博客内容讲述了在 Kubernetes 集群环境中,由于iptables的本地版本不支持`--random-fully`选项,导致kube-proxy无法正常工作。解决方案是升级iptables。详细步骤包括安装依赖、下载iptables源码、编译安装并覆盖原有文件,最后重启kube-proxy和kubelet服务。
[root@k8s-node1 ~]# tailf /opt/kubernetes/logs/kube-proxy.INFO
I0318 11:49:42.467892 1076 proxier.go:1724] Not using `--random-fully` in the MASQUERADE rule for iptables because the local version of iptables does not support it
I0318 11:50:12.488162 1076 proxier.go:1724] Not using `--random-fully` in the MASQUERADE rule for iptables because the local version of iptables does not support it
I0318 11:50:42.508151 1076 proxier.go:1724] Not using `--random-fully` in the MASQUERADE rule for iptables because the local version of iptables does not support it
原因:
iptables 本地iptables版本不支持,要升级iptables
安装升级iptables所需依赖
yum install gcc make libnftnl-devel libmnl-devel autoconf automake libtool bison flex \
libnetfilter_conntrack-devel libnetfilter_queue-devel libpcap-devel
iptables-1.6.2.tar.bz2软件包链接:https://pan.baidu.com/s/1V1yKG3kzYcVtEy43NnNqOw
提取码:88eb
编译安装iptables
export LC_ALL=C
wget https://www.netfilter.org/projects/iptables/files/iptables-1.6.2.tar.bz2 --no-check-certificate
tar -xvf iptables-1.6.2.tar.bz2
cd iptables-1.6.2
./autogen.sh
./configure
make -j4
make install
# 覆盖
cd /usr/local/sbin
\cp iptables /sbin
\cp iptables-restore /sbin/
\cp iptables-save /sbin/
可以把/usr/local/sbin下面的iptables相关的东西打包然后分发到其它服务器
重启 kube-proxy 与 kubelet
systemctl restart kubelet.service kube-proxy.service
扫一扫
978
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
