Thanks a lot, I successfully solve this problem with your method, when
using kubernetes service to connect namenode and datanode.
1. Update docker version: ( from 1.9.1 to 1.12.1)
sudo curl -sSL https://get.docker.com/ | sh
2. Stop docker service, and use --ip-masq=false:
sudo service docker stop
Then it works. Sorry for my poor English.
在 2015年1月17日星期六 UTC+8上午1:49:57，prateek arora写道：
> I am also facing the same issue with HDFS setup with kubernetes and flannel
> I have used --ip-masq=false when starting the Docker daemon and start
> flannel with --ip-masq=true..
> so right now my Datanode's is connecting to namenode using kubernet api .
> but when i tried with kubernet service namenode registers the datanode
> with the IP of the flannel interface.
> you suggested second solution :
> ---- Use flannel with --ip-masq=false, and apply IP masquerading for only
> the traffic leaving the network (to the Internet) using iptables.
> can you please tell me the iptables command to apply this solution.
> On Friday, January 2, 2015 at 11:21:48 AM UTC-8, Eugene Yakubovich wrote:
>> After looking at the logs and thinking some more, I think my previous
>> story was not correct. It should be more like this:
>> - connection is made from a container (pod) to a 10.1.x.x service IP
>> from a flannel IP (10.244.x.x).
>> - it first hits KUBE-PROXY PREROUTING rule which redirects it to the
>> service proxy.
>> - service proxy makes a connection to namenode which has 10.244.x.x
>> (flannel) IP. Since the route for such IPs is via flannel0, the source
>> IP will be that of flannel0 (10.244.x.0).
>> - FLANNEL:MASQUERADE is NOT applied but the src IP is nevertheless
>> that of flannel0.
>> This is actually consistent with the iptables logs as there's no trace
>> showing FLANNEL:rule:3 (masquerade) being applied. I'm not sure what
>> causes FLANNEL:MASQUERADE pkts to increment (it maybe some other
>> Regarding how to best solve this. You proposed:
>> > 1. Inside a Datanode container, use Kubernetes API to get the actual IP
>> of Namenode and use that to connect the namenode.
>> > 2. Use flannel with --ip-masq=false, and apply IP masquerading for only
>> the traffic leaving the network (to the Internet) using iptables.
>> Option 2 is not workable as it doesn't seem to be the cause. So that
>> leaves option 1.
>> On Fri, Jan 2, 2015 at 6:06 AM, Luqman <lgs...@gmail.com> wrote:
>> > Eugene, do you know what's going on here?
>> > --
>> > You received this message because you are subscribed to a topic in the
>> > Google Groups "Containers at Google" group.
>> > To unsubscribe from this topic, visit
>> > To unsubscribe from this group and all its topics, send an email to
>> > google-contain...@googlegroups.com.
>> > To post to this group, send email to google-c...@googlegroups.com.
>> > Visit this group at http://groups.google.com/group/google-containers.
>> > For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.