Kubespray -> k8s
ubuntu 18.04 iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere node3 udp dpt:domain
ACCEPT tcp -- anywhere node3 tcp dpt:domain
KUBE-FIREWALL all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
KUBE-FORWARD all -- anywhere anywhere /* kubernetes forwarding rules */
DOCKER-USER all -- anywhere anywhere
ACCEPT all -- 10.233.64.0/18 anywhere
ACCEPT all -- anywhere 10.233.64.0/18
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- node3 anywhere udp spt:domain
ACCEPT tcp -- node3 anywhere tcp spt:domain
KUBE-FIREWALL all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain KUBE-FIREWALL (2 references)
target prot opt source destination
DROP all -- anywhere anywhere /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000
Chain KUBE-FORWARD (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* kubernetes forwarding rules */ mark match 0x4000/0x4000
ACCEPT all -- 10.233.64.0/18 anywhere /* kubernetes forwarding conntrack pod source rule */ ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere 10.233.64.0/18 /* kubernetes forwarding conntrack pod destination rule */ ctstate RELATED,ESTABLISHED
what is a sa?
a serviceaccount
ConfigMap?
Subtitle
Kubespray -> k8s
By Ming-der Wang
Kubespray -> k8s
- 1,001