无法从 Kubernetes 容器访问互联网
Unable to access the internet from Kubernetes containers
我正在 Mac OSX 上使用 Vagrant Kubernetes 0.9.3 安装程序。
环境:
- Kubernetes 0.9.3
- Vagrant 1.7.2
- VirtualBox-4.3.20-96996-OSX
我能够在单个 minion 环境中成功部署映像并启动容器:
硕士
minion-1
我无法从 运行 容器内访问 Internet。我可以从minion-1机器上网。
我使用 Vagrant 设置环境
/kubernetes$ export KUBERNETES_PROVIDER=vagrant
/kubernetes$ vagrant up
...(Virtualbox 中 master + minion-1 的初始化日志和成功设置)
ssh 进入 minion-1 机器以确保 Internet 连接
/kubernetes$ vagrant ssh minion-1
[vagrant@kubernetes-minion-1 ~]$ ping google.com
PING google.com (173.194.123.37) 56(84) bytes of data.
64 bytes from lga15s47-in-f5.1e100.net (173.194.123.37): icmp_seq=1 ttl=63 time=89.3 ms
上次连接成功
下面可以看到容器好像不能上网
[vagrant@kubernetes-minion-1 ~]$ sudo docker run -it --rm ubuntu /bin/bash
Unable to find image 'ubuntu:latest' locally
ubuntu:latest: The image you are pulling has been verified
27d47432a69b: Downloading [=============================================> ] 180.6 MB/197.2 MB 44s
5f92234dcf1e: Download complete
51a9c7c1f8bb: Download complete
5ba9dab47459: Download complete
511136ea3c5a: Already exists
27d47432a69b: Pull complete
5f92234dcf1e: Pull complete
51a9c7c1f8bb: Pull complete
5ba9dab47459: Pull complete
Status: Downloaded newer image for ubuntu:latest
Ubuntu 容器内
root@84914a7e5184:/# ping google.com
ping: unknown host google.com
root@84914a7e5184:/# sudo apt-get update
Err http://archive.ubuntu.com trusty InRelease
Err http://archive.ubuntu.com trusty-updates InRelease
Err http://archive.ubuntu.com trusty-security InRelease
Err http://archive.ubuntu.com trusty Release.gpg
Could not resolve 'archive.ubuntu.com'
Err http://archive.ubuntu.com trusty-updates Release.gpg
Could not resolve 'archive.ubuntu.com'
Err http://archive.ubuntu.com trusty-security Release.gpg
Could not resolve 'archive.ubuntu.com'
Reading package lists... Done
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/InRelease
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/InRelease
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/InRelease
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/Release.gpg Could not resolve 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/Release.gpg Could not resolve 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/Release.gpg Could not resolve 'archive.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.
root@84914a7e5184:/#
这是 Vagrant 设置的问题还是 Kubernetes 框架有意为之?如果可以,正确的上网方式是什么?
这不是故意的。容器应该能够看到外部互联网。我的猜测是您的 Vagrant 网络设置有问题,可能是由于您的主机对来自容器 IP 的数据包进行了防火墙处理。
我正在 Mac OSX 上使用 Vagrant Kubernetes 0.9.3 安装程序。
环境:
- Kubernetes 0.9.3
- Vagrant 1.7.2
- VirtualBox-4.3.20-96996-OSX
我能够在单个 minion 环境中成功部署映像并启动容器:
硕士
minion-1
我无法从 运行 容器内访问 Internet。我可以从minion-1机器上网。
我使用 Vagrant 设置环境
/kubernetes$ export KUBERNETES_PROVIDER=vagrant
/kubernetes$ vagrant up
...(Virtualbox 中 master + minion-1 的初始化日志和成功设置)
ssh 进入 minion-1 机器以确保 Internet 连接
/kubernetes$ vagrant ssh minion-1
[vagrant@kubernetes-minion-1 ~]$ ping google.com
PING google.com (173.194.123.37) 56(84) bytes of data.
64 bytes from lga15s47-in-f5.1e100.net (173.194.123.37): icmp_seq=1 ttl=63 time=89.3 ms
上次连接成功
下面可以看到容器好像不能上网
[vagrant@kubernetes-minion-1 ~]$ sudo docker run -it --rm ubuntu /bin/bash
Unable to find image 'ubuntu:latest' locally
ubuntu:latest: The image you are pulling has been verified
27d47432a69b: Downloading [=============================================> ] 180.6 MB/197.2 MB 44s
5f92234dcf1e: Download complete
51a9c7c1f8bb: Download complete
5ba9dab47459: Download complete
511136ea3c5a: Already exists
27d47432a69b: Pull complete
5f92234dcf1e: Pull complete
51a9c7c1f8bb: Pull complete
5ba9dab47459: Pull complete
Status: Downloaded newer image for ubuntu:latest
Ubuntu 容器内
root@84914a7e5184:/# ping google.com
ping: unknown host google.com
root@84914a7e5184:/# sudo apt-get update
Err http://archive.ubuntu.com trusty InRelease
Err http://archive.ubuntu.com trusty-updates InRelease
Err http://archive.ubuntu.com trusty-security InRelease
Err http://archive.ubuntu.com trusty Release.gpg
Could not resolve 'archive.ubuntu.com'
Err http://archive.ubuntu.com trusty-updates Release.gpg
Could not resolve 'archive.ubuntu.com'
Err http://archive.ubuntu.com trusty-security Release.gpg
Could not resolve 'archive.ubuntu.com'
Reading package lists... Done
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/InRelease
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/InRelease
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/InRelease
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/Release.gpg Could not resolve 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/Release.gpg Could not resolve 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/Release.gpg Could not resolve 'archive.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.
root@84914a7e5184:/#
这是 Vagrant 设置的问题还是 Kubernetes 框架有意为之?如果可以,正确的上网方式是什么?
这不是故意的。容器应该能够看到外部互联网。我的猜测是您的 Vagrant 网络设置有问题,可能是由于您的主机对来自容器 IP 的数据包进行了防火墙处理。