can not access to containers with flannel installation in coreos for kubernetes

7/23/2018

I can not access to the pods/container deployed by my coreos Kubernetes infrastructure. This Kubernetes is deployed by using ignition. I configure flannel by using the following configuration:

[Unit]
Description=flannel - Network fabric for containers (System Application Container)
Documentation=https://github.com/coreos/flannel
After=etcd.service etcd2.service etcd-member.service
Requires=flannel-docker-opts.service
Requires=certs.service
After=certs.service

[Install]
WantedBy=multi-user.target

[Service]
Type=notify
Restart=always
RestartSec=10s
TimeoutStartSec=300s
LimitNOFILE=40000
LimitNPROC=1048576

EnvironmentFile=/etc/whoami
EnvironmentFile=/opt/env
EnvironmentFile=-/run/flannel/options.env
Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/flannel-wrapper.uuid\
  --volume=etc-resolv-conf,kind=host,source=/etc/resolv.conf\
  --mount=volume=etc-resolv-conf,target=/etc/resolv.conf"
Environment="ETCD_SSL_DIR=/etc/kubernetes/ssl"
Environment="FLANNEL_IMAGE_TAG=v0.9.1"
Environment="FLANNEL_OPTS=\
  --etcd-cafile=/etc/kubernetes/ssl/ca.pem \
  --etcd-certfile=/etc/kubernetes/ssl/apiserver.pem \
  --etcd-keyfile=/etc/kubernetes/ssl/apiserver-key.pem"
ExecStartPre=/sbin/modprobe ip_tables
ExecStartPre=/usr/bin/mkdir --parents /var/lib/coreos /run/flannel
ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/lib/coreos/flannel-wrapper.uuid
ExecStartPre=/bin/env
ExecStartPre=/usr/bin/etcdctl --endpoints=https://${MASTER_DNS}:2379 \
  --ca-file=/etc/kubernetes/ssl/ca.pem \
  --cert-file=/etc/kubernetes/ssl/apiserver.pem \
  --key-file=/etc/kubernetes/ssl/apiserver-key.pem \
  set /coreos.com/network/config "{ \"Network\": \"10.1.0.0/16\", \"Backend\": {\"Type\": \"vxlan\"} }"
ExecStart=/usr/lib/coreos/flannel-wrapper --etcd-endpoints=https://${MASTER_DNS}:2379 $FLANNEL_OPTS
ExecStop=-/usr/bin/rkt stop --uuid-file=/var/lib/coreos/flannel-wrapper.uuid

Kube-apiserver running up:

systemctl status kube-apiserver
● kube-apiserver.service - kube-apiserver
   Loaded: loaded (/etc/systemd/system/kube-apiserver.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2018-08-01 10:44:12 UTC; 4min 20s ago
     Docs: http://kubernetes.io/docs/
  Process: 883 ExecStartPre=/usr/bin/rkt rm --uuid-file=/opt/rstor/kube-apiserver.uuid (code=exited, status=0/SUCCESS)
  Process: 877 ExecStartPre=/bin/env (code=exited, status=0/SUCCESS)
 Main PID: 932 (apiserver)
    Tasks: 7 (limit: 7571)
   Memory: 232.0M
   CGroup: /system.slice/kube-apiserver.service
           └─932 /apiserver --allow-privileged=true --anonymous-auth=false --advertise-address=172.31.100.113 --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,Resourc>

Aug 01 10:48:30 rstor-172-31-100-113 kubelet-wrapper[932]: I0801 10:48:30.772358     932 wrap.go:42] GET /api/v1/namespaces/kube-system/endpoints/kube-scheduler: (1.410324ms) 200 [[scheduler/v1.9.0+coreo>
Aug 01 10:48:30 rstor-172-31-100-113 kubelet-wrapper[932]: I0801 10:48:30.775532     932 wrap.go:42] PUT /api/v1/namespaces/kube-system/endpoints/kube-scheduler: (2.142835ms) 200 [[scheduler/v1.9.0+coreo>
Aug 01 10:48:31 rstor-172-31-100-113 kubelet-wrapper[932]: I0801 10:48:31.174490     932 wrap.go:42] GET /api/v1/namespaces/kube-system/endpoints/kube-controller-manager: (1.469425ms) 200 [[controller-ma>
Aug 01 10:48:31 rstor-172-31-100-113 kubelet-wrapper[932]: I0801 10:48:31.177207     932 wrap.go:42] PUT /api/v1/namespaces/kube-system/endpoints/kube-controller-manager: (2.072488ms) 200 [[controller-ma>
Aug 01 10:48:31 rstor-172-31-100-113 kubelet-wrapper[932]: I0801 10:48:31.548160     932 wrap.go:42] GET /api/v1/namespaces/fe763072-5/secrets/default-token-vcfx6?resourceVersion=0:

kubectl get nodes:

NAME             STATUS    ROLES     AGE       VERSION
172.31.100.113   Ready     <none>    5m        v1.9.0+coreos.0

kubectl get pods --all-namespaces -o wide:

NAMESPACE    NAME                   READY     STATUS         RESTARTS   AGE       IP          NODE
default      nginx-8586cf59-672n2   1/1       Running        0          27s       10.1.96.4   172.31.100.113

I can properly create deployments and it creates its containers and it gives me IPs, but when I ping to that IPs get:

From 10.1.65.1 icmp_seq=1 Destination Host Unreachable

I even I can not applay readinnes/liveness probes with tcp:

curl 10.1.65.8   
curl: (7) Failed to connect to 10.1.65.8 port 80: No route to host

What am I doing wrong?

-- Jorgese
coreos-ignition
flannel
kubernetes

0 Answers