K
Q

Pod accepting socket connection cannot see initiating pod's IP, if located on different kubernetes nodes

12/16/2015

System: kubernetes cluster running on vagrant using virtualbox
Pod A: 10.246.79.2 on minion 2
Pod B: 10.246.61.3 on minion 3
Pod C: 10.246.61.2 on minion 3

When a container in Pod C accepts a socket connection from Pod A, it sees the peer socket IP as 10.246.79.0, which happens to be the IP address of the flannel0 interface on minion 2.

Is there something wrong with my network configuration? I used the defaults that came with vagrant.

UPDATE: Actually, I found that the problem is due to IP Masquerading. I found this in iptables:

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 10.246.79.0/24 0.0.0.0/0

However, I thought flannel was set up with masquerading turned off:
[vagrant@kubernetes-minion-2 ~]$ cat /run/flannel/subnet.env
FLANNEL_SUBNET=10.246.79.1/24
FLANNEL_MTU=1472
FLANNEL_IPMASQ=false

So I'm still confused...

-- Angela L
kubernetes
vagrant

Similar Questions

How to reach Kubernetes service from another computer?
how to update kubernetes replication controller?
Kubernetes. HTTPS API return `Unauthorized`
Kubernetes cluster down error

1 Answer

12/17/2015

The kube-proxy also uses IP tables. Are you using services to communicate between Pods?

-- Vishnu Kannan
Source: StackOverflow