Are there any errors in either `kubectl describe pod` or the kubelet logs? Is the kubelet at the version you expect (it logs this on start)? 1.6.2 is pretty old, have you considered upgrading to 1.6.7?
/MR On Wed, Jul 19, 2017, 22:02 Jeremy Derr <jer...@derr.me> wrote: > We recently had an instance check failure on one of our k8s 1.6.2 nodes, > resulting in it being replaced by the AWS Autoscaler. The new node booted > and joined the cluster, but pods scheduled to it are unable to access > network resources outside of the cluster unless host network is enabled for > the pod. > > SSHing into the host OS, networking is properly configured and I can > perform any arbitrary network operation (apt-get update, curl ..., telnet, > ssh, etc etc) to any destination. > > Entering a pod that has hostNetworking: true enabled, this continues to be > the case: all network connections to any arbitrary destination on the > internet will be successful. > > Entering a pod that does not, however, I can only connect to other IPs > inside the cluster. > > $ kubectl get svc > NAME CLUSTER-IP EXTERNAL-IP PORT(S) > AGE > [ .. redacted .. ] > feature-flip 100.71.179.196 <nodes> > 9292:30800/TCP 27d > $ curl http://feature-flip:9292 > {"status": "ok"} > $ wget https://www.google.com/ > Connecting to www.google.com (172.217.7.228:80) > wget: can't connect to remote host (172.217.7.228): Connection timed > out > > On the same host, a pod with hostNetworking will succeed. I'm using > flannel networking, and the hosts that don't work are part of an EC2 ASG > with the hosts that do work. The base AMI and launchconfiguration are the > same. Comparing a variety of possible avenues of difference, I have found > no obvious difference between the working and non-working nodes. > > > -- > You received this message because you are subscribed to the Google Groups > "Kubernetes user discussion and Q&A" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to kubernetes-users+unsubscr...@googlegroups.com. > To post to this group, send email to kubernetes-users@googlegroups.com. > Visit this group at https://groups.google.com/group/kubernetes-users. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
