K
Q

Unable to access the internet from Kubernetes containers

2/3/2015

I am working with the Vagrant Kubernetes 0.9.3 setup on Mac OSX.

Environment:

  • Kubernetes 0.9.3
  • Vagrant 1.7.2
  • VirtualBox-4.3.20-96996-OSX

I am able to successfully deploy images and start containers in a single minion environment:

master

minion-1

I am unable to access the Internet from inside a running container. I can access the Internet from the minion-1 machine.

I setup the environment using Vagrant

/kubernetes$ export KUBERNETES_PROVIDER=vagrant
/kubernetes$ vagrant up

...(initialization logs and successful setup of master + minion-1 in Virtualbox)

ssh into the minion-1 machine to ensure Internet connectivity

/kubernetes$ vagrant ssh minion-1
[vagrant@kubernetes-minion-1 ~]$ ping google.com
PING google.com (173.194.123.37) 56(84) bytes of data.
64 bytes from lga15s47-in-f5.1e100.net (173.194.123.37): icmp_seq=1 ttl=63 time=89.3 ms

The previous was successful in connecting

Below you can see that the container does not seem to be able to access the Internet.

[vagrant@kubernetes-minion-1 ~]$ sudo docker run -it --rm ubuntu /bin/bash
Unable to find image 'ubuntu:latest' locally
ubuntu:latest: The image you are pulling has been verified
27d47432a69b: Downloading [=============================================>     ] 180.6 MB/197.2 MB 44s
5f92234dcf1e: Download complete 
51a9c7c1f8bb: Download complete 
5ba9dab47459: Download complete 
511136ea3c5a: Already exists 
27d47432a69b: Pull complete 
5f92234dcf1e: Pull complete 
51a9c7c1f8bb: Pull complete 
5ba9dab47459: Pull complete 

Status: Downloaded newer image for ubuntu:latest

Inside Ubuntu container

root@84914a7e5184:/# ping google.com
ping: unknown host google.com
root@84914a7e5184:/# sudo apt-get update  
Err http://archive.ubuntu.com trusty InRelease

Err http://archive.ubuntu.com trusty-updates InRelease

Err http://archive.ubuntu.com trusty-security InRelease

Err http://archive.ubuntu.com trusty Release.gpg
Could not resolve 'archive.ubuntu.com'
Err http://archive.ubuntu.com trusty-updates Release.gpg
Could not resolve 'archive.ubuntu.com'
Err http://archive.ubuntu.com trusty-security Release.gpg
Could not resolve 'archive.ubuntu.com'
Reading package lists... Done
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/InRelease  

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/InRelease  

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/InRelease  

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/Release.gpg  Could not resolve 'archive.ubuntu.com'

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/Release.gpg  Could not resolve 'archive.ubuntu.com'

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/Release.gpg  Could not resolve 'archive.ubuntu.com'

W: Some index files failed to download. They have been ignored, or old ones used instead.
root@84914a7e5184:/#

Is this a problem with the Vagrant setup or is this intentional in the Kubernetes framework? If so, what is the proper way to access the Internet?

-- Alex Beggs
docker
kubernetes
vagrant

Similar Questions

What is the role of the node level bridge in overlay networking?
Service host/port undefined, Kubernetes/Google Container Engine
How do you update a node/minion's label in Kubernetes?
oAuth 2 implementation before moving google container

1 Answer

2/3/2015

This is not intentional. Containers should be able to see the external internet. My guess is that there is something wrong in your Vagrant network setup, possibly due to your host machine firewalling packets from the container IPs.

-- brendan
Source: StackOverflow