我在centos 中运行rancher,主节点是同一台机器。
我可以做任何事情,但是当我尝试在 pod 内“apt-get update”时,我得到:
Err:1 http://archive.ubuntu.com/ubuntu focal InRelease
Temporary failure resolving 'archive.ubuntu.com'
Err:2 http://security.ubuntu.com/ubuntu focal-security InRelease
Temporary failure resolving 'security.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease
Temporary failure resolving 'archive.ubuntu.com'
Err:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease
Temporary failure resolving 'archive.ubuntu.com'
Reading package lists... Done
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal/InRelease Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/focal-security/InRelease Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.
问题出在 centos 的防火墙中,因为当我禁用防火墙时,我可以在 pod 内访问互联网。我已经添加了这个 link 中提供的端口.但我仍然无法访问互联网。在不禁用centos防火墙的情况下还有其他方法吗?
我正在使用 Centos 8 和 Rancher 2。
最佳答案
我能够解决它。问题在于 docker 无法解析容器内的 DNS 查询。解决方法是,首先添加 ports然后执行以下命令:
# Check what interface docker is using, e.g. 'docker0'
ip link show
# Check available firewalld zones, e.g. 'public'
sudo firewall-cmd --get-active-zones
# Check what zone the docker interface it bound to, most likely 'no zone' yet
sudo firewall-cmd --get-zone-of-interface=docker0
# So add the 'docker0' interface to the 'public' zone. Changes will be visible only after firewalld reload
sudo nmcli connection modify docker0 connection.zone public
# Masquerading allows for docker ingress and egress (this is the juicy bit)
sudo firewall-cmd --zone=public --add-masquerade --permanent
# Reload firewalld
sudo firewall-cmd –reload
# Reload dockerd
sudo systemctl restart docker
关于kubernetes - 我无法在 centos 中运行的 rancher pod 内访问互联网,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/71662803/