腾讯云容器集群:节点可以访问公网,节点内的pod无法访问公网
curl https://www.baidu.com/index.htm
参考链接:https://cloud.tencent.com/document/product/457/50356
sysctl -a|grep net.ipv4.conf.all.rp_filter
sysctl -a|grep net.ipv4.conf.eth0.rp_filter
# net.ipv4.conf.all.rp_filter = 1
# net.ipv4.conf.eth0.rp_filter = 2
修改为:
sysctl -w net.ipv4.conf.all.rp_filter=0
sysctl -w net.ipv4.conf.eth0.rp_filter=0
存量节点同步网卡安全组设置的方法:https://cloud.tencent.com/document/product/457/50360
kubectl annotate node 10.20.1.20 --overwrite tke.cloud.tencent.com/disable-node-eni-security-groups="yes"
# 第一步执行完后等待2-5s
kubectl annotate node 10.20.1.20 --overwrite tke.cloud.tencent.com/disable-node-eni-security-groups="no"
连接集群:https://cloud.tencent.com/document/product/457/32191#846ac805-761e-4405-937c-052027e5580a
在线获取kubeconfig配置:https://cloud.tencent.com/document/api/457/48149
# 查看节点
kubectl get node
kubectl get node -o wide