Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Edge node's pod unable to access outside #538

Open
chunfungintel opened this issue Jan 18, 2024 · 2 comments
Open

Edge node's pod unable to access outside #538

chunfungintel opened this issue Jan 18, 2024 · 2 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@chunfungintel
Copy link

What happened:
Edge node's pod unable to access outside

What you expected to happen:
Edge node's pod able to access outside

How to reproduce it (as minimally and precisely as possible):
Cloud:

sudo -E keadm init \
--advertise-address ${KEADM_THE_EXPOSED_IP} \
--profile version=v1.15.0 \
--kube-config=${KUBECONFIG} \
--set cloudCore.service.enable=true \
--set cloudCore.modules.dynamicController.enable=true

EdgeMesh:

helm install edgemesh --namespace kubeedge \
--set agent.psk=`openssl rand -base64 32` \
--set agent.relayNodes[0].nodeName=${KEADM_THE_CLOUD},agent.relayNodes[0].advertiseAddress={${KEADM_THE_EXPOSED_IP}} \
https://raw.githubusercontent.com/kubeedge/edgemesh/main/build/helm/edgemesh.tgz

Edge node join:

sudo keadm join --cloudcore-ipport="${KEADM_THE_EXPOSED_IP}":10000 \
--token=${KEADM_TOKEN} \
--kubeedge-version=v1.15.0 \
--remote-runtime-endpoint="unix:///var/run/containerd/containerd.sock" \
--runtimetype=remote \
--cgroupdriver=systemd \
--edgenode-name=${KUBEEDGE_NODE_NAME}

Please refer here for edgecore configuration
edgecore.txt

I tested with test case here: https://edgemesh.netlify.app/guide/test-case.html
And it is working correctly

$ kubectl exec -it alpine-test -- sh
(in the container environment)
/ # curl hostname-svc:12345
hostname-edge-5c75d56dc4-rq57t

However, if I doing doing outwards access from edge node's pod, I can't. Any idea why?

Anything else we need to know?:

Environment:

  • EdgeMesh version: latest

  • Kubernetes version (use kubectl version): 1.23.17

  • KubeEdge version(e.g. cloudcore --version and edgecore --version): 1.15

  • Cloud nodes Environment:
    • Hardware configuration (e.g. lscpu):
    • OS (e.g. cat /etc/os-release): Ubuntu 22.04.2 LTS
    • Kernel (e.g. uname -a): 6.1
    • Go version (e.g. go version):
    • Others:
  • Edge nodes Environment:
    • edgecore version (e.g. edgecore --version):
    • Hardware configuration (e.g. lscpu):
    • OS (e.g. cat /etc/os-release): Ubuntu 22.04.2 LTS
    • Kernel (e.g. uname -a): 6.1
    • Go version (e.g. go version):
    • Others:
@chunfungintel chunfungintel added the kind/bug Categorizes issue or PR as related to a bug. label Jan 18, 2024
@chunfungintel
Copy link
Author

I found the root cause, iptables forward is not setting correctly:
sudo iptables -P FORWARD ACCEPT

@victorming666
Copy link

@chunfungintel I have the same issue as you have. I setup a k8s cluster inside the internel ethernet. And I set a public Internet IP as the advertiseAddress which could be accessed both from the internal cloud nodes and some edge nodes on the Internet, but the p2p communications seems not work. I run the code on the advertiseAddress node to set iptables as you did, but the issue remains. Is there any other possible root cause for this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@victorming666 @chunfungintel