kubernetes - Kubernetes POD无法解析Internet地址

Question

我在家庭实验室的1个主节点和2个以Calico作为CNI的节点上的Ubuntu 16.04上使用kubeadm构建了一个Kubernetes集群。所有节点都可以在其控制台上解析Internet地址，但是我注意到我部署的Pod无法访问Internet的问题。 CoreDNS似乎工作正常。话虽这么说，我在Kubernetes集群上需要做些什么或进行配置，以便默认情况下我部署的Pod可以访问Internet？

cloudadmin@vra-vmwlab-cloud-vm-318:~$ kubectl exec -ti busybox -- nslookup kubernetes.default
Server:    10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local
Name:      kubernetes.default
Address 1: 10.96.0.1 kubernetes.default.svc.cluster.local

cloudadmin@vra-vmwlab-cloud-vm-318:~$ kubectl exec -ti busybox -- ping google.com
ping: bad address 'google.com'
from the busybox Pod i can see its pointing to the right dns ip but still it cant reach google.com as you see above

cloudadmin@vra-vmwlab-cloud-vm-318:~$ kubectl exec -ti busybox -- sh
/ # cat /etc/resolv.conf

nameserver 10.96.0.10
search default.svc.cluster.local svc.cluster.local cluster.local vmwlab.local
options ndots:5

对此的任何帮助表示赞赏。谢谢

Answer 1

问题已修复..
在https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/文档中，它提到了以下内容:

Letting iptables see bridged traffic 
Make sure that the br_netfilter module is loaded. This can be done by running lsmod | grep br_netfilter. To load it explicitly call sudo modprobe br_netfilter.

As a requirement for your Linux Node's iptables to correctly see bridged traffic, you should ensure net.bridge.bridge-nf-call-iptables is set to 1 in your sysctl config, e.g.

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system

我还选择使用Weave Net代替calico作为CNI