deployment文件部署两个nginx pod
deployment yaml文件
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: k8s-nginx spec: replicas: 2 template: metadata: labels: run: k8s-nginx spec: containers: - name: k8s-nginx image: nginx ports: - containerPort: 80 |
kubectl create -f my-nginx.yaml --record --save-config:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
[root@docker1 app]# kubectl get rs -o wide NAME DESIRED CURRENT READY AGE CONTAINER(S) IMAGE(S) SELECTOR k8s-nginx-289671949 2 2 0 1m k8s-nginx nginx pod-template-hash=289671949,run=k8s-nginx [root@docker1 app]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE k8s-nginx-289671949-dk2p1 0/1 ContainerCreating 0 1m <none> 172.16.199.27 k8s-nginx-289671949-xh4zw 0/1 ContainerCreating 0 1m <none> 172.16.199.37 [root@docker1 app]# [root@docker1 app]# [root@docker1 app]# kubectl get events LASTSEEN FIRSTSEEN COUNT NAME KIND SUBOBJECT TYPE REASON SOURCE MESSAGE 4m 4m 1 k8s-nginx-289671949-dk2p1 Pod Normal Scheduled default-scheduler Successfully assigned k8s-nginx-289671949-dk2p1 to 172.16.199.27 4m 4m 1 k8s-nginx-289671949-dk2p1 Pod spec.containers{k8s-nginx} Normal Pulling kubelet, 172.16.199.27 pulling image "nginx" 4m 4m 1 k8s-nginx-289671949-xh4zw Pod Normal Scheduled default-scheduler Successfully assigned k8s-nginx-289671949-xh4zw to 172.16.199.37 4m 4m 1 k8s-nginx-289671949-xh4zw Pod spec.containers{k8s-nginx} Normal Pulling kubelet, 172.16.199.37 pulling image "nginx" 4m 4m 1 k8s-nginx-289671949 ReplicaSet Normal SuccessfulCreate replicaset-controller Created pod: k8s-nginx-289671949-dk2p1 4m 4m 1 k8s-nginx-289671949 ReplicaSet Normal SuccessfulCreate replicaset-controller Created pod: k8s-nginx-289671949-xh4zw 4m 4m 1 k8s-nginx Deployment Normal ScalingReplicaSet deployment-controller Scaled up replica set k8s-nginx-289671949 to 2 [root@docker1 app]# kubectl get events LASTSEEN FIRSTSEEN COUNT NAME KIND SUBOBJECT TYPE REASON SOURCE MESSAGE 15m 15m 1 k8s-nginx-289671949-dk2p1 Pod Normal Scheduled default-scheduler Successfully assigned k8s-nginx-289671949-dk2p1 to 172.16.199.27 15m 15m 1 k8s-nginx-289671949-dk2p1 Pod spec.containers{k8s-nginx} Normal Pulling kubelet, 172.16.199.27 pulling image "nginx" 15m 15m 1 k8s-nginx-289671949-xh4zw Pod Normal Scheduled default-scheduler Successfully assigned k8s-nginx-289671949-xh4zw to 172.16.199.37 15m 15m 1 k8s-nginx-289671949-xh4zw Pod spec.containers{k8s-nginx} Normal Pulling kubelet, 172.16.199.37 pulling image "nginx" 3m 3m 1 k8s-nginx-289671949-xh4zw Pod spec.containers{k8s-nginx} Normal Pulled kubelet, 172.16.199.37 Successfully pulled image "nginx" 3m 3m 1 k8s-nginx-289671949-xh4zw Pod spec.containers{k8s-nginx} Normal Created kubelet, 172.16.199.37 Created container with id 777a098bb8dd5c256f9dbb3a7ecd8204f254283b72ec7155c51556a453b9fe24 3m 3m 1 k8s-nginx-289671949-xh4zw Pod spec.containers{k8s-nginx} Normal Started kubelet, 172.16.199.37 Started container with id 777a098bb8dd5c256f9dbb3a7ecd8204f254283b72ec7155c51556a453b9fe24 15m 15m 1 k8s-nginx-289671949 ReplicaSet Normal SuccessfulCreate replicaset-controller Created pod: k8s-nginx-289671949-dk2p1 15m 15m 1 k8s-nginx-289671949 ReplicaSet Normal SuccessfulCreate replicaset-controller Created pod: k8s-nginx-289671949-xh4zw 15m 15m 1 k8s-nginx Deployment Normal ScalingReplicaSet deployment-controller Scaled up replica set k8s-nginx-289671949 to 2 |
再启动一个pod:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
apiVersion: v1 kind: Pod metadata: name: busybox namespace: default spec: containers: - image: busybox command: - sleep - "3600" imagePullPolicy: IfNotPresent name: busybox restartPolicy: Always ~ |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
root@docker1 app]# kubectl create -f busybox-pod.yaml --record --save-config pod "busybox" created [root@docker1 app]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE busybox 1/1 Running 0 13s 10.2.4.3 172.16.199.27 k8s-nginx-289671949-dk2p1 1/1 Running 0 55m 10.2.4.2 172.16.199.27 k8s-nginx-289671949-xh4zw 1/1 Running 0 55m 10.2.39.3 172.16.199.37 [root@docker1 app]# kubectl exec busybox ifconfig eth0 Link encap:Ethernet HWaddr 02:42:0A:02:04:03 inet addr:10.2.4.3 Bcast:0.0.0.0 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:648 (648.0 B) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) |
|
1 2 3 4 5 6 |
[root@docker1 app]# Server: 169.169.0.53 Address 1: 169.169.0.53 kube-dns.kube-system.svc.cluster.local Name: k8s-nginx Address 1: 169.169.36.129 k8s-nginx.default.svc.cluster.local |
|
1 2 3 4 5 6 |
[root@docker1 app]# kubectl exec busybox nslookup kube-dns.kube-system.svc.cluster.local Server: 169.169.0.53 Address 1: 169.169.0.53 kube-dns.kube-system.svc.cluster.local Name: kube-dns.kube-system.svc.cluster.local Address 1: 169.169.0.53 kube-dns.kube-system.svc.cluster.local |
FQDN格式:servicename.namesapce.svc.cluster.local
在node节点上直接访问clusterIP看看:
curl http://169.169.36.129 不通
这是正常的,因为节点并无该网咯的接口,集群IP地址没有绑定在任何物理或者逻辑接口上。如果此时刻意的给某个宿主机网卡设置169.169.0.0/16这个cluster ip range的地址,则可以访问:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
[root@docker2 ~]# ifconfig eno33554960 eno33554960: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 169.169.10.10 netmask 255.255.0.0 broadcast 169.169.255.255 inet6 fe80::20c:29ff:feae:1183 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:ae:11:83 txqueuelen 1000 (Ethernet) RX packets 1481 bytes 127684 (124.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 11 bytes 808 (808.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@docker2 ~]# curl 169.169.36.129 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> |
service使用cluster ip而非nodeport模式时候,相关NAT 表:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
[root@docker2 ~]# iptables -nL -t nat -v Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 5512 2282K KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ 237 33706 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 896 72790 KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ 1 60 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1095 87552 KUBE-POSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes postrouting rules */ 157 12153 MASQUERADE all -- * !docker0 10.2.4.0/24 0.0.0.0/0 0 0 MASQUERADE all -- * !docker0 10.1.37.0/24 0.0.0.0/0 Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0 Chain KUBE-MARK-DROP (0 references) pkts bytes target prot opt in out source destination 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x8000 Chain KUBE-MARK-MASQ (5 references) pkts bytes target prot opt in out source destination 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000 Chain KUBE-NODEPORTS (1 references) pkts bytes target prot opt in out source destination Chain KUBE-POSTROUTING (1 references) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000 Chain KUBE-SEP-D5T62RWZFFOCR77Q (1 references) pkts bytes target prot opt in out source destination 0 0 KUBE-MARK-MASQ all -- * * 10.2.39.3 0.0.0.0/0 /* default/k8s-nginx: */ 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ tcp to:10.2.39.3:80 Chain KUBE-SEP-IK3IYR4STYKRJP77 (1 references) pkts bytes target prot opt in out source destination 0 0 KUBE-MARK-MASQ all -- * * 10.2.39.2 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ tcp to:10.2.39.2:53 Chain KUBE-SEP-WV6S37CDULKCYEVE (1 references) pkts bytes target prot opt in out source destination 0 0 KUBE-MARK-MASQ all -- * * 10.2.39.2 0.0.0.0/0 /* kube-system/kube-dns:dns */ 0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */ udp to:10.2.39.2:53 Chain KUBE-SEP-X7YOSBI66WAQ7F6X (2 references) pkts bytes target prot opt in out source destination 0 0 KUBE-MARK-MASQ all -- * * 172.16.199.17 0.0.0.0/0 /* default/kubernetes:https */ 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: SET name: KUBE-SEP-X7YOSBI66WAQ7F6X side: source mask: 255.255.255.255 tcp to:172.16.199.17:6443 Chain KUBE-SEP-YXWG4KEJCDIRMCO5 (1 references) pkts bytes target prot opt in out source destination 0 0 KUBE-MARK-MASQ all -- * * 10.2.4.2 0.0.0.0/0 /* default/k8s-nginx: */ 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ tcp to:10.2.4.2:80 Chain KUBE-SERVICES (2 references) pkts bytes target prot opt in out source destination 0 0 KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- * * 0.0.0.0/0 169.169.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443 0 0 KUBE-SVC-TCOU7JCQXEZGVUNU udp -- * * 0.0.0.0/0 169.169.0.53 /* kube-system/kube-dns:dns cluster IP */ udp dpt:53 0 0 KUBE-SVC-ERIFXISQEP7F7OF4 tcp -- * * 0.0.0.0/0 169.169.0.53 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53 0 0 KUBE-SVC-2RMP45C4XWDG5BGC tcp -- * * 0.0.0.0/0 169.169.36.129 /* default/k8s-nginx: cluster IP */ tcp dpt:80 0 0 KUBE-NODEPORTS all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL Chain KUBE-SVC-2RMP45C4XWDG5BGC (1 references) pkts bytes target prot opt in out source destination 0 0 KUBE-SEP-D5T62RWZFFOCR77Q all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ statistic mode random probability 0.50000000000 0 0 KUBE-SEP-YXWG4KEJCDIRMCO5 all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ Chain KUBE-SVC-ERIFXISQEP7F7OF4 (1 references) pkts bytes target prot opt in out source destination 0 0 KUBE-SEP-IK3IYR4STYKRJP77 all -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references) pkts bytes target prot opt in out source destination 0 0 KUBE-SEP-X7YOSBI66WAQ7F6X all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: CHECK seconds: 10800 reap name: KUBE-SEP-X7YOSBI66WAQ7F6X side: source mask: 255.255.255.255 0 0 KUBE-SEP-X7YOSBI66WAQ7F6X all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ Chain KUBE-SVC-TCOU7JCQXEZGVUNU (1 references) pkts bytes target prot opt in out source destination 0 0 KUBE-SEP-WV6S37CDULKCYEVE all -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */ |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
[root@docker2 ~]# iptables -nL -t filter -v Chain INPUT (policy ACCEPT 629 packets, 76374 bytes) pkts bytes target prot opt in out source destination 4355K 556M KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ 4376K 558M KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2277 198K DOCKER-ISOLATION all -- * * 0.0.0.0/0 0.0.0.0/0 154 20792 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0 2123 178K ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- !docker0 docker0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 607 packets, 54716 bytes) pkts bytes target prot opt in out source destination 4375K 370M KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ 4395K 372M KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DOCKER (1 references) pkts bytes target prot opt in out source destination Chain DOCKER-ISOLATION (1 references) pkts bytes target prot opt in out source destination 2277 198K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain KUBE-FIREWALL (2 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000 Chain KUBE-SERVICES (2 references) pkts bytes target prot opt in out source destination |
删除上述创建的k8s-nginx service
[root@docker1 app]# kubectl delete service k8s-nginx
然后无法解析出服务名称:
|
1 2 3 4 5 6 |
[root@docker1 app]# kubectl exec busybox nslookup k8s-nginx Server: 169.169.0.53 Address 1: 169.169.0.53 kube-dns.kube-system.svc.cluster.local Name: k8s-nginx Address 1: 45.33.9.234 li963-234.members.linode.com 这是递归到外部了 |
重新发布一个service,并使用nodeport方式:
|
1 |
kubectl expose deployment k8s-nginx --type=NodePort |
|
1 2 3 4 |
[root@docker1 app]# kubectl get svc -o wide NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR k8s-nginx 169.169.148.143 <nodes> 80:30780/TCP 47s run=k8s-nginx kubernetes 169.169.0.1 <none> 443/TCP 2d <none> |
node节点上查看:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
[root@docker2 ~]# netstat -pan | grep 30780 tcp6 0 0 :::30780 :::* LISTEN 9960/kube-proxy [root@docker2 ~]# curl 127.0.0.1:30780 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html> |
node port类型下的NAT表规则:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 |
[root@docker2 ~]# iptables -nL -t nat -v Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 5612 2316K KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ 256 36555 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 936 76333 KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */ 1 60 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1150 92124 KUBE-POSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes postrouting rules */ 172 13182 MASQUERADE all -- * !docker0 10.2.4.0/24 0.0.0.0/0 0 0 MASQUERADE all -- * !docker0 10.1.37.0/24 0.0.0.0/0 Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0 Chain KUBE-MARK-DROP (0 references) pkts bytes target prot opt in out source destination 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x8000 Chain KUBE-MARK-MASQ (6 references) pkts bytes target prot opt in out source destination 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000 Chain KUBE-NODEPORTS (1 references) pkts bytes target prot opt in out source destination 0 0 KUBE-MARK-MASQ tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ tcp dpt:30780 0 0 KUBE-SVC-2RMP45C4XWDG5BGC tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ tcp dpt:30780 Chain KUBE-POSTROUTING (1 references) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000 Chain KUBE-SEP-D5T62RWZFFOCR77Q (1 references) pkts bytes target prot opt in out source destination 0 0 KUBE-MARK-MASQ all -- * * 10.2.39.3 0.0.0.0/0 /* default/k8s-nginx: */ 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ tcp to:10.2.39.3:80 Chain KUBE-SEP-IK3IYR4STYKRJP77 (1 references) pkts bytes target prot opt in out source destination 0 0 KUBE-MARK-MASQ all -- * * 10.2.39.2 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ tcp to:10.2.39.2:53 Chain KUBE-SEP-WV6S37CDULKCYEVE (1 references) pkts bytes target prot opt in out source destination 0 0 KUBE-MARK-MASQ all -- * * 10.2.39.2 0.0.0.0/0 /* kube-system/kube-dns:dns */ 0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */ udp to:10.2.39.2:53 Chain KUBE-SEP-X7YOSBI66WAQ7F6X (2 references) pkts bytes target prot opt in out source destination 0 0 KUBE-MARK-MASQ all -- * * 172.16.199.17 0.0.0.0/0 /* default/kubernetes:https */ 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: SET name: KUBE-SEP-X7YOSBI66WAQ7F6X side: source mask: 255.255.255.255 tcp to:172.16.199.17:6443 Chain KUBE-SEP-YXWG4KEJCDIRMCO5 (1 references) pkts bytes target prot opt in out source destination 0 0 KUBE-MARK-MASQ all -- * * 10.2.4.2 0.0.0.0/0 /* default/k8s-nginx: */ 0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ tcp to:10.2.4.2:80 Chain KUBE-SERVICES (2 references) pkts bytes target prot opt in out source destination 0 0 KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- * * 0.0.0.0/0 169.169.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443 0 0 KUBE-SVC-TCOU7JCQXEZGVUNU udp -- * * 0.0.0.0/0 169.169.0.53 /* kube-system/kube-dns:dns cluster IP */ udp dpt:53 0 0 KUBE-SVC-ERIFXISQEP7F7OF4 tcp -- * * 0.0.0.0/0 169.169.0.53 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53 0 0 KUBE-SVC-2RMP45C4XWDG5BGC tcp -- * * 0.0.0.0/0 169.169.148.143 /* default/k8s-nginx: cluster IP */ tcp dpt:80 0 0 KUBE-NODEPORTS all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL Chain KUBE-SVC-2RMP45C4XWDG5BGC (2 references) pkts bytes target prot opt in out source destination 0 0 KUBE-SEP-D5T62RWZFFOCR77Q all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ statistic mode random probability 0.50000000000 0 0 KUBE-SEP-YXWG4KEJCDIRMCO5 all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ Chain KUBE-SVC-ERIFXISQEP7F7OF4 (1 references) pkts bytes target prot opt in out source destination 0 0 KUBE-SEP-IK3IYR4STYKRJP77 all -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references) pkts bytes target prot opt in out source destination 0 0 KUBE-SEP-X7YOSBI66WAQ7F6X all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: CHECK seconds: 10800 reap name: KUBE-SEP-X7YOSBI66WAQ7F6X side: source mask: 255.255.255.255 0 0 KUBE-SEP-X7YOSBI66WAQ7F6X all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ Chain KUBE-SVC-TCOU7JCQXEZGVUNU (1 references) pkts bytes target prot opt in out source destination 0 0 KUBE-SEP-WV6S37CDULKCYEVE all -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */ |
文章评论