Closed clincha closed 1 year ago
This was recommended but did nothing
systemctl stop kubelet
systemctl stop cri-o
iptables --flush
iptables -tnat --flush
systemctl start kubelet
systemctl start cri-o
Had to pin it to a node. Not happy about that...
Urg this is happening to all services not just NGINX
https://github.com/kubernetes/kubernetes/issues/100434
This suggests that moving to Flannel instead of Calico should work. Giving that a go now
Remove Calico
kubectl delete -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
kubectl delete -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
Install Flannel
kubectl apply -f https://github.com/coreos/flannel/raw/master/Documentation/kube-flannel.yml
vi /etc/kubernetes/manifests/kube-controller-manager.yaml
https://gist.github.com/rkaramandi/44c7cea91501e735ea99e356e9ae7883
https://github.com/flannel-io/flannel/issues/728
ip link set cni0 down && ip link set flannel.1 down
ip link delete cni0 && ip link delete flannel.1
systemctl restart cri-o && systemctl restart kubelet
After switching over to Flannel the issue is still not resolved. Apparently Weave has sorted it out so I guess I'll try them next. Although setting sudo iptables -P FORWARD ACCEPT
didn't seem to help which was supposed to if Weave was going to help
This worked https://stackoverflow.com/questions/62540512/k8s-1-18-1-api-not-reachable-since-update-to-1-18-1
I needed to set the NET_ADMIN to privileged in the flannel YAML
It's so good to see it working. I'll get everything written up properly later but the gist of it is this:
When I try and reach the NGINX pod from nodes that aren't hosting it I get an HTTP error.