Internet connectivity inside the pod of Kubernetes is not Working

12/4/2020

Not able to connect to internet from inside the pod

My system Spec Include : I have created a Kubernetes cluster using 2 system one acts as master the other as worker node .

Operating System : NAME="Red Hat Enterprise Linux" VERSION="8.3 (Ootpa)" ID="rhel".

I installed the Kuberenetes clusted using the following the link (https://dzone.com/articles/kubernetes-installation-in-redhat-centos)

I have tried both CALICO pod network and Flannel pod network for both same issue is happening. Not able to connect to internet from inside the pod

See the below image for further details

enter image description here

you can see that all the pods are up and running.

My coredns pod is also up and running and the service for the respective is also up check the below image

enter image description here

Debugging

For debugging i tried using this link (https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/)

whenever i do nslookup it shows up the error saying (;; connection timed out; no servers could be reached ,command terminated with exit code 1)

please have a look at the below image

enter image description here

Can anyone please tell where exactly the problem lies . why is that from inside the pod i an not able to connect to the internet

Any help would be Appriciated Thank you.

-- Umesh
docker
kube-proxy
kubernetes
kubernetes-pod
kubernetes-service

1 Answer

3/22/2021

There are couple of possibilities for this kind of issue:

  • It could be that this is not an issue with CoreDNS itself but rather the Kubernetes networking problem where the traffic to ClusterIPs is not directed correctly to Pods. It could be that kube-proxy is responsinble for that.

    	Here's a [Kubernetes guide](https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/) about troubleshooting services. 
  • Another issue very common for rhel/centos distributions is the issue with nftables backed is not compatible with kubernetes. nftables is available as a modern replacement for the kernel’s iptables subsystem.

    	The workaround for this is to use Calico since from v3.8.1+ it possible to the CNI to run on hosts which use iptables in NFT mode.  Setting the  `FELIX_IPTABLESBACKEND=NFT`  option will tell Calico to use the nftables backend. For now, this will need to be set explicitly.
  • Lastly it is very possible that your Pod network overlap with the host networks. Reference: Installing a Pod network add-on

-- acid_fuji
Source: StackOverflow