K
Q

Kubernetes ACS engine: containers (pods) do not have internet access

6/30/2017

I'm using a Kubernetes cluster, deployed on Azure using the ACS-engine. My cluster is composed of 5 nodes.

  • 1 master (unix VM) (v1.6.2)
  • 2 unix agent (v1.6.2)
  • 2 windows agent (v1.6.0-alpha.1.2959+451473d43a2072)

I have created a unix pod defined by the following YAML:

Name:           ping-with-unix
Node:           k8s-linuxpool1-25103419-0/10.240.0.5
Start Time:     Fri, 30 Jun 2017 14:27:28 +0200
Status:         Running
IP:             10.244.2.6
Controllers:    <none>
Containers:
  ping-with-unix-2:
    Container ID:       
    Image:              willfarrell/ping
    Port:
    State:              Running
      Started:          Fri, 30 Jun 2017 14:27:29 +0200
    Ready:              True
    Restart Count:      0
    Environment:
      HOSTNAME: google.com
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-1nrh5 (ro)
Conditions:
  Type          Status
  Initialized   True
  Ready         True
  PodScheduled  True
Volumes:
  default-token-1nrh5:
    Type:       Secret (a volume populated by a Secret)
    SecretName: default-token-1nrh5
    Optional:   false
QoS Class:      BestEffort
Node-Selectors: beta.kubernetes.io/os=linux
Tolerations:    <none>
Events:         <none>

This pod does not have internet access.

2017-06-30T12:27:29.512885000Z ping google.com every 300 sec
2017-06-30T12:27:29.521968000Z PING google.com (172.217.17.78): 56 data bytes
2017-06-30T12:27:39.698081000Z --- google.com ping statistics ---
2017-06-30T12:27:39.698305000Z 1 packets transmitted, 0 packets received, 100% packet loss

I created a 2nd pod, targeting windows container, with a custom docker image. This image instantiates an HttpClient and request an endpoint. It also does not have internet access. I can access the container to run interactive PowerShell. I cannot not access any DNS (due to lack of internet access).

PS C:\app> ping github.com
Ping request could not find host github.com. Please check the name and try again.
PS C:\app> ping 192.30.253.112

Pinging 192.30.253.112 with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 192.30.253.112:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C

What do I have to configure to allow my containers to access internet?
Remarks: I have not defined any Network policy.

-- Lez4
azure
docker
kubernetes
powershell
unix

Similar Questions

kubectl adding extra env variable to pod
Configure firewall rules for kubernetes cluster
Kubernetes does not delete pods within a deleted deployment
How to debug kuberenetes system pod elections on masters?

1 Answer

7/5/2017

I've updated my cluster using the api version '2017-07-01' and the kubernetes version '1.6.6'. Both my unix and windows pods have Internet access.

Note, for Windows pods :

  • Internet is available 2 or 3 minutes after the pod starts
  • I can't set the DnsPolicy to "Default", only "ClusterFirst" or "ClusterFirstWithHostNet" works.
-- Lez4
Source: StackOverflow