记录k8s部署nginx无法访问

学习k8s，布置nginx service后外网无法访问
最终发现是iptables NAT转发规则的问题
# 重置iptables转发
[root@hadoop03 k8s]# iptables --flush&iptables -tnat --flush & iptables -P FORWARD ACCEPT

# 重置k8s
[root@hadoop03 k8s]# kubeadm reset

[root@hadoop03 k8s]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
KUBE-NODEPORTS  all  --  0.0.0.0/0            0.0.0.0/0            
KUBE-EXTERNAL-SERVICES  all  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW 
KUBE-FIREWALL  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
KUBE-FORWARD  all  --  0.0.0.0/0            0.0.0.0/0            
KUBE-SERVICES  all  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW 
KUBE-EXTERNAL-SERVICES  all  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW 
ACCEPT     all  --  10.244.0.0/16        0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            10.244.0.0/16

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
KUBE-SERVICES  all  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW 
KUBE-FIREWALL  all  --  0.0.0.0/0            0.0.0.0/0

Chain DOCKER (0 references)
target     prot opt source               destination

Chain DOCKER-ISOLATION-STAGE-1 (0 references)
target     prot opt source               destination

Chain DOCKER-ISOLATION-STAGE-2 (0 references)
target     prot opt source               destination

Chain DOCKER-USER (0 references)
target     prot opt source               destination

Chain KUBE-EXTERNAL-SERVICES (2 references)
target     prot opt source               destination
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0             ADDRTYPE match dst-type LOCAL tcp dpt:31748 reject-with icmp-port-unre                                                        achable

Chain KUBE-FIREWALL (2 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0             mark match 0x8000/0x8000
DROP       all  -- !127.0.0.0/8          127.0.0.0/8           ! ctstate RELATED,ESTABLISHED,DNAT

Chain KUBE-FORWARD (1 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0             mark match 0x4000/0x4000
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0             ctstate RELATED,ESTABLISHED

Chain KUBE-KUBELET-CANARY (0 references)
target     prot opt source               destination

Chain KUBE-NODEPORTS (1 references)
target     prot opt source               destination

Chain KUBE-PROXY-CANARY (0 references)
target     prot opt source               destination

Chain KUBE-SERVICES (2 references)
target     prot opt source               destination
REJECT     tcp  --  0.0.0.0/0            10.1.27.112           tcp dpt:8000 reject-with icmp-port-unreachable```

#####################
###
#####################
[root@hadoop03 k8s]# kubectl  get svc
NAME                     TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)          AGE
kubernetes               ClusterIP   10.1.0.1              443/TCP          36m
nginx-service-nodeport   NodePort    10.1.27.112           8000:31748/TCP   34m
[root@hadoop03 k8s]# curl hadoop03:31748



Welcome to nginx!



Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.

For online documentation and support please refer to
nginx.org.

Commercial support is available at
nginx.com.

Thank you for using nginx.
记录k8s部署nginx无法访问

Welcome to nginx!

Linux相关栏目本月热门文章
