k8s在pod内无法ping通servicename和ClusterIP

查看 master 节点的 kube-proxy 日志

# 查看 pod 名
[root@master ry]# kubectl get pod -n kube-system -o wide | grep proxy
kube-proxy-bbmsv                 1/1     Running   2          27d   172.21.9.101   node1    <none>           <none>
kube-proxy-flskn                 1/1     Running   1          27d   172.21.9.102   node2    <none>           <none>
kube-proxy-r2tbr                 1/1     Running   2          27d   172.21.9.100   master   <none>           <none>
....

# 日志
[root@master ry]# kubectl logs -n kube-system kube-proxy-r2tbr
W0520 05:02:04.681967       1 server_others.go:323] Unknown proxy mode "", assuming iptables proxy
I0520 05:02:04.688833       1 node.go:135] Successfully retrieved node IP: 172.21.9.100
I0520 05:02:04.688877       1 server_others.go:145] Using iptables Proxier.
I0520 05:02:04.689145       1 server.go:571] Version: v1.17.4

可以看见使用的是 iptables 。

1、开启内核支持

cat >> /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sysctl -p

2、开启ipvs支持

yum -y install ipvsadm  ipset

# 临时生效
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4

# 永久生效
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF

3、配置kube-proxy，在master上操作，因使用kubeadmin安装，所以操作方式如下

kubectl edit cm kube-proxy -n kube-system

#修改如下
kind: MasterConfiguration
apiVersion: kubeadm.k8s.io/v1alpha1
...
ipvs:
    mode: "ipvs"  #修改

4、在master重启kube-proxy

kubectl  get pod -n kube-system | grep kube-proxy | awk '{print $1}' | xargs kubectl delete pod -n kube-system

5、验证ipvs是否开启

# 查看 pod 名
[root@master ry]# kubectl get pod -o wide -n kube-system | grep proxy
kube-proxy-6k7nc                 1/1     Running   0          10m   172.21.9.102   node2    <none>           <none>
kube-proxy-s8fvc                 1/1     Running   0          10m   172.21.9.100   master   <none>           <none>
kube-proxy-vpwdw                 1/1     Running   0          10m   172.21.9.101   node1    <none>           <none>

# 日志
[root@master ry]# kubectl logs kube-proxy-s8fvc -n kube-system
I0520 06:55:06.075459       1 node.go:135] Successfully retrieved node IP: 172.21.9.100
I0520 06:55:06.075571       1 server_others.go:172] Using ipvs Proxier.
W0520 06:55:06.075901       1 proxier.go:420] IPVS scheduler not specified, use rr by default
I0520 06:55:06.076126       1 server.go:571] Version: v1.17.4

可以看见 ipvs 已经启用。

原文链接：https://blog.csdn.net/never_late/article/details/124883535