Si estas usando minikube tenes que entrar al cluster por ssh para poder ver las reglas de iptables.
Cuando inicias minikube minikube start --nodes 5 -p cluster_name
luego de -p es el profile de tu cluster, pone el nombre que creas conveniente. Ejemplo minikube start --nodes 5 -p test
Luego entras por ssh
minikube ssh -p cluster_name
en mi caso minikube ssh -p test
Adentro revisas las reglas de iptables con los comandos que paso el profesor:
sudo iptables -t nat -L OUTPUT
output
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
KUBE-SERVICES all -- anywhere anywhere /* kubernetes service portals */
DOCKER_OUTPUT all -- anywhere host.minikube.internal
DOCKER all -- anywhere !localhost/8 ADDRTYPE match dst-type LOCAL
sudo iptables -t nat -nL KUBE-SERVICES
output
Chain KUBE-SERVICES (2 references)
target prot opt source destination
KUBE-MARK-MASQ tcp -- !10.244.0.0/16 10.96.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443
KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- 0.0.0.0/0 10.96.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443
KUBE-MARK-MASQ udp -- !10.244.0.0/16 10.96.0.10 /* kube-system/kube-dns:dns cluster IP */ udp dpt:53
KUBE-SVC-TCOU7JCQXEZGVUNU udp -- 0.0.0.0/0 10.96.0.10 /* kube-system/kube-dns:dns cluster IP */ udp dpt:53
KUBE-MARK-MASQ tcp -- !10.244.0.0/16 10.96.0.10 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53
KUBE-SVC-ERIFXISQEP7F7OF4 tcp -- 0.0.0.0/0 10.96.0.10 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53
KUBE-MARK-MASQ tcp -- !10.244.0.0/16 10.96.0.10 /* kube-system/kube-dns:metrics cluster IP */ tcp dpt:9153
KUBE-SVC-JD5MR3NA4I4DYORP tcp -- 0.0.0.0/0 10.96.0.10 /* kube-system/kube-dns:metrics cluster IP */ tcp dpt:9153
KUBE-MARK-MASQ tcp -- !10.244.0.0/16 10.107.149.250 /* default/httpenv cluster IP */ tcp dpt:8888
KUBE-SVC-6ZVPY37LGINYSSPR tcp -- 0.0.0.0/0 10.107.149.250 /* default/httpenv cluster IP */ tcp dpt:8888
KUBE-NODEPORTS all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL
En mi caso voy a ver las reglas de la ip del servicio 10.107.149.250
sudo iptables -t nat -nL sudo iptables -t nat -nL KUBE-SVC-6ZVPY37LGINYSSPR
output
Chain KUBE-SVC-6ZVPY37LGINYSSPR (1 references)
target prot opt source destination
KUBE-SEP-UTACH3V2EFGNGWSL all -- 0.0.0.0/0 0.0.0.0/0 /* default/httpenv */ statistic mode random probability 0.10000000009
KUBE-SEP-OBKCIYINKH75NNAU all -- 0.0.0.0/0 0.0.0.0/0 /* default/httpenv */ statistic mode random probability 0.11111111101
KUBE-SEP-2BAZO7KUFC5W4VUP all -- 0.0.0.0/0 0.0.0.0/0 /* default/httpenv */ statistic mode random probability 0.12500000000
KUBE-SEP-H2O72PL5EVFXTZBK all -- 0.0.0.0/0 0.0.0.0/0 /* default/httpenv */ statistic mode random probability 0.14285714272
KUBE-SEP-BZIDQWP33MHSLDLW all -- 0.0.0.0/0 0.0.0.0/0 /* default/httpenv */ statistic mode random probability 0.16666666651
KUBE-SEP-U4OA2VHREJS6ZEJF all -- 0.0.0.0/0 0.0.0.0/0 /* default/httpenv */ statistic mode random probability 0.20000000019
KUBE-SEP-ZN5OKFENC7VMGVKJ all -- 0.0.0.0/0 0.0.0.0/0 /* default/httpenv */ statistic mode random probability 0.25000000000
KUBE-SEP-KUCY6OLHFSCAHRUH all -- 0.0.0.0/0 0.0.0.0/0 /* default/httpenv */ statistic mode random probability 0.33333333349
KUBE-SEP-2L47EJAEPVOMIKY7 all -- 0.0.0.0/0 0.0.0.0/0 /* default/httpenv */ statistic mode random probability 0.50000000000
KUBE-SEP-AOU4T5P455EZE2YM all -- 0.0.0.0/0 0.0.0.0/0 /* default/httpenv */
Veo alguna regla para revisar
sudo iptables -t nat -nL KUBE-SEP-UTACH3V2EFGNGWSL
output
Chain KUBE-SEP-UTACH3V2EFGNGWSL (1 references)
target prot opt source destination
KUBE-MARK-MASQ all -- 10.244.1.3 0.0.0.0/0 /* default/httpenv */
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/httpenv */ tcp to:10.244.1.3:8888
¿Quieres ver más aportes, preguntas y respuestas de la comunidad?