I followed pretty much the standard kubernetes 1.6 setup guide. https://kubernetes.io/docs/getting-started-guides/kubeadm/#pod-network
So I just grabbed flannel.yaml here. https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml -> Ver 0.7.1 seems to always deploy apps to guest node rather than the current master node. So I changed the ver to 0.7.0 and it deploys to BOTH master and guest nodes. and flannel-rbac.yml https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel-rbac.yml Now for your suggestions :) $ ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 12:13:3a:ca:00:10 brd ff:ff:ff:ff:ff:ff inet 50.1.111.181/24 brd 50.1.111.255 scope global eth0 valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether 02:42:4e:90:2d:24 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 scope global docker0 valid_lft forever preferred_lft forever 6: cni0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1472 qdisc noqueue state UP qlen 1000 link/ether 0a:58:0a:f4:00:01 brd ff:ff:ff:ff:ff:ff inet 10.244.0.1/24 scope global cni0 valid_lft forever preferred_lft forever 13: flannel0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state UNKNOWN qlen 500 link/none inet 10.244.0.0/16 scope global flannel0 valid_lft forever preferred_lft forever 14: vetha45b5730@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1472 qdisc noqueue master cni0 state UP link/ether 1a:b9:19:e4:21:58 brd ff:ff:ff:ff:ff:ff link-netnsid 0 15: vethcb19a152@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1472 qdisc noqueue master cni0 state UP link/ether 36:4e:31:51:38:64 brd ff:ff:ff:ff:ff:ff link-netnsid 1 $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 50.1.111.1 0.0.0.0 UG 100 0 0 eth0 10.244.0.0 0.0.0.0 255.255.255.0 U 0 0 0 cni0 10.244.0.0 0.0.0.0 255.255.0.0 U 0 0 0 flannel0 10.244.0.0 0.0.0.0 255.255.0.0 U 2 0 0 flannel0 50.1.111.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 $ sudo iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */ PREROUTING_direct all -- anywhere anywhere PREROUTING_ZONES_SOURCE all -- anywhere anywhere PREROUTING_ZONES all -- anywhere anywhere DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */ OUTPUT_direct all -- anywhere anywhere DOCKER all -- anywhere !loopback/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT) target prot opt source destination KUBE-POSTROUTING all -- anywhere anywhere /* kubernetes postrouting rules */ MASQUERADE all -- 172.17.0.0/16 anywhere POSTROUTING_direct all -- anywhere anywhere POSTROUTING_ZONES_SOURCE all -- anywhere anywhere POSTROUTING_ZONES all -- anywhere anywhere RETURN all -- bef-dev-kubeadm-master/16 bef-dev-kubeadm-master/16 MASQUERADE all -- bef-dev-kubeadm-master/16 !base-address.mcast.net/4 MASQUERADE all -- !bef-dev-kubeadm-master/16 bef-dev-kubeadm-master/16 Chain DOCKER (2 references) target prot opt source destination RETURN all -- anywhere anywhere Chain KUBE-MARK-DROP (0 references) target prot opt source destination MARK all -- anywhere anywhere MARK or 0x8000 Chain KUBE-MARK-MASQ (6 references) target prot opt source destination MARK all -- anywhere anywhere MARK or 0x4000 Chain KUBE-NODEPORTS (1 references) target prot opt source destination Chain KUBE-POSTROUTING (1 references) target prot opt source destination MASQUERADE all -- anywhere anywhere /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000 Chain KUBE-SEP-4IHXB76RSMVLITDK (1 references) target prot opt source destination KUBE-MARK-MASQ all -- 10.244.0.117 anywhere /* kube-system/kube-dns:dns */ DNAT udp -- anywhere anywhere /* kube-system/kube-dns:dns */ udp to:10.244.0.117:53 Chain KUBE-SEP-CZ6ETURPXDAIJEKZ (1 references) target prot opt source destination KUBE-MARK-MASQ all -- 10.244.0.117 anywhere /* kube-system/kube-dns:dns-tcp */ DNAT tcp -- anywhere anywhere /* kube-system/kube-dns:dns-tcp */ tcp to:10.244.0.117:53 Chain KUBE-SEP-ZGC6TZD6RICYJPAF (2 references) target prot opt source destination KUBE-MARK-MASQ all -- bef-dev-kubeadm-master anywhere /* default/kubernetes:https */ DNAT tcp -- anywhere anywhere /* default/kubernetes:https */ recent: SET name: KUBE-SEP-ZGC6TZD6RICYJPAF side: source mask: 255.255.255.255 tcp to:50.1.111.181:6443 Chain KUBE-SERVICES (2 references) target prot opt source destination KUBE-MARK-MASQ tcp -- !bef-dev-kubeadm-master/16 10.96.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:https KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- anywhere 10.96.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:https KUBE-MARK-MASQ udp -- !bef-dev-kubeadm-master/16 10.96.0.10 /* kube-system/kube-dns:dns cluster IP */ udp dpt:domain KUBE-SVC-TCOU7JCQXEZGVUNU udp -- anywhere 10.96.0.10 /* kube-system/kube-dns:dns cluster IP */ udp dpt:domain KUBE-MARK-MASQ tcp -- !bef-dev-kubeadm-master/16 10.96.0.10 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:domain KUBE-SVC-ERIFXISQEP7F7OF4 tcp -- anywhere 10.96.0.10 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:domain KUBE-NODEPORTS all -- anywhere anywhere /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL Chain KUBE-SVC-ERIFXISQEP7F7OF4 (1 references) target prot opt source destination KUBE-SEP-CZ6ETURPXDAIJEKZ all -- anywhere anywhere /* kube-system/kube-dns:dns-tcp */ Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references) target prot opt source destination KUBE-SEP-ZGC6TZD6RICYJPAF all -- anywhere anywhere /* default/kubernetes:https */ recent: CHECK seconds: 10800 reap name: KUBE-SEP-ZGC6TZD6RICYJPAF side: source mask: 255.255.255.255 KUBE-SEP-ZGC6TZD6RICYJPAF all -- anywhere anywhere /* default/kubernetes:https */ Chain KUBE-SVC-TCOU7JCQXEZGVUNU (1 references) target prot opt source destination KUBE-SEP-4IHXB76RSMVLITDK all -- anywhere anywhere /* kube-system/kube-dns:dns */ Chain OUTPUT_direct (1 references) target prot opt source destination Chain POSTROUTING_ZONES (1 references) target prot opt source destination POST_public all -- anywhere anywhere [goto] POST_public all -- anywhere anywhere [goto] Chain POSTROUTING_ZONES_SOURCE (1 references) target prot opt source destination Chain POSTROUTING_direct (1 references) target prot opt source destination Chain POST_public (2 references) target prot opt source destination POST_public_log all -- anywhere anywhere POST_public_deny all -- anywhere anywhere POST_public_allow all -- anywhere anywhere Chain POST_public_allow (1 references) target prot opt source destination Chain POST_public_deny (1 references) target prot opt source destination Chain POST_public_log (1 references) target prot opt source destination Chain PREROUTING_ZONES (1 references) target prot opt source destination PRE_public all -- anywhere anywhere [goto] PRE_public all -- anywhere anywhere [goto] Chain PREROUTING_ZONES_SOURCE (1 references) target prot opt source destination Chain PREROUTING_direct (1 references) target prot opt source destination Chain PRE_public (2 references) target prot opt source destination PRE_public_log all -- anywhere anywhere PRE_public_deny all -- anywhere anywhere PRE_public_allow all -- anywhere anywhere Chain PRE_public_allow (1 references) target prot opt source destination Chain PRE_public_deny (1 references) target prot opt source destination Chain PRE_public_log (1 references) target prot opt source destination $ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination KUBE-FIREWALL all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere INPUT_direct all -- anywhere anywhere INPUT_ZONES_SOURCE all -- anywhere anywhere INPUT_ZONES all -- anywhere anywhere DROP all -- anywhere anywhere ctstate INVALID REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy DROP) target prot opt source destination DOCKER-ISOLATION all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere FORWARD_direct all -- anywhere anywhere FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere FORWARD_IN_ZONES all -- anywhere anywhere FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere FORWARD_OUT_ZONES all -- anywhere anywhere DROP all -- anywhere anywhere ctstate INVALID REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */ KUBE-FIREWALL all -- anywhere anywhere OUTPUT_direct all -- anywhere anywhere Chain DOCKER (1 references) target prot opt source destination Chain DOCKER-ISOLATION (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain FORWARD_IN_ZONES (1 references) target prot opt source destination FWDI_public all -- anywhere anywhere [goto] FWDI_public all -- anywhere anywhere [goto] Chain FORWARD_IN_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_OUT_ZONES (1 references) target prot opt source destination FWDO_public all -- anywhere anywhere [goto] FWDO_public all -- anywhere anywhere [goto] Chain FORWARD_OUT_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_direct (1 references) target prot opt source destination Chain FWDI_public (2 references) target prot opt source destination FWDI_public_log all -- anywhere anywhere FWDI_public_deny all -- anywhere anywhere FWDI_public_allow all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere Chain FWDI_public_allow (1 references) target prot opt source destination Chain FWDI_public_deny (1 references) target prot opt source destination Chain FWDI_public_log (1 references) target prot opt source destination Chain FWDO_public (2 references) target prot opt source destination FWDO_public_log all -- anywhere anywhere FWDO_public_deny all -- anywhere anywhere FWDO_public_allow all -- anywhere anywhere Chain FWDO_public_allow (1 references) target prot opt source destination Chain FWDO_public_deny (1 references) target prot opt source destination Chain FWDO_public_log (1 references) target prot opt source destination Chain INPUT_ZONES (1 references) target prot opt source destination IN_public all -- anywhere anywhere [goto] IN_public all -- anywhere anywhere [goto] Chain INPUT_ZONES_SOURCE (1 references) target prot opt source destination Chain INPUT_direct (1 references) target prot opt source destination Chain IN_public (2 references) target prot opt source destination IN_public_log all -- anywhere anywhere IN_public_deny all -- anywhere anywhere IN_public_allow all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere Chain IN_public_allow (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:sun-sr-https ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:https ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:31619 ctstate NEW ACCEPT udp -- anywhere anywhere udp dpt:8285 ctstate NEW ACCEPT tcp -- anywhere anywhere tcp dpt:10250 ctstate NEW ACCEPT udp -- anywhere anywhere udp dpt:otv ctstate NEW Chain IN_public_deny (1 references) target prot opt source destination Chain IN_public_log (1 references) target prot opt source destination Chain KUBE-FIREWALL (2 references) target prot opt source destination DROP all -- anywhere anywhere /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000 Chain KUBE-SERVICES (1 references) target prot opt source destination Chain OUTPUT_direct (1 references) target prot opt source destination -------------------------- Thanks! --------------------------------- 2017년 5월 19일 금요일 오전 1시 58분 42초 UTC+9, Brandon Philips 님의 말: > > What instructions did you follow to setup flannel? Link? > > Output from `ip addr`, `route -n`, `iptables -L -t nat`, and `iptables -L` > is helpful as well. > > This reminds me we need a better set of docs that lists these things out > for filing issues. > > Thanks, > > Brandon > > On Wed, May 17, 2017 at 11:31 PM Sonic Lee <mcs...@gmail.com <javascript:>> > wrote: > >> I have set up kubeadm 1.6.1, and trying to use flannel. >> I can set up kubeadm init and have another node join, so I have two nodes >> like this. >> NAME STATUS AGE VERSION >> master Ready 23m v1.6.1 >> node1 Ready 14m v1.6.1 >> >> I can set up flannel fine, and it will show that DNS is running and all, >> but when I actually deploy a nodeJS with replication of 2 I just cannot >> curl slave's pod from master node PC. >> >> Master node pod: 10.244.0.126 >> Slave node pod: 10.244.1.126 >> >> [master] curl 10.244.1.126:8080 >> This will hang and it will ONLY work if I curl from slave node PC. >> >> Does anyone have any experience with this? >> Thanks in advance. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Kubernetes user discussion and Q&A" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to kubernetes-use...@googlegroups.com <javascript:>. >> To post to this group, send email to kubernet...@googlegroups.com >> <javascript:>. >> Visit this group at https://groups.google.com/group/kubernetes-users. >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
