环境信息:
K3s 版本: v1.24.3+k3s1
节点 CPU 架构、操作系统和版本::
x86 ubuntu
集群配置:
详情如下:
master节点: nat下私网 网卡1:192.168.1.5/24
work1节点: 云上虚拟机有公网IP 网卡1:10.0.0.91/24
work2节点:云上虚拟机有公网IP 网卡1:10.0.0.29/24
以上work1和work2无法通讯,所以采用sd-wan组网 zerotier 组网后网络:
master节点: nat下私网 网卡1:192.168.1.5/24 虚拟网卡:idxxxx: 172.27.0.4/16
work1节点: 云上虚拟机有公网IP 网卡1:10.0.0.91/24 虚拟网卡:idxxxx: 172.27.0.2/16
work2节点:云上虚拟机有公网IP 网卡1:10.0.0.29/24 虚拟网卡:idxxxx: 172.27.0.3/16
网卡信息:
master:
ztfp6fer2j: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether 06:2f:5f:a4:84:94 brd ff:ff:ff:ff:ff:ff
inet 172.27.0.4/16 brd 172.27.255.255 scope global ztfp6fer2j
valid_lft forever preferred_lft forever
inet 172.27.174.104/16 brd 172.27.255.255 scope global secondary ztfp6fer2j
valid_lft forever preferred_lft forever
inet6 fe80::42f:5fff:fea4:8494/64 scope link
valid_lft forever preferred_lft forever
work1:
3: ztfp6fer2j: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc fq state UNKNOWN group default qlen 1000
link/ether 06:84:95:c2:ac:ce brd ff:ff:ff:ff:ff:ff
inet 172.27.0.2/16 brd 172.27.255.255 scope global ztfp6fer2j
valid_lft forever preferred_lft forever
inet 172.27.0.11/16 brd 172.27.255.255 scope global secondary ztfp6fer2j
valid_lft forever preferred_lft forever
inet6 fe80::484:95ff:fec2:acce/64 scope link
valid_lft forever preferred_lft forever
work2:
3: ztfp6fer2j: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether 06:f3:dc:a0:8d:b8 brd ff:ff:ff:ff:ff:ff
inet 172.27.0.3/16 brd 172.27.255.255 scope global ztfp6fer2j
valid_lft forever preferred_lft forever
inet 172.27.34.102/16 brd 172.27.255.255 scope global secondary ztfp6fer2j
valid_lft forever preferred_lft forever
inet6 fe80::4f3:dcff:fea0:8db8/64 scope link
valid_lft forever preferred_lft forever
Node(s) CPU architecture, OS, and Version
问题描述:
组网后node间可以正常通讯,但是 云上work节点所在的pod 和 云下家里私网的pod无法通讯
root@k3s:/etc/systemd/system# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nettest-74bb8947d9-dc7s7 1/1 Running 0 6m12s 10.42.1.3 jp2
nettest-74bb8947d9-lhf44 1/1 Running 0 6m12s 10.42.0.10 home
nettest-74bb8947d9-thwsh 1/1 Running 0 6m12s 10.42.0.9 home
nettest-74bb8947d9-fjkfl 1/1 Running 0 6m12s 10.42.1.4 jp2
nettest-74bb8947d9-5tt96 0/1 Terminating 0 6m12s jp1
nettest-74bb8947d9-qsp5g 1/1 Running 0 15s 10.42.0.11 home
nettest-74bb8947d9-tbzhx 0/1 Terminating 0 6m12s jp1
nettest-74bb8947d9-5bsg4 0/1 Pending 0 3s jp2
root@k3s:/etc/systemd/system# kubectl exec -it nettest-74bb8947d9-lhf44 – /bin/sh
/ # ping 10.42.1.4
PING 10.42.1.4 (10.42.1.4): 56 data bytes
^C
— 10.42.1.4 ping statistics —
复现步骤:
私网间通过zerotier组网打通node之间的网络。 设置使用组网生成的虚拟网卡进行安装和通讯
- 安装 K3s 的命令:
我的安装选项:
master:
curl -sfL https://rancher-mirror.oss-cn-beijing.aliyuncs.com/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn INSTALL_K3S_EXEC="–advertise-address 172.27.0.4 --node-name home --node-ip 172.27.0.4 --flannel-iface=ztfp6fer2j" sh -
work1:
curl -sfL https://get.k3s.io | K3S_URL=https://172.27.0.4:6443 K3S_TOKEN=xxxxxx INSTALL_K3S_EXEC="–node-name jp2 --node-ip 172.27.0.3 --node-external-ip xxxxxx --flannel-iface=ztfp6fer2j" sh -
work2:
curl -sfL https://get.k3s.io | K3S_URL=https://172.27.0.4:6443 K3S_TOKEN=xxxxxx INSTALL_K3S_EXEC="–node-name jp1 --node-ip 172.27.0.2 --node-external-ip xxxxx --flannel-iface=ztfp6fer2j" sh -
预期结果:
node与node之间可以通讯,pod与pod间可以通讯
实际结果:
node与node之间可以通讯,pod与pod间 不能通讯
附加上下文/日志:
日志
已经将iptables 规则清空 iptables -F