Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Kubernetes service IP / container DNAT broken in 1262.0.0 #1743
Under Kubernetes, pod to pod communication via service IP within a
Observed on both bare metal and Vagrant + VirtualBox locally.
In Kubernetes, I can define a service which targets a set of pods and
With a cluster running on the latest alpha (1262.0.0), pods cannot be
The following does work on the same node:
This isn't actually specific to Kubernetes, I have an alpha-nat
Check out that branch and run either
# Works from host core@core-01 ~ $ curl http://10.3.0.100:8080 CLIENT VALUES: client_address=10.0.2.15 ... # Fails from another container on broken version core@core-01 ~ $ docker run --rm busybox wget -O- -T5 http://10.3.0.100:8080 Connecting to 10.3.0.100:8080 (10.3.0.100:8080) wget: download timed out
You could also use cloud-config in the
Another option is to launch a Kubernetes cluster with a single
Starting the same
coreos/coreos-overlay#2300 landed in 1262.0.0 -- I tried not marking
I encountered the same issue doing a straight upgrade from 1185.2.0 to 1262.0.0.
Everything worked perfectly except the aforementioned service connectivity issues from within containers (Host machine to service, other machine to service, direct ip from container etc all worked).
Rolling back to 1185.2.0 worked after deleting /var/lib/docker/network/files/local-kv.db
I didn't try that and I can, but it looks unrelated. We solved the issue with a change in configuration. Removing the flag "--iptables=false" from the docker setting "fixed" the problems. The effect that we were seeing before was a missing NAT on the response coming from the pod running on the same host.