Reputation: 473
Kubernetes iptables - should the master node be running pods?
In my kubernetes cluster I have a flannel overlay configured. the iptables on the master node and the minions are not the same. I understand that this is by design but it creates the problem that pods can't run on the master node: on the master, external IP addresses (for a service) are not resolved.
On the minions there is a KUBE-PORTALS-CONTAINER and KUBE-PORTALS-HOST chain which redirects service cluster and external IP addresses. Static routes redirect this traffic to the master which actually resolves the addresses.
On the master there isn't the 2 chains mentioned above but instead there is a KUBE-SERVICES chain which resolves services IPs to pod IP addresses.
Is there a way to configure the master node to have the chains that the nodes have as well as the service resolution chain too?
Upvotes: 0
Views: 381
Answers (1)
Reputation: 2835
Pods are running on Kubernetes nodes (formerly called minions) but not on masters, see Kubernetes architecture. You may also find the debugging Service doc helpful.
Upvotes: 1
Related Questions
- How to gracefully remove a node from Kubernetes?
- Difference between ClusterIP, NodePort and LoadBalancer service types in Kubernetes?
- Pods cannot resolve kubernetes DNS
- impaired / delayed connectivity of Cluster-IPs from k8s master node
- Can not curl pod on different node in Kubernetes
- Kubernetes service on windows node not reachable
- Implementing iptables rules on Kubernetes nodes
- KUBE_SERVICE inserting REJECT rules in iptables
- Kuberetes V1.6.2 flannel not running on master node
- Extend kubernetes internal network to a Master only node