVALID
ACCEPT all – anywhere anywhere /* kubernetes forwarding rules /
ACCEPT all – anywhere anywhere /
kubernetes forwarding conntrack rule */ ctstate RELATED,ESTABLISHED

Chain KUBE-KUBELET-CANARY (0 references)
target prot opt source destination

Chain KUBE-NODEPORTS (1 references)
target prot opt source destination

Chain KUBE-PROXY-CANARY (0 references)
target prot opt source destination

Chain KUBE-PROXY-FIREWALL (3 references)
target prot opt source destination

Chain KUBE-SERVICES (2 references)
target prot opt source destination

Chain cali-FORWARD (1 references)
target prot opt source destination
MARK all – anywhere anywhere /* cali:vjrMJCRpqwy5oRoX / MARK and 0xfff1ffff
cali-from-hep-forward all – anywhere anywhere /
cali:A_sPAO0mcxbT9mOV /
cali-from-wl-dispatch all – anywhere anywhere /
cali:8ZoYfO5HKXWbB3pk /
cali-to-wl-dispatch all – anywhere anywhere /
cali:jdEuaPBe14V2hutn /
cali-to-hep-forward all – anywhere anywhere /
cali:12bc6HljsMKsmfr- /
cali-cidr-block all – anywhere anywhere /
cali:NOSxoaGx8OIstr1z */

Chain cali-INPUT (1 references)
target prot opt source destination
cali-wl-to-host all – anywhere anywhere [goto] /* cali:FewJpBykm9iJ-YNH /
ACCEPT all – anywhere anywhere /
cali:hder3ARWznqqv8Va /
MARK all – anywhere anywhere /
cali:xgOu2uJft6H9oDGF / MARK and 0xfff0ffff
cali-from-host-endpoint all – anywhere anywhere /
cali:_-d-qojMfHM6NwBo /
ACCEPT all – anywhere anywhere /
cali:LqmE76MP94lZTGhA / / Host endpoint policy accepted packet. */

Chain cali-OUTPUT (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:Mq1_rAdXXH3YkrzW /
RETURN all – anywhere anywhere /
cali:69FkRTJDvD5Vu6Vl /
MARK all – anywhere anywhere /
cali:Fskumj4SGQtDV6GC / MARK and 0xfff0ffff
cali-to-host-endpoint all – anywhere anywhere /
cali:1F4VWEsQu0QbRwKf / ! ctstate DNAT
ACCEPT all – anywhere anywhere /
cali:m8Eqm15x1MjD24LD / / Host endpoint policy accepted packet. */

Chain cali-cidr-block (1 references)
target prot opt source destination

Chain cali-from-hep-forward (1 references)
target prot opt source destination

Chain cali-from-host-endpoint (1 references)
target prot opt source destination

Chain cali-from-wl-dispatch (2 references)
target prot opt source destination
cali-from-wl-dispatch-0 all – anywhere anywhere [goto] /* cali:eBnVcASLTvMFg9XV /
cali-fw-cali246872eb4af all – anywhere anywhere [goto] /
cali:cRSX_Mb1rZRl4W5L /
cali-fw-cali373ca29ad31 all – anywhere anywhere [goto] /
cali:mReRl8kLivug44AS /
cali-from-wl-dispatch-7 all – anywhere anywhere [goto] /
cali:NQUzHIb8b2GXOX5g /
cali-fw-calic8676e725b9 all – anywhere anywhere [goto] /
cali:sbEeCf3MMuv4Gxpp /
DROP all – anywhere anywhere /
cali:jLquYv7DJiH_jlvb / / Unknown interface */

Chain cali-from-wl-dispatch-0 (1 references)
target prot opt source destination
cali-fw-cali064f4851075 all – anywhere anywhere [goto] /* cali:3r6-acGSvWRs6WyU /
cali-fw-cali0a518845bb8 all – anywhere anywhere [goto] /
cali:gK9j0iqP28QPJtMd /
DROP all – anywhere anywhere /
cali:MT0GVycdauMfaryy / / Unknown interface */

Chain cali-from-wl-dispatch-7 (1 references)
target prot opt source destination
cali-fw-cali750b6fce077 all – anywhere anywhere [goto] /* cali:7ZCplb3GqgEXWuBS /
cali-fw-cali78235d27e3b all – anywhere anywhere [goto] /
cali:6U5KAXTaH7Rl0u6L /
DROP all – anywhere anywhere /
cali:zZpCz9oxsnCztppN / / Unknown interface */

Chain cali-fw-cali064f4851075 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:HcFLQLDFDq3Zs7Y4 / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere /
cali:NUxXiyqSpvevvOzh / ctstate INVALID
MARK all – anywhere anywhere /
cali:yJWIGpydzAcioi86 / MARK and 0xfffeffff
DROP udp – anywhere anywhere /
cali:pk38cKEiwaZqaUhT / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP ipencap-- anywhere anywhere /
cali:9SYhiZpsDD_FVEoI / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.kube-system all – anywhere anywhere /
cali:V1GQ0mqbqKFK3uPX /
RETURN all – anywhere anywhere /
cali:AEDqJKNvy9eEfgO2 / / Return if profile accepted /
cali-pro-_8SDYViIwwzQDgRml2t all – anywhere anywhere /
cali:SOMjNze5Va9a9zXw /
RETURN all – anywhere anywhere /
cali:RaDInGnqdrbhWOQX / / Return if profile accepted /
DROP all – anywhere anywhere /
cali:ZmdIk2skmGjmkekf / / Drop if no profiles matched */

Chain cali-fw-cali0a518845bb8 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:e2idjiORwR9ARsvY / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere /
cali:GWDQfezmnSoAEYLd / ctstate INVALID
MARK all – anywhere anywhere /
cali:g4JwM4IeBnfPl-AT / MARK and 0xfffeffff
DROP udp – anywhere anywhere /
cali:a6XZaAkxfZZJF-Bc / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP ipencap-- anywhere anywhere /
cali:NBwWx3QDCBQqxDP8 / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.kube-system all – anywhere anywhere /
cali:scd4KBPjJkrRWh8T /
RETURN all – anywhere anywhere /
cali:OA3VjO7dnJOSR_Od / / Return if profile accepted /
cali-pro-_u2Tn2rSoAPffvE7JO6 all – anywhere anywhere /
cali:_3XcHcBbp0QPYG_B /
RETURN all – anywhere anywhere /
cali:vhF8ksc0LKqBlNiU / / Return if profile accepted /
DROP all – anywhere anywhere /
cali:nWM0Zhv8Xswc59GE / / Drop if no profiles matched */

Chain cali-fw-cali246872eb4af (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:N6guZwE0aruJ5xaD / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere /
cali:E7RXiMvBSHmJNjXu / ctstate INVALID
MARK all – anywhere anywhere /
cali:KN-DHoOqdi_g_tdv / MARK and 0xfffeffff
DROP udp – anywhere anywhere /
cali:fpIHipyyIqzCCz8Z / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP ipencap-- anywhere anywhere /
cali:hF8j7iCqB1P9qkAj / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.kube-system all – anywhere anywhere /
cali:hnohJ9-G1ygIxZQk /
RETURN all – anywhere anywhere /
cali:YOTagqSmm0jKOUGa / / Return if profile accepted /
cali-pro-_GyLFhtf5u9n-v9Ckd7 all – anywhere anywhere /
cali:vkk0Ipl8B-rsm5JD /
RETURN all – anywhere anywhere /
cali:KqiX0N0TY3nOZbBa / / Return if profile accepted /
DROP all – anywhere anywhere /
cali:EmyR_OvEtp5UQk6U / / Drop if no profiles matched */

Chain cali-fw-cali373ca29ad31 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:dNJMPi6IueZ3itMO / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere /
cali:662FxtIahSVcWP7K / ctstate INVALID
MARK all – anywhere anywhere /
cali:bRS0iWsHyUiCfIs0 / MARK and 0xfffeffff
DROP udp – anywhere anywhere /
cali:OsbXG1TzJ4UiA6jr / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP ipencap-- anywhere anywhere /
cali:GnoTv9wMZSJW8Mpn / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.kube-system all – anywhere anywhere /
cali:-YFeUoSo-0WgkV9w /
RETURN all – anywhere anywhere /
cali:hLAf6ZQgPvSu_Ou_ / / Return if profile accepted /
cali-pro-_vOEu3o_UBpjhIsR6zZ all – anywhere anywhere /
cali:rRmj4-2TOo9YT3k3 /
RETURN all – anywhere anywhere /
cali:93cWfLkQavGvpuXJ / / Return if profile accepted /
DROP all – anywhere anywhere /
cali:SLCnhdtEpI5ozPUt / / Drop if no profiles matched */

Chain cali-fw-cali750b6fce077 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:fl4hD-s3bqez0Nfa / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere /
cali:CkDnXJwTXVcTzz0k / ctstate INVALID
MARK all – anywhere anywhere /
cali:1qQZsfhUDTyxTuQz / MARK and 0xfffeffff
DROP udp – anywhere anywhere /
cali:JzD7gErv5ANrOf-i / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP ipencap-- anywhere anywhere /
cali:kwG7yfC5PEcfO6Dz / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.default all – anywhere anywhere /
cali:yMocnyQ3pB9E0BNp /
RETURN all – anywhere anywhere /
cali:8nGX4O_Y_0HXnt77 / / Return if profile accepted /
cali-pro-ksa.default.default all – anywhere anywhere /
cali:fTGLncC15p_QqhpT /
RETURN all – anywhere anywhere /
cali:1-7NoBnWAOmWTSYe / / Return if profile accepted /
DROP all – anywhere anywhere /
cali:_zcld5WDsDs5fH70 / / Drop if no profiles matched */

Chain cali-fw-cali78235d27e3b (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:-fSiIc-pP_ZVizuy / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere /
cali:9odQLOwb5p79wunV / ctstate INVALID
MARK all – anywhere anywhere /
cali:C8tr4zKBeOU8OE42 / MARK and 0xfffeffff
DROP udp – anywhere anywhere /
cali:PxD_RftcD–q4eZP / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP ipencap-- anywhere anywhere /
cali:Oxpdldg7ZQAKVZSl / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.kube-system all – anywhere anywhere /
cali:gUrZ8zgm6cnEDdzH /
RETURN all – anywhere anywhere /
cali:LxAKVkwis9tm8OAK / / Return if profile accepted /
cali-pro-_kvQu8xaXYEM2wqqPSH all – anywhere anywhere /
cali:wxD11Y-OeVZamw03 /
RETURN all – anywhere anywhere /
cali:sDwAUnAdGQfliXNn / / Return if profile accepted /
DROP all – anywhere anywhere /
cali:rZ8cFWELYvto8cWG / / Drop if no profiles matched */

Chain cali-fw-calic8676e725b9 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:T9ePpOFswHE9lO3Y / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere /
cali:nPV97S79UC1Xuv6l / ctstate INVALID
MARK all – anywhere anywhere /
cali:lVhfLE3oxqyFd-oq / MARK and 0xfffeffff
DROP udp – anywhere anywhere /
cali:bvmtKEj7RsGpFW4Y / / Drop VXLAN encapped packets originating in workloads / multiport dports 4789
DROP ipencap-- anywhere anywhere /
cali:_PtJdN1dJzhNG99p / / Drop IPinIP encapped packets originating in workloads /
cali-pro-kns.kube-system all – anywhere anywhere /
cali:O1Q547POM3P34ds2 /
RETURN all – anywhere anywhere /
cali:Zf0DcZ-i7U5ztusW / / Return if profile accepted /
cali-pro-_7bnNHSm00P51QAo5Qe all – anywhere anywhere /
cali:ZKn-YppmnBQP1Ma2 /
RETURN all – anywhere anywhere /
cali:tAGb85naXMk2Q0yA / / Return if profile accepted /
DROP all – anywhere anywhere /
cali:nhUSOzRwT-PsCIZ7 / / Drop if no profiles matched */

Chain cali-pri-_7bnNHSm00P51QAo5Qe (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:ksjFpC8Po46siiFK / / Profile ksa.kube-system.rke2-coredns-rke2-coredns-autoscaler ingress */

Chain cali-pri-_8SDYViIwwzQDgRml2t (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:QsucD7WP9lso1vFm / / Profile ksa.kube-system.rke2-snapshot-validation-webhook ingress */

Chain cali-pri-_GyLFhtf5u9n-v9Ckd7 (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:Z9reHIOsxthYGfQR / / Profile ksa.kube-system.rke2-ingress-nginx ingress */

Chain cali-pri-_kvQu8xaXYEM2wqqPSH (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:9nsQKKnHwK9qmSqF / / Profile ksa.kube-system.rke2-metrics-server ingress */

Chain cali-pri-_u2Tn2rSoAPffvE7JO6 (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:WqgznqAQ-uYV0oBx / / Profile ksa.kube-system.coredns ingress */

Chain cali-pri-_vOEu3o_UBpjhIsR6zZ (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:y1mg23JI0vvaftK3 / / Profile ksa.kube-system.rke2-snapshot-controller ingress */

Chain cali-pri-kns.default (1 references)
target prot opt source destination
MARK all – anywhere anywhere /* cali:WMSw8BmYOknRHfsz / / Profile kns.default ingress / MARK or 0x10000
RETURN all – anywhere anywhere /
cali:z015TBt2tO4F28NC */

Chain cali-pri-kns.kube-system (6 references)
target prot opt source destination
MARK all – anywhere anywhere /* cali:J1TyxtHWd0qaBGK- / / Profile kns.kube-system ingress / MARK or 0x10000
RETURN all – anywhere anywhere /
cali:QIB6k7eEKdIg73Jp */

Chain cali-pri-ksa.default.default (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:PrckJA84jX_kGp99 / / Profile ksa.default.default ingress */

Chain cali-pro-_7bnNHSm00P51QAo5Qe (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:Cn_XvK0BiITKuv_k / / Profile ksa.kube-system.rke2-coredns-rke2-coredns-autoscaler egress */

Chain cali-pro-_8SDYViIwwzQDgRml2t (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:tDXYmnqgw4o5XtKy / / Profile ksa.kube-system.rke2-snapshot-validation-webhook egress */

Chain cali-pro-_GyLFhtf5u9n-v9Ckd7 (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:H-PEsWIdyoAji9Ks / / Profile ksa.kube-system.rke2-ingress-nginx egress */

Chain cali-pro-_kvQu8xaXYEM2wqqPSH (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:LP1wkR0Ravtrgqj6 / / Profile ksa.kube-system.rke2-metrics-server egress */

Chain cali-pro-_u2Tn2rSoAPffvE7JO6 (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:0-_UPh39dt5XfhmJ / / Profile ksa.kube-system.coredns egress */

Chain cali-pro-_vOEu3o_UBpjhIsR6zZ (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:NHAM-yUwuplXkSFw / / Profile ksa.kube-system.rke2-snapshot-controller egress */

Chain cali-pro-kns.default (1 references)
target prot opt source destination
MARK all – anywhere anywhere /* cali:Vr81boRqq4V77Sg8 / / Profile kns.default egress / MARK or 0x10000
RETURN all – anywhere anywhere /
cali:2CkTlvGj1F9ZRYXl */

Chain cali-pro-kns.kube-system (6 references)
target prot opt source destination
MARK all – anywhere anywhere /* cali:tgOR2S8DVHZW3F1M / / Profile kns.kube-system egress / MARK or 0x10000
RETURN all – anywhere anywhere /
cali:HVEEtYPJsiGRXCIt */

Chain cali-pro-ksa.default.default (1 references)
target prot opt source destination
all – anywhere anywhere /* cali:bUZzZcietq9v5Ybq / / Profile ksa.default.default egress */

Chain cali-to-hep-forward (1 references)
target prot opt source destination

Chain cali-to-host-endpoint (1 references)
target prot opt source destination

Chain cali-to-wl-dispatch (1 references)
target prot opt source destination
cali-to-wl-dispatch-0 all – anywhere anywhere [goto] /* cali:dIkHjFD9PelLx7cm /
cali-tw-cali246872eb4af all – anywhere anywhere [goto] /
cali:8HrfjdvCZg6_Wytj /
cali-tw-cali373ca29ad31 all – anywhere anywhere [goto] /
cali:zU5ln3bNnB3eXxpe /
cali-to-wl-dispatch-7 all – anywhere anywhere [goto] /
cali:kgLc_M2mrdRF1_0G /
cali-tw-calic8676e725b9 all – anywhere anywhere [goto] /
cali:KJUoPNxBqfI0EOLf /
DROP all – anywhere anywhere /
cali:HvE30uKOSwXaRapd / / Unknown interface */

Chain cali-to-wl-dispatch-0 (1 references)
target prot opt source destination
cali-tw-cali064f4851075 all – anywhere anywhere [goto] /* cali:g3q93ihiuvKg6jAA /
cali-tw-cali0a518845bb8 all – anywhere anywhere [goto] /
cali:SsUjhGaPwwhFRKBV /
DROP all – anywhere anywhere /
cali:lqZbx5Pf1ldVEcvw / / Unknown interface */

Chain cali-to-wl-dispatch-7 (1 references)
target prot opt source destination
cali-tw-cali750b6fce077 all – anywhere anywhere [goto] /* cali:XeUFav9-ec86Ls7L /
cali-tw-cali78235d27e3b all – anywhere anywhere [goto] /
cali:CeE6CiDYj2omeslq /
DROP all – anywhere anywhere /
cali:oI7PCGyG6QDC6Rji / / Unknown interface */

Chain cali-tw-cali064f4851075 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:y_jkhi_Gn4NromW9 / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere /
cali:UlZ2t6HJJTMi2rKk / ctstate INVALID
MARK all – anywhere anywhere /
cali:3gpgoiqoBDasicsR / MARK and 0xfffeffff
cali-pri-kns.kube-system all – anywhere anywhere /
cali:A_R7ZhmaAUnjwdCL /
RETURN all – anywhere anywhere /
cali:E0u_CaYR8b42XKVM / / Return if profile accepted /
cali-pri-_8SDYViIwwzQDgRml2t all – anywhere anywhere /
cali:ochSZeMWoZSEa3ei /
RETURN all – anywhere anywhere /
cali:TNR0qCQgD9-Ktwge / / Return if profile accepted /
DROP all – anywhere anywhere /
cali:-hXsGfG1NjipOa6h / / Drop if no profiles matched */

Chain cali-tw-cali0a518845bb8 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:Igl30CFQNcO_xd1y / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere /
cali:twjLrITPvuKTNvsq / ctstate INVALID
MARK all – anywhere anywhere /
cali:P1VhTmYKIsBGZmun / MARK and 0xfffeffff
cali-pri-kns.kube-system all – anywhere anywhere /
cali:f7hdMTgckyaVxhZd /
RETURN all – anywhere anywhere /
cali:mknQw99ej7yXh-qT / / Return if profile accepted /
cali-pri-_u2Tn2rSoAPffvE7JO6 all – anywhere anywhere /
cali:sZlQPKtmEwDanNug /
RETURN all – anywhere anywhere /
cali:gzByK7Mkkofwwu59 / / Return if profile accepted /
DROP all – anywhere anywhere /
cali:LklKjBvDvAIlLoMf / / Drop if no profiles matched */

Chain cali-tw-cali246872eb4af (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:lpxsi8-R5xu2H82c / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere /
cali:7VpLbY9mbGTe5acw / ctstate INVALID
MARK all – anywhere anywhere /
cali:9rqCLJV6k8UIFBQm / MARK and 0xfffeffff
cali-pri-kns.kube-system all – anywhere anywhere /
cali:EV3uE0wtWQnyMdSI /
RETURN all – anywhere anywhere /
cali:74RoJvj1rDI-9lVY / / Return if profile accepted /
cali-pri-_GyLFhtf5u9n-v9Ckd7 all – anywhere anywhere /
cali:eEquF8VRpSyUJzC8 /
RETURN all – anywhere anywhere /
cali:fMYsQAXGn-eJtU67 / / Return if profile accepted /
DROP all – anywhere anywhere /
cali:l5IBnzd_uSPPMOaY / / Drop if no profiles matched */

Chain cali-tw-cali373ca29ad31 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:hKCQ3-o_EvDmA2e_ / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere /
cali:CmcmDNjxWfcC0GV8 / ctstate INVALID
MARK all – anywhere anywhere /
cali:0p05RGVH1vTMCu6H / MARK and 0xfffeffff
cali-pri-kns.kube-system all – anywhere anywhere /
cali:D4WLNL7uEHJx3Cwc /
RETURN all – anywhere anywhere /
cali:yBCQA79DlbAHKvlG / / Return if profile accepted /
cali-pri-_vOEu3o_UBpjhIsR6zZ all – anywhere anywhere /
cali:mFM7-aAJ5z90MaX_ /
RETURN all – anywhere anywhere /
cali:pmH3lKpszBMJvW-4 / / Return if profile accepted /
DROP all – anywhere anywhere /
cali:JkEYwHXjzM5D6Wdz / / Drop if no profiles matched */

Chain cali-tw-cali750b6fce077 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:ZM3aET5yBBjraK3q / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere /
cali:FA2aG3zFJ0aK65ya / ctstate INVALID
MARK all – anywhere anywhere /
cali:l1ms-1cKeEmd6RO2 / MARK and 0xfffeffff
cali-pri-kns.default all – anywhere anywhere /
cali:S0gs4jgBhH-O5NDb /
RETURN all – anywhere anywhere /
cali:s_bTgMGcwu3Nk-x6 / / Return if profile accepted /
cali-pri-ksa.default.default all – anywhere anywhere /
cali:vs6c5yUcRVMlbVqH /
RETURN all – anywhere anywhere /
cali:ozyrn3zO87ihLfKm / / Return if profile accepted /
DROP all – anywhere anywhere /
cali:jLIcGKO6F0cmTVXo / / Drop if no profiles matched */

Chain cali-tw-cali78235d27e3b (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:mQeuTsP6XPduHFR6 / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere /
cali:kdwuoeNfD2P281Vs / ctstate INVALID
MARK all – anywhere anywhere /
cali:ZeUF21r-sQu7RrYO / MARK and 0xfffeffff
cali-pri-kns.kube-system all – anywhere anywhere /
cali:otQ-yljamb3bbJCC /
RETURN all – anywhere anywhere /
cali:wbg4P3dzakTOiH6q / / Return if profile accepted /
cali-pri-_kvQu8xaXYEM2wqqPSH all – anywhere anywhere /
cali:I2FZ9fqQeF-XweWS /
RETURN all – anywhere anywhere /
cali:oW5zE7uT-LGIFN6_ / / Return if profile accepted /
DROP all – anywhere anywhere /
cali:oRO4umTg82288iao / / Drop if no profiles matched */

Chain cali-tw-calic8676e725b9 (1 references)
target prot opt source destination
ACCEPT all – anywhere anywhere /* cali:cISeRKT_LtEjwC3h / ctstate RELATED,ESTABLISHED
DROP all – anywhere anywhere /
cali:McnSWUc50I2GzitX / ctstate INVALID
MARK all – anywhere anywhere /
cali:-42WRF_cp9iUSzLd / MARK and 0xfffeffff
cali-pri-kns.kube-system all – anywhere anywhere /
cali:ja049sMf7vssGgCM /
RETURN all – anywhere anywhere /
cali:zMtgDheRPDXJiN_U / / Return if profile accepted /
cali-pri-_7bnNHSm00P51QAo5Qe all – anywhere anywhere /
cali:hTEiqbU_m4WdPQ8U /
RETURN all – anywhere anywhere /
cali:jZSj2RrT1Sm2rP62 / / Return if profile accepted /
DROP all – anywhere anywhere /
cali:Cq7sm6S-UOahH2VU / / Drop if no profiles matched */

Chain cali-wl-to-host (1 references)
target prot opt source destination
cali-from-wl-dispatch all – anywhere anywhere /* cali:Ee9Sbo10IpVujdIY /
ACCEPT all – anywhere anywhere /
cali:nSZbcOoG1xPONxb8 / / Configured DefaultEndpointToHostAction */

环境:ubuntu 22.04
