k8s 部分命令执行输出

deployment文件部署两个nginx pod

deployment yaml文件

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: k8s-nginx
spec:
  replicas: 2
  template:
    metadata:
      labels:
        run: k8s-nginx
    spec:
      containers:
      - name: k8s-nginx
        image: nginx
        ports:
        - containerPort: 80

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

spec:

replicas: 2

template:

metadata:

labels:

run: k8s-nginx

spec:

containers:

- name: k8s-nginx

image: nginx

ports:

- containerPort: 80

kubectl create -f my-nginx.yaml --record --save-config:

[root@docker1 app]# kubectl get rs -o wide
NAME                  DESIRED   CURRENT   READY     AGE       CONTAINER(S)   IMAGE(S)   SELECTOR
k8s-nginx-289671949   2         2         0         1m        k8s-nginx      nginx      pod-template-hash=289671949,run=k8s-nginx
[root@docker1 app]# kubectl get pods -o wide
NAME                        READY     STATUS              RESTARTS   AGE       IP        NODE
k8s-nginx-289671949-dk2p1   0/1       ContainerCreating   0          1m        <none>    172.16.199.27
k8s-nginx-289671949-xh4zw   0/1       ContainerCreating   0          1m        <none>    172.16.199.37
[root@docker1 app]# 
[root@docker1 app]# 
[root@docker1 app]# kubectl get events
LASTSEEN   FIRSTSEEN   COUNT     NAME                        KIND         SUBOBJECT                    TYPE      REASON              SOURCE                   MESSAGE
4m         4m          1         k8s-nginx-289671949-dk2p1   Pod                                       Normal    Scheduled           default-scheduler        Successfully assigned k8s-nginx-289671949-dk2p1 to 172.16.199.27
4m         4m          1         k8s-nginx-289671949-dk2p1   Pod          spec.containers{k8s-nginx}   Normal    Pulling             kubelet, 172.16.199.27   pulling image "nginx"
4m         4m          1         k8s-nginx-289671949-xh4zw   Pod                                       Normal    Scheduled           default-scheduler        Successfully assigned k8s-nginx-289671949-xh4zw to 172.16.199.37
4m         4m          1         k8s-nginx-289671949-xh4zw   Pod          spec.containers{k8s-nginx}   Normal    Pulling             kubelet, 172.16.199.37   pulling image "nginx"
4m         4m          1         k8s-nginx-289671949         ReplicaSet                                Normal    SuccessfulCreate    replicaset-controller    Created pod: k8s-nginx-289671949-dk2p1
4m         4m          1         k8s-nginx-289671949         ReplicaSet                                Normal    SuccessfulCreate    replicaset-controller    Created pod: k8s-nginx-289671949-xh4zw
4m         4m          1         k8s-nginx                   Deployment                                Normal    ScalingReplicaSet   deployment-controller    Scaled up replica set k8s-nginx-289671949 to 2

[root@docker1 app]# kubectl get events
LASTSEEN   FIRSTSEEN   COUNT     NAME                        KIND         SUBOBJECT                    TYPE      REASON              SOURCE                   MESSAGE
15m        15m         1         k8s-nginx-289671949-dk2p1   Pod                                       Normal    Scheduled           default-scheduler        Successfully assigned k8s-nginx-289671949-dk2p1 to 172.16.199.27
15m        15m         1         k8s-nginx-289671949-dk2p1   Pod          spec.containers{k8s-nginx}   Normal    Pulling             kubelet, 172.16.199.27   pulling image "nginx"
15m        15m         1         k8s-nginx-289671949-xh4zw   Pod                                       Normal    Scheduled           default-scheduler        Successfully assigned k8s-nginx-289671949-xh4zw to 172.16.199.37
15m        15m         1         k8s-nginx-289671949-xh4zw   Pod          spec.containers{k8s-nginx}   Normal    Pulling             kubelet, 172.16.199.37   pulling image "nginx"
3m         3m          1         k8s-nginx-289671949-xh4zw   Pod          spec.containers{k8s-nginx}   Normal    Pulled              kubelet, 172.16.199.37   Successfully pulled image "nginx"
3m         3m          1         k8s-nginx-289671949-xh4zw   Pod          spec.containers{k8s-nginx}   Normal    Created             kubelet, 172.16.199.37   Created container with id 777a098bb8dd5c256f9dbb3a7ecd8204f254283b72ec7155c51556a453b9fe24
3m         3m          1         k8s-nginx-289671949-xh4zw   Pod          spec.containers{k8s-nginx}   Normal    Started             kubelet, 172.16.199.37   Started container with id 777a098bb8dd5c256f9dbb3a7ecd8204f254283b72ec7155c51556a453b9fe24
15m        15m         1         k8s-nginx-289671949         ReplicaSet                                Normal    SuccessfulCreate    replicaset-controller    Created pod: k8s-nginx-289671949-dk2p1
15m        15m         1         k8s-nginx-289671949         ReplicaSet                                Normal    SuccessfulCreate    replicaset-controller    Created pod: k8s-nginx-289671949-xh4zw
15m        15m         1         k8s-nginx                   Deployment                                Normal    ScalingReplicaSet   deployment-controller    Scaled up replica set k8s-nginx-289671949 to 2

[root@docker1 app]# kubectl get rs -o wide

NAME DESIRED CURRENT READY AGE CONTAINER(S) IMAGE(S) SELECTOR

k8s-nginx-289671949 2 2 0 1m k8s-nginx nginx pod-template-hash=289671949,run=k8s-nginx

[root@docker1 app]# kubectl get pods -o wide

NAME READY STATUS RESTARTS AGE IP NODE

k8s-nginx-289671949-dk2p1 0/1 ContainerCreating 0 1m <none> 172.16.199.27

k8s-nginx-289671949-xh4zw 0/1 ContainerCreating 0 1m <none> 172.16.199.37

[root@docker1 app]#

[root@docker1 app]# kubectl get events

LASTSEEN FIRSTSEEN COUNT NAME KIND SUBOBJECT TYPE REASON SOURCE MESSAGE

4m 4m 1 k8s-nginx-289671949-dk2p1 Pod Normal Scheduled default-scheduler Successfully assigned k8s-nginx-289671949-dk2p1 to 172.16.199.27

4m 4m 1 k8s-nginx-289671949-dk2p1 Pod spec.containers{k8s-nginx} Normal Pulling kubelet, 172.16.199.27 pulling image "nginx"

4m 4m 1 k8s-nginx-289671949-xh4zw Pod Normal Scheduled default-scheduler Successfully assigned k8s-nginx-289671949-xh4zw to 172.16.199.37

4m 4m 1 k8s-nginx-289671949-xh4zw Pod spec.containers{k8s-nginx} Normal Pulling kubelet, 172.16.199.37 pulling image "nginx"

4m 4m 1 k8s-nginx-289671949 ReplicaSet Normal SuccessfulCreate replicaset-controller Created pod: k8s-nginx-289671949-dk2p1

4m 4m 1 k8s-nginx-289671949 ReplicaSet Normal SuccessfulCreate replicaset-controller Created pod: k8s-nginx-289671949-xh4zw

4m 4m 1 k8s-nginx Deployment Normal ScalingReplicaSet deployment-controller Scaled up replica set k8s-nginx-289671949 to 2

[root@docker1 app]# kubectl get events

LASTSEEN FIRSTSEEN COUNT NAME KIND SUBOBJECT TYPE REASON SOURCE MESSAGE

15m 15m 1 k8s-nginx-289671949-dk2p1 Pod Normal Scheduled default-scheduler Successfully assigned k8s-nginx-289671949-dk2p1 to 172.16.199.27

15m 15m 1 k8s-nginx-289671949-dk2p1 Pod spec.containers{k8s-nginx} Normal Pulling kubelet, 172.16.199.27 pulling image "nginx"

15m 15m 1 k8s-nginx-289671949-xh4zw Pod Normal Scheduled default-scheduler Successfully assigned k8s-nginx-289671949-xh4zw to 172.16.199.37

15m 15m 1 k8s-nginx-289671949-xh4zw Pod spec.containers{k8s-nginx} Normal Pulling kubelet, 172.16.199.37 pulling image "nginx"

3m 3m 1 k8s-nginx-289671949-xh4zw Pod spec.containers{k8s-nginx} Normal Pulled kubelet, 172.16.199.37 Successfully pulled image "nginx"

3m 3m 1 k8s-nginx-289671949-xh4zw Pod spec.containers{k8s-nginx} Normal Created kubelet, 172.16.199.37 Created container with id 777a098bb8dd5c256f9dbb3a7ecd8204f254283b72ec7155c51556a453b9fe24

3m 3m 1 k8s-nginx-289671949-xh4zw Pod spec.containers{k8s-nginx} Normal Started kubelet, 172.16.199.37 Started container with id 777a098bb8dd5c256f9dbb3a7ecd8204f254283b72ec7155c51556a453b9fe24

15m 15m 1 k8s-nginx-289671949 ReplicaSet Normal SuccessfulCreate replicaset-controller Created pod: k8s-nginx-289671949-dk2p1

15m 15m 1 k8s-nginx-289671949 ReplicaSet Normal SuccessfulCreate replicaset-controller Created pod: k8s-nginx-289671949-xh4zw

15m 15m 1 k8s-nginx Deployment Normal ScalingReplicaSet deployment-controller Scaled up replica set k8s-nginx-289671949 to 2

再启动一个pod：

apiVersion: v1
kind: Pod
metadata:
  name: busybox
  namespace: default
spec:
  containers:
  - image: busybox
    command:
      - sleep
      - "3600"
    imagePullPolicy: IfNotPresent
    name: busybox
  restartPolicy: Always
~

apiVersion: v1

kind: Pod

metadata:

namespace: default

spec:

containers:

- image: busybox

command:

- sleep

- "3600"

imagePullPolicy: IfNotPresent

restartPolicy: Always

root@docker1 app]# kubectl create -f busybox-pod.yaml  --record --save-config
pod "busybox" created

[root@docker1 app]# kubectl get pods -o wide
NAME                        READY     STATUS    RESTARTS   AGE       IP          NODE
busybox                     1/1       Running   0          13s       10.2.4.3    172.16.199.27
k8s-nginx-289671949-dk2p1   1/1       Running   0          55m       10.2.4.2    172.16.199.27
k8s-nginx-289671949-xh4zw   1/1       Running   0          55m       10.2.39.3   172.16.199.37
[root@docker1 app]# kubectl exec busybox ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:0A:02:04:03  
          inet addr:10.2.4.3  Bcast:0.0.0.0  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1450  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:648 (648.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root@docker1 app]# kubectl create -f busybox-pod.yaml --record --save-config

pod "busybox" created

[root@docker1 app]# kubectl get pods -o wide

NAME READY STATUS RESTARTS AGE IP NODE

busybox 1/1 Running 0 13s 10.2.4.3 172.16.199.27

k8s-nginx-289671949-dk2p1 1/1 Running 0 55m 10.2.4.2 172.16.199.27

k8s-nginx-289671949-xh4zw 1/1 Running 0 55m 10.2.39.3 172.16.199.37

[root@docker1 app]# kubectl exec busybox ifconfig

eth0 Link encap:Ethernet HWaddr 02:42:0A:02:04:03

inet addr:10.2.4.3 Bcast:0.0.0.0 Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1

RX packets:8 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:648 (648.0 B) TX bytes:0 (0.0 B)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

UP LOOPBACK RUNNING MTU:65536 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1

RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

[root@docker1 app]# 
Server:    169.169.0.53
Address 1: 169.169.0.53 kube-dns.kube-system.svc.cluster.local

Name:      k8s-nginx
Address 1: 169.169.36.129 k8s-nginx.default.svc.cluster.local

[root@docker1 app]#

Server: 169.169.0.53

Address 1: 169.169.0.53 kube-dns.kube-system.svc.cluster.local

Name: k8s-nginx

Address 1: 169.169.36.129 k8s-nginx.default.svc.cluster.local

[root@docker1 app]# kubectl exec busybox nslookup kube-dns.kube-system.svc.cluster.local
Server:    169.169.0.53
Address 1: 169.169.0.53 kube-dns.kube-system.svc.cluster.local

Name:      kube-dns.kube-system.svc.cluster.local
Address 1: 169.169.0.53 kube-dns.kube-system.svc.cluster.local

[root@docker1 app]# kubectl exec busybox nslookup kube-dns.kube-system.svc.cluster.local

Server: 169.169.0.53

Address 1: 169.169.0.53 kube-dns.kube-system.svc.cluster.local

Name: kube-dns.kube-system.svc.cluster.local

Address 1: 169.169.0.53 kube-dns.kube-system.svc.cluster.local

FQDN格式：servicename.namesapce.svc.cluster.local

在node节点上直接访问clusterIP看看：

curl http://169.169.36.129 不通

这是正常的，因为节点并无该网咯的接口，集群IP地址没有绑定在任何物理或者逻辑接口上。如果此时刻意的给某个宿主机网卡设置169.169.0.0/16这个cluster ip range的地址，则可以访问：

[root@docker2 ~]# ifconfig eno33554960 
eno33554960: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 169.169.10.10  netmask 255.255.0.0  broadcast 169.169.255.255
        inet6 fe80::20c:29ff:feae:1183  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:ae:11:83  txqueuelen 1000  (Ethernet)
        RX packets 1481  bytes 127684 (124.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11  bytes 808 (808.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


[root@docker2 ~]# curl 169.169.36.129
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>

[root@docker2 ~]# ifconfig eno33554960

eno33554960: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 169.169.10.10 netmask 255.255.0.0 broadcast 169.169.255.255

inet6 fe80::20c:29ff:feae:1183 prefixlen 64 scopeid 0x20<link>

ether 00:0c:29:ae:11:83 txqueuelen 1000 (Ethernet)

RX packets 1481 bytes 127684 (124.6 KiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 11 bytes 808 (808.0 B)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@docker2 ~]# curl 169.169.36.129

<!DOCTYPE html>

<html>

<head>

<title>Welcome to nginx!</title>

<style>

body {

width: 35em;

margin: 0 auto;

font-family: Tahoma, Verdana, Arial, sans-serif;

}

</style>

</head>

<body>

<h1>Welcome to nginx!</h1>

<p>If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.</p>

<p>For online documentation and support please refer to

<a href="http://nginx.org/">nginx.org</a>.<br/>

service使用cluster ip而非nodeport模式时候，相关NAT 表：

[root@docker2 ~]# iptables -nL -t nat -v
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 5512 2282K KUBE-SERVICES  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes service portals */
  237 33706 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  896 72790 KUBE-SERVICES  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes service portals */
    1    60 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1095 87552 KUBE-POSTROUTING  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes postrouting rules */
  157 12153 MASQUERADE  all  --  *      !docker0  10.2.4.0/24          0.0.0.0/0           
    0     0 MASQUERADE  all  --  *      !docker0  10.1.37.0/24         0.0.0.0/0           

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           

Chain KUBE-MARK-DROP (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            MARK or 0x8000

Chain KUBE-MARK-MASQ (5 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            MARK or 0x4000

Chain KUBE-NODEPORTS (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain KUBE-POSTROUTING (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000

Chain KUBE-SEP-D5T62RWZFFOCR77Q (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-MARK-MASQ  all  --  *      *       10.2.39.3            0.0.0.0/0            /* default/k8s-nginx: */
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/k8s-nginx: */ tcp to:10.2.39.3:80

Chain KUBE-SEP-IK3IYR4STYKRJP77 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-MARK-MASQ  all  --  *      *       10.2.39.2            0.0.0.0/0            /* kube-system/kube-dns:dns-tcp */
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kube-system/kube-dns:dns-tcp */ tcp to:10.2.39.2:53

Chain KUBE-SEP-WV6S37CDULKCYEVE (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-MARK-MASQ  all  --  *      *       10.2.39.2            0.0.0.0/0            /* kube-system/kube-dns:dns */
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kube-system/kube-dns:dns */ udp to:10.2.39.2:53

Chain KUBE-SEP-X7YOSBI66WAQ7F6X (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-MARK-MASQ  all  --  *      *       172.16.199.17        0.0.0.0/0            /* default/kubernetes:https */
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/kubernetes:https */ recent: SET name: KUBE-SEP-X7YOSBI66WAQ7F6X side: source mask: 255.255.255.255 tcp to:172.16.199.17:6443

Chain KUBE-SEP-YXWG4KEJCDIRMCO5 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-MARK-MASQ  all  --  *      *       10.2.4.2             0.0.0.0/0            /* default/k8s-nginx: */
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/k8s-nginx: */ tcp to:10.2.4.2:80

Chain KUBE-SERVICES (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-SVC-NPX46M4PTMTKRN6Y  tcp  --  *      *       0.0.0.0/0            169.169.0.1          /* default/kubernetes:https cluster IP */ tcp dpt:443
    0     0 KUBE-SVC-TCOU7JCQXEZGVUNU  udp  --  *      *       0.0.0.0/0            169.169.0.53         /* kube-system/kube-dns:dns cluster IP */ udp dpt:53
    0     0 KUBE-SVC-ERIFXISQEP7F7OF4  tcp  --  *      *       0.0.0.0/0            169.169.0.53         /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53
    0     0 KUBE-SVC-2RMP45C4XWDG5BGC  tcp  --  *      *       0.0.0.0/0            169.169.36.129       /* default/k8s-nginx: cluster IP */ tcp dpt:80
    0     0 KUBE-NODEPORTS  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL

Chain KUBE-SVC-2RMP45C4XWDG5BGC (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-SEP-D5T62RWZFFOCR77Q  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/k8s-nginx: */ statistic mode random probability 0.50000000000
    0     0 KUBE-SEP-YXWG4KEJCDIRMCO5  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/k8s-nginx: */

Chain KUBE-SVC-ERIFXISQEP7F7OF4 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-SEP-IK3IYR4STYKRJP77  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kube-system/kube-dns:dns-tcp */

Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-SEP-X7YOSBI66WAQ7F6X  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/kubernetes:https */ recent: CHECK seconds: 10800 reap name: KUBE-SEP-X7YOSBI66WAQ7F6X side: source mask: 255.255.255.255
    0     0 KUBE-SEP-X7YOSBI66WAQ7F6X  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/kubernetes:https */

Chain KUBE-SVC-TCOU7JCQXEZGVUNU (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-SEP-WV6S37CDULKCYEVE  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kube-system/kube-dns:dns */

[root@docker2 ~]# iptables -nL -t nat -v

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

5512 2282K KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */

237 33706 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

896 72790 KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */

1 60 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

1095 87552 KUBE-POSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes postrouting rules */

157 12153 MASQUERADE all -- * !docker0 10.2.4.0/24 0.0.0.0/0

0 0 MASQUERADE all -- * !docker0 10.1.37.0/24 0.0.0.0/0

Chain DOCKER (2 references)

pkts bytes target prot opt in out source destination

0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0

Chain KUBE-MARK-DROP (0 references)

pkts bytes target prot opt in out source destination

0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x8000

Chain KUBE-MARK-MASQ (5 references)

pkts bytes target prot opt in out source destination

0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000

Chain KUBE-NODEPORTS (1 references)

pkts bytes target prot opt in out source destination

Chain KUBE-POSTROUTING (1 references)

pkts bytes target prot opt in out source destination

0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000

Chain KUBE-SEP-D5T62RWZFFOCR77Q (1 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-MARK-MASQ all -- * * 10.2.39.3 0.0.0.0/0 /* default/k8s-nginx: */

0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ tcp to:10.2.39.3:80

Chain KUBE-SEP-IK3IYR4STYKRJP77 (1 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-MARK-MASQ all -- * * 10.2.39.2 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */

0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ tcp to:10.2.39.2:53

Chain KUBE-SEP-WV6S37CDULKCYEVE (1 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-MARK-MASQ all -- * * 10.2.39.2 0.0.0.0/0 /* kube-system/kube-dns:dns */

0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */ udp to:10.2.39.2:53

Chain KUBE-SEP-X7YOSBI66WAQ7F6X (2 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-MARK-MASQ all -- * * 172.16.199.17 0.0.0.0/0 /* default/kubernetes:https */

0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: SET name: KUBE-SEP-X7YOSBI66WAQ7F6X side: source mask: 255.255.255.255 tcp to:172.16.199.17:6443

Chain KUBE-SEP-YXWG4KEJCDIRMCO5 (1 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-MARK-MASQ all -- * * 10.2.4.2 0.0.0.0/0 /* default/k8s-nginx: */

0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ tcp to:10.2.4.2:80

Chain KUBE-SERVICES (2 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- * * 0.0.0.0/0 169.169.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443

0 0 KUBE-SVC-TCOU7JCQXEZGVUNU udp -- * * 0.0.0.0/0 169.169.0.53 /* kube-system/kube-dns:dns cluster IP */ udp dpt:53

0 0 KUBE-SVC-ERIFXISQEP7F7OF4 tcp -- * * 0.0.0.0/0 169.169.0.53 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53

0 0 KUBE-SVC-2RMP45C4XWDG5BGC tcp -- * * 0.0.0.0/0 169.169.36.129 /* default/k8s-nginx: cluster IP */ tcp dpt:80

0 0 KUBE-NODEPORTS all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL

Chain KUBE-SVC-2RMP45C4XWDG5BGC (1 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-SEP-D5T62RWZFFOCR77Q all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ statistic mode random probability 0.50000000000

0 0 KUBE-SEP-YXWG4KEJCDIRMCO5 all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */

Chain KUBE-SVC-ERIFXISQEP7F7OF4 (1 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-SEP-IK3IYR4STYKRJP77 all -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */

Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-SEP-X7YOSBI66WAQ7F6X all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: CHECK seconds: 10800 reap name: KUBE-SEP-X7YOSBI66WAQ7F6X side: source mask: 255.255.255.255

0 0 KUBE-SEP-X7YOSBI66WAQ7F6X all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */

Chain KUBE-SVC-TCOU7JCQXEZGVUNU (1 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-SEP-WV6S37CDULKCYEVE all -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */

[root@docker2 ~]# iptables -nL -t filter -v
Chain INPUT (policy ACCEPT 629 packets, 76374 bytes)
 pkts bytes target     prot opt in     out     source               destination         
4355K  556M KUBE-SERVICES  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes service portals */
4376K  558M KUBE-FIREWALL  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 2277  198K DOCKER-ISOLATION  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  154 20792 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
 2123  178K ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  !docker0 docker0  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 607 packets, 54716 bytes)
 pkts bytes target     prot opt in     out     source               destination         
4375K  370M KUBE-SERVICES  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes service portals */
4395K  372M KUBE-FIREWALL  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER-ISOLATION (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 2277  198K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain KUBE-FIREWALL (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000

Chain KUBE-SERVICES (2 references)
 pkts bytes target     prot opt in     out     source               destination

[root@docker2 ~]# iptables -nL -t filter -v

Chain INPUT (policy ACCEPT 629 packets, 76374 bytes)

pkts bytes target prot opt in out source destination

4355K 556M KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */

4376K 558M KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

2277 198K DOCKER-ISOLATION all -- * * 0.0.0.0/0 0.0.0.0/0

154 20792 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED

0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0

2123 178K ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0

0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0

0 0 ACCEPT all -- !docker0 docker0 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 607 packets, 54716 bytes)

pkts bytes target prot opt in out source destination

4375K 370M KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */

4395K 372M KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0

Chain DOCKER (1 references)

pkts bytes target prot opt in out source destination

Chain DOCKER-ISOLATION (1 references)

pkts bytes target prot opt in out source destination

2277 198K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

Chain KUBE-FIREWALL (2 references)

pkts bytes target prot opt in out source destination

0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000

Chain KUBE-SERVICES (2 references)

pkts bytes target prot opt in out source destination

删除上述创建的k8s-nginx service

[root@docker1 app]# kubectl delete service k8s-nginx

然后无法解析出服务名称：

[root@docker1 app]# kubectl exec busybox nslookup k8s-nginx
Server:    169.169.0.53
Address 1: 169.169.0.53 kube-dns.kube-system.svc.cluster.local

Name:      k8s-nginx
Address 1: 45.33.9.234 li963-234.members.linode.com 这是递归到外部了

[root@docker1 app]# kubectl exec busybox nslookup k8s-nginx

Server: 169.169.0.53

Address 1: 169.169.0.53 kube-dns.kube-system.svc.cluster.local

Name: k8s-nginx

Address 1: 45.33.9.234 li963-234.members.linode.com 这是递归到外部了

重新发布一个service，并使用nodeport方式：

kubectl expose deployment k8s-nginx --type=NodePort

1	kubectl expose deployment k8s-nginx --type=NodePort

[root@docker1 app]# kubectl get svc -o wide
NAME         CLUSTER-IP        EXTERNAL-IP   PORT(S)        AGE       SELECTOR
k8s-nginx    169.169.148.143   <nodes>       80:30780/TCP   47s       run=k8s-nginx
kubernetes   169.169.0.1       <none>        443/TCP        2d        <none>

[root@docker1 app]# kubectl get svc -o wide

NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR

k8s-nginx 169.169.148.143 <nodes> 80:30780/TCP 47s run=k8s-nginx

kubernetes 169.169.0.1 <none> 443/TCP 2d <none>

node节点上查看：

[root@docker2 ~]# netstat -pan | grep 30780
tcp6       0      0 :::30780                :::*                    LISTEN      9960/kube-proxy     
[root@docker2 ~]# curl 127.0.0.1:30780
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

[root@docker2 ~]# netstat -pan | grep 30780

tcp6 0 0 :::30780 :::* LISTEN 9960/kube-proxy

[root@docker2 ~]# curl 127.0.0.1:30780

<!DOCTYPE html>

<html>

<head>

<title>Welcome to nginx!</title>

<style>

body {

width: 35em;

margin: 0 auto;

font-family: Tahoma, Verdana, Arial, sans-serif;

}

</style>

</head>

<body>

<h1>Welcome to nginx!</h1>

<p>If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.</p>

<p>For online documentation and support please refer to

<a href="http://nginx.org/">nginx.org</a>.<br/>

Commercial support is available at

<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>

</body>

</html>

node port类型下的NAT表规则：

[root@docker2 ~]# iptables -nL -t nat -v
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 5612 2316K KUBE-SERVICES  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes service portals */
  256 36555 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  936 76333 KUBE-SERVICES  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes service portals */
    1    60 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1150 92124 KUBE-POSTROUTING  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes postrouting rules */
  172 13182 MASQUERADE  all  --  *      !docker0  10.2.4.0/24          0.0.0.0/0           
    0     0 MASQUERADE  all  --  *      !docker0  10.1.37.0/24         0.0.0.0/0           

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           

Chain KUBE-MARK-DROP (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            MARK or 0x8000

Chain KUBE-MARK-MASQ (6 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            MARK or 0x4000

Chain KUBE-NODEPORTS (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-MARK-MASQ  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/k8s-nginx: */ tcp dpt:30780
    0     0 KUBE-SVC-2RMP45C4XWDG5BGC  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/k8s-nginx: */ tcp dpt:30780

Chain KUBE-POSTROUTING (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000

Chain KUBE-SEP-D5T62RWZFFOCR77Q (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-MARK-MASQ  all  --  *      *       10.2.39.3            0.0.0.0/0            /* default/k8s-nginx: */
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/k8s-nginx: */ tcp to:10.2.39.3:80

Chain KUBE-SEP-IK3IYR4STYKRJP77 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-MARK-MASQ  all  --  *      *       10.2.39.2            0.0.0.0/0            /* kube-system/kube-dns:dns-tcp */
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kube-system/kube-dns:dns-tcp */ tcp to:10.2.39.2:53

Chain KUBE-SEP-WV6S37CDULKCYEVE (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-MARK-MASQ  all  --  *      *       10.2.39.2            0.0.0.0/0            /* kube-system/kube-dns:dns */
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kube-system/kube-dns:dns */ udp to:10.2.39.2:53

Chain KUBE-SEP-X7YOSBI66WAQ7F6X (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-MARK-MASQ  all  --  *      *       172.16.199.17        0.0.0.0/0            /* default/kubernetes:https */
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/kubernetes:https */ recent: SET name: KUBE-SEP-X7YOSBI66WAQ7F6X side: source mask: 255.255.255.255 tcp to:172.16.199.17:6443

Chain KUBE-SEP-YXWG4KEJCDIRMCO5 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-MARK-MASQ  all  --  *      *       10.2.4.2             0.0.0.0/0            /* default/k8s-nginx: */
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/k8s-nginx: */ tcp to:10.2.4.2:80

Chain KUBE-SERVICES (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-SVC-NPX46M4PTMTKRN6Y  tcp  --  *      *       0.0.0.0/0            169.169.0.1          /* default/kubernetes:https cluster IP */ tcp dpt:443
    0     0 KUBE-SVC-TCOU7JCQXEZGVUNU  udp  --  *      *       0.0.0.0/0            169.169.0.53         /* kube-system/kube-dns:dns cluster IP */ udp dpt:53
    0     0 KUBE-SVC-ERIFXISQEP7F7OF4  tcp  --  *      *       0.0.0.0/0            169.169.0.53         /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53
    0     0 KUBE-SVC-2RMP45C4XWDG5BGC  tcp  --  *      *       0.0.0.0/0            169.169.148.143      /* default/k8s-nginx: cluster IP */ tcp dpt:80
    0     0 KUBE-NODEPORTS  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL

Chain KUBE-SVC-2RMP45C4XWDG5BGC (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-SEP-D5T62RWZFFOCR77Q  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/k8s-nginx: */ statistic mode random probability 0.50000000000
    0     0 KUBE-SEP-YXWG4KEJCDIRMCO5  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/k8s-nginx: */

Chain KUBE-SVC-ERIFXISQEP7F7OF4 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-SEP-IK3IYR4STYKRJP77  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kube-system/kube-dns:dns-tcp */

Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-SEP-X7YOSBI66WAQ7F6X  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/kubernetes:https */ recent: CHECK seconds: 10800 reap name: KUBE-SEP-X7YOSBI66WAQ7F6X side: source mask: 255.255.255.255
    0     0 KUBE-SEP-X7YOSBI66WAQ7F6X  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* default/kubernetes:https */

Chain KUBE-SVC-TCOU7JCQXEZGVUNU (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 KUBE-SEP-WV6S37CDULKCYEVE  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kube-system/kube-dns:dns */

[root@docker2 ~]# iptables -nL -t nat -v

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

5612 2316K KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */

256 36555 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

936 76333 KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */

1 60 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

1150 92124 KUBE-POSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes postrouting rules */

172 13182 MASQUERADE all -- * !docker0 10.2.4.0/24 0.0.0.0/0

0 0 MASQUERADE all -- * !docker0 10.1.37.0/24 0.0.0.0/0

Chain DOCKER (2 references)

pkts bytes target prot opt in out source destination

0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0

Chain KUBE-MARK-DROP (0 references)

pkts bytes target prot opt in out source destination

0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x8000

Chain KUBE-MARK-MASQ (6 references)

pkts bytes target prot opt in out source destination

0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000

Chain KUBE-NODEPORTS (1 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-MARK-MASQ tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ tcp dpt:30780

0 0 KUBE-SVC-2RMP45C4XWDG5BGC tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ tcp dpt:30780

Chain KUBE-POSTROUTING (1 references)

pkts bytes target prot opt in out source destination

0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000

Chain KUBE-SEP-D5T62RWZFFOCR77Q (1 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-MARK-MASQ all -- * * 10.2.39.3 0.0.0.0/0 /* default/k8s-nginx: */

0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ tcp to:10.2.39.3:80

Chain KUBE-SEP-IK3IYR4STYKRJP77 (1 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-MARK-MASQ all -- * * 10.2.39.2 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */

0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */ tcp to:10.2.39.2:53

Chain KUBE-SEP-WV6S37CDULKCYEVE (1 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-MARK-MASQ all -- * * 10.2.39.2 0.0.0.0/0 /* kube-system/kube-dns:dns */

0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns */ udp to:10.2.39.2:53

Chain KUBE-SEP-X7YOSBI66WAQ7F6X (2 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-MARK-MASQ all -- * * 172.16.199.17 0.0.0.0/0 /* default/kubernetes:https */

0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: SET name: KUBE-SEP-X7YOSBI66WAQ7F6X side: source mask: 255.255.255.255 tcp to:172.16.199.17:6443

Chain KUBE-SEP-YXWG4KEJCDIRMCO5 (1 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-MARK-MASQ all -- * * 10.2.4.2 0.0.0.0/0 /* default/k8s-nginx: */

0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ tcp to:10.2.4.2:80

Chain KUBE-SERVICES (2 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- * * 0.0.0.0/0 169.169.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443

0 0 KUBE-SVC-TCOU7JCQXEZGVUNU udp -- * * 0.0.0.0/0 169.169.0.53 /* kube-system/kube-dns:dns cluster IP */ udp dpt:53

0 0 KUBE-SVC-ERIFXISQEP7F7OF4 tcp -- * * 0.0.0.0/0 169.169.0.53 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53

0 0 KUBE-SVC-2RMP45C4XWDG5BGC tcp -- * * 0.0.0.0/0 169.169.148.143 /* default/k8s-nginx: cluster IP */ tcp dpt:80

0 0 KUBE-NODEPORTS all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL

Chain KUBE-SVC-2RMP45C4XWDG5BGC (2 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-SEP-D5T62RWZFFOCR77Q all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */ statistic mode random probability 0.50000000000

0 0 KUBE-SEP-YXWG4KEJCDIRMCO5 all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/k8s-nginx: */

Chain KUBE-SVC-ERIFXISQEP7F7OF4 (1 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-SEP-IK3IYR4STYKRJP77 all -- * * 0.0.0.0/0 0.0.0.0/0 /* kube-system/kube-dns:dns-tcp */

Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references)

pkts bytes target prot opt in out source destination

0 0 KUBE-SEP-X7YOSBI66WAQ7F6X all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ recent: CHECK seconds: 10800 reap name: KUBE-SEP-X7YOSBI66WAQ7F6X side: source mask: 255.255.255.255