首页 > 系统相关 >k8s iptables链

k8s iptables链

时间:2023-05-20 12:22:53浏览次数:45  
标签:iptables comment KUBE SEP -- SVC tcp k8s 

[root@k8s-master docker]# iptables -S -t nat

-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N DOCKER
-N KUBE-MARK-DROP
-N KUBE-MARK-MASQ
-N KUBE-NODEPORTS
-N KUBE-POSTROUTING
-N KUBE-SEP-2CJALHN5HAPMFVFM
-N KUBE-SEP-3QOD56XRRTRNMI4S
-N KUBE-SEP-3X6M2GG4X3N36IQA
-N KUBE-SEP-6RY3QQ3YQNDBU2CZ
-N KUBE-SEP-AEMGHOWJJQQ6DW26
-N KUBE-SEP-BC63JWUGOONNVHNT
-N KUBE-SEP-BCVCU7V3EIX5BN4S
-N KUBE-SEP-CGJF5R3NNJHCGPEK
-N KUBE-SEP-G3JRP3XNFD7YGTUJ
-N KUBE-SEP-H42VNUUEL5O4AAFI
-N KUBE-SEP-HG7PFXMXH4IYMXCJ
-N KUBE-SEP-IIXIK7NP4UOTPTZC
-N KUBE-SEP-JJKYWETUMLOGZNLA
-N KUBE-SEP-LA63KJE232Q4S4XZ
-N KUBE-SEP-NCZW263VPMBAMV3L
-N KUBE-SEP-NMTLTMLQM7BV424T
-N KUBE-SEP-R2UL2U7DM3EZVPZU
-N KUBE-SEP-SU6YQEXJP5F5D45Y
-N KUBE-SEP-TX2P555UVXYQK7MW
-N KUBE-SEP-UHJEFCADESHAO3K5
-N KUBE-SEP-VBEQKURN5NGDPWTO
-N KUBE-SEP-VSE5GAZF5D4P52XN
-N KUBE-SEP-VVR4V5MV2O32XZUS
-N KUBE-SEP-WEWRT3MINZEYGOXF
-N KUBE-SERVICES
-N KUBE-SVC-3QDDWNGGGXWDZXKH
-N KUBE-SVC-4TRGGDIJATWMT3XV
-N KUBE-SVC-5DFX6SEOQCUDMA5P
-N KUBE-SVC-E4R4KXTYIBVHUVNR
-N KUBE-SVC-ERIFXISQEP7F7OF4
-N KUBE-SVC-FNBEX7OB3JFWIMAV
-N KUBE-SVC-GGEEQVOYTMCTP2XY
-N KUBE-SVC-GR3EPOOIGWVVJSKN
-N KUBE-SVC-IHCLMTGLNNGRIKYP
-N KUBE-SVC-KLKESZFIHQ5XX6FZ
-N KUBE-SVC-LWWB2LJOQT3EJTNI
-N KUBE-SVC-NDI7DJ6D7ATLKECA
-N KUBE-SVC-NPX46M4PTMTKRN6Y
-N KUBE-SVC-OWPGV4C2CWC7LC2V
-N KUBE-SVC-TCOU7JCQXEZGVUNU
-N KUBE-SVC-XUQUPYZJOC34BVRR
-A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -m comment --comment "kubernetes postrouting rules" -j KUBE-POSTROUTING
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -s 10.244.0.0/16 -d 10.244.0.0/16 -j RETURN
-A POSTROUTING -s 10.244.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE
-A POSTROUTING ! -s 10.244.0.0/16 -d 10.244.0.0/24 -j RETURN
-A POSTROUTING ! -s 10.244.0.0/16 -d 10.244.0.0/16 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
-A KUBE-MARK-DROP -j MARK --set-xmark 0x8000/0x8000
-A KUBE-MARK-MASQ -j MARK --set-xmark 0x4000/0x4000
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/prometheus-prometheus-oper-prometheus:web" -m tcp --dport 30006 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/prometheus-prometheus-oper-prometheus:web" -m tcp --dport 30006 -j KUBE-SVC-OWPGV4C2CWC7LC2V
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/prometheus-grafana:service" -m tcp --dport 30005 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/prometheus-grafana:service" -m tcp --dport 30005 -j KUBE-SVC-5DFX6SEOQCUDMA5P
-A KUBE-NODEPORTS -p tcp -m comment --comment "kube-system/node-exporter:http" -m tcp --dport 31672 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -p tcp -m comment --comment "kube-system/node-exporter:http" -m tcp --dport 31672 -j KUBE-SVC-XUQUPYZJOC34BVRR
-A KUBE-NODEPORTS -p tcp -m comment --comment "kube-system/grafana:" -m tcp --dport 31111 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -p tcp -m comment --comment "kube-system/grafana:" -m tcp --dport 31111 -j KUBE-SVC-3QDDWNGGGXWDZXKH
-A KUBE-NODEPORTS -p tcp -m comment --comment "kube-system/prometheus:" -m tcp --dport 32222 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -p tcp -m comment --comment "kube-system/prometheus:" -m tcp --dport 32222 -j KUBE-SVC-LWWB2LJOQT3EJTNI
-A KUBE-NODEPORTS -p tcp -m comment --comment "jenkins/jenkins:http" -m tcp --dport 31000 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -p tcp -m comment --comment "jenkins/jenkins:http" -m tcp --dport 31000 -j KUBE-SVC-KLKESZFIHQ5XX6FZ
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/helloworld-nodejs:http" -m tcp --dport 30001 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/helloworld-nodejs:http" -m tcp --dport 30001 -j KUBE-SVC-FNBEX7OB3JFWIMAV
-A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -m mark --mark 0x4000/0x4000 -j MASQUERADE
-A KUBE-SEP-2CJALHN5HAPMFVFM -s 10.244.0.44/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-2CJALHN5HAPMFVFM -p tcp -m tcp -j DNAT --to-destination 10.244.0.44:9090
-A KUBE-SEP-3QOD56XRRTRNMI4S -s 10.244.1.56/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-3QOD56XRRTRNMI4S -p tcp -m tcp -j DNAT --to-destination 10.244.1.56:3000
-A KUBE-SEP-3X6M2GG4X3N36IQA -s 10.244.2.45/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-3X6M2GG4X3N36IQA -p tcp -m tcp -j DNAT --to-destination 10.244.2.45:9100
-A KUBE-SEP-6RY3QQ3YQNDBU2CZ -s 10.244.2.47/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-6RY3QQ3YQNDBU2CZ -p tcp -m tcp -j DNAT --to-destination 10.244.2.47:8080
-A KUBE-SEP-AEMGHOWJJQQ6DW26 -s 10.244.0.45/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-AEMGHOWJJQQ6DW26 -p tcp -m tcp -j DNAT --to-destination 10.244.0.45:53
-A KUBE-SEP-BC63JWUGOONNVHNT -s 192.168.1.19/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-BC63JWUGOONNVHNT -p tcp -m tcp -j DNAT --to-destination 192.168.1.19:6443
-A KUBE-SEP-BCVCU7V3EIX5BN4S -s 10.244.1.57/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-BCVCU7V3EIX5BN4S -p tcp -m tcp -j DNAT --to-destination 10.244.1.57:9090
-A KUBE-SEP-CGJF5R3NNJHCGPEK -s 192.168.1.21/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-CGJF5R3NNJHCGPEK -p tcp -m tcp -j DNAT --to-destination 192.168.1.21:9100
-A KUBE-SEP-G3JRP3XNFD7YGTUJ -s 10.244.1.60/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-G3JRP3XNFD7YGTUJ -p tcp -m tcp -j DNAT --to-destination 10.244.1.60:9100
-A KUBE-SEP-H42VNUUEL5O4AAFI -s 10.244.0.47/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-H42VNUUEL5O4AAFI -p udp -m udp -j DNAT --to-destination 10.244.0.47:53
-A KUBE-SEP-HG7PFXMXH4IYMXCJ -s 10.244.1.58/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-HG7PFXMXH4IYMXCJ -p tcp -m tcp -j DNAT --to-destination 10.244.1.58:8080
-A KUBE-SEP-IIXIK7NP4UOTPTZC -s 192.168.1.22/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-IIXIK7NP4UOTPTZC -p tcp -m tcp -j DNAT --to-destination 192.168.1.22:9100
-A KUBE-SEP-JJKYWETUMLOGZNLA -s 10.244.2.46/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-JJKYWETUMLOGZNLA -p tcp -m tcp -j DNAT --to-destination 10.244.2.46:8080
-A KUBE-SEP-LA63KJE232Q4S4XZ -s 10.244.1.61/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-LA63KJE232Q4S4XZ -p tcp -m tcp -j DNAT --to-destination 10.244.1.61:8080
-A KUBE-SEP-NCZW263VPMBAMV3L -s 10.244.2.48/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-NCZW263VPMBAMV3L -p tcp -m tcp -j DNAT --to-destination 10.244.2.48:8080
-A KUBE-SEP-NMTLTMLQM7BV424T -s 10.244.2.48/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-NMTLTMLQM7BV424T -p tcp -m tcp -j DNAT --to-destination 10.244.2.48:50000
-A KUBE-SEP-R2UL2U7DM3EZVPZU -s 192.168.1.19/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-R2UL2U7DM3EZVPZU -p tcp -m tcp -j DNAT --to-destination 192.168.1.19:9100
-A KUBE-SEP-SU6YQEXJP5F5D45Y -s 10.244.0.45/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-SU6YQEXJP5F5D45Y -p udp -m udp -j DNAT --to-destination 10.244.0.45:53
-A KUBE-SEP-TX2P555UVXYQK7MW -s 10.244.2.47/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-TX2P555UVXYQK7MW -p tcp -m tcp -j DNAT --to-destination 10.244.2.47:8443
-A KUBE-SEP-UHJEFCADESHAO3K5 -s 10.244.0.46/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-UHJEFCADESHAO3K5 -p tcp -m tcp -j DNAT --to-destination 10.244.0.46:8080
-A KUBE-SEP-VBEQKURN5NGDPWTO -s 10.244.1.59/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-VBEQKURN5NGDPWTO -p tcp -m tcp -j DNAT --to-destination 10.244.1.59:9093
-A KUBE-SEP-VSE5GAZF5D4P52XN -s 10.244.0.43/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-VSE5GAZF5D4P52XN -p tcp -m tcp -j DNAT --to-destination 10.244.0.43:9100
-A KUBE-SEP-VVR4V5MV2O32XZUS -s 10.244.2.44/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-VVR4V5MV2O32XZUS -p tcp -m tcp -j DNAT --to-destination 10.244.2.44:3000
-A KUBE-SEP-WEWRT3MINZEYGOXF -s 10.244.0.47/32 -j KUBE-MARK-MASQ
-A KUBE-SEP-WEWRT3MINZEYGOXF -p tcp -m tcp -j DNAT --to-destination 10.244.0.47:53
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.1.51.129/32 -p tcp -m comment --comment "default/prometheus-prometheus-oper-prometheus:web cluster IP" -m tcp --dport 9090 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.1.51.129/32 -p tcp -m comment --comment "default/prometheus-prometheus-oper-prometheus:web cluster IP" -m tcp --dport 9090 -j KUBE-SVC-OWPGV4C2CWC7LC2V
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.1.110.192/32 -p tcp -m comment --comment "default/prometheus-grafana:service cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.1.110.192/32 -p tcp -m comment --comment "default/prometheus-grafana:service cluster IP" -m tcp --dport 80 -j KUBE-SVC-5DFX6SEOQCUDMA5P
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.1.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.1.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.1.10.173/32 -p tcp -m comment --comment "default/prometheus-prometheus-oper-operator:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.1.10.173/32 -p tcp -m comment --comment "default/prometheus-prometheus-oper-operator:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-IHCLMTGLNNGRIKYP
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.1.64.249/32 -p tcp -m comment --comment "kube-system/node-exporter:http cluster IP" -m tcp --dport 9100 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.1.64.249/32 -p tcp -m comment --comment "kube-system/node-exporter:http cluster IP" -m tcp --dport 9100 -j KUBE-SVC-XUQUPYZJOC34BVRR
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.1.67.44/32 -p tcp -m comment --comment "default/prometheus-prometheus-node-exporter:metrics cluster IP" -m tcp --dport 9100 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.1.67.44/32 -p tcp -m comment --comment "default/prometheus-prometheus-node-exporter:metrics cluster IP" -m tcp --dport 9100 -j KUBE-SVC-GGEEQVOYTMCTP2XY
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.1.183.15/32 -p tcp -m comment --comment "kube-system/grafana: cluster IP" -m tcp --dport 3000 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.1.183.15/32 -p tcp -m comment --comment "kube-system/grafana: cluster IP" -m tcp --dport 3000 -j KUBE-SVC-3QDDWNGGGXWDZXKH
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.1.123.5/32 -p tcp -m comment --comment "default/prometheus-prometheus-oper-alertmanager:web cluster IP" -m tcp --dport 9093 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.1.123.5/32 -p tcp -m comment --comment "default/prometheus-prometheus-oper-alertmanager:web cluster IP" -m tcp --dport 9093 -j KUBE-SVC-4TRGGDIJATWMT3XV
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.1.130.12/32 -p tcp -m comment --comment "kube-system/prometheus: cluster IP" -m tcp --dport 9090 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.1.130.12/32 -p tcp -m comment --comment "kube-system/prometheus: cluster IP" -m tcp --dport 9090 -j KUBE-SVC-LWWB2LJOQT3EJTNI
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.1.196.152/32 -p tcp -m comment --comment "jenkins/jenkins:http cluster IP" -m tcp --dport 8080 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.1.196.152/32 -p tcp -m comment --comment "jenkins/jenkins:http cluster IP" -m tcp --dport 8080 -j KUBE-SVC-KLKESZFIHQ5XX6FZ
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.1.0.10/32 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.1.0.10/32 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-SVC-ERIFXISQEP7F7OF4
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.1.0.10/32 -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport 53 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.1.0.10/32 -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport 53 -j KUBE-SVC-TCOU7JCQXEZGVUNU
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.1.10.173/32 -p tcp -m comment --comment "default/prometheus-prometheus-oper-operator:http cluster IP" -m tcp --dport 8080 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.1.10.173/32 -p tcp -m comment --comment "default/prometheus-prometheus-oper-operator:http cluster IP" -m tcp --dport 8080 -j KUBE-SVC-GR3EPOOIGWVVJSKN
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.1.64.103/32 -p tcp -m comment --comment "default/prometheus-kube-state-metrics:http cluster IP" -m tcp --dport 8080 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.1.64.103/32 -p tcp -m comment --comment "default/prometheus-kube-state-metrics:http cluster IP" -m tcp --dport 8080 -j KUBE-SVC-E4R4KXTYIBVHUVNR
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.1.22.94/32 -p tcp -m comment --comment "jenkins/jenkins-agent:agent-listener cluster IP" -m tcp --dport 50000 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.1.22.94/32 -p tcp -m comment --comment "jenkins/jenkins-agent:agent-listener cluster IP" -m tcp --dport 50000 -j KUBE-SVC-NDI7DJ6D7ATLKECA
-A KUBE-SERVICES ! -s 10.244.0.0/16 -d 10.1.182.191/32 -p tcp -m comment --comment "default/helloworld-nodejs:http cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.1.182.191/32 -p tcp -m comment --comment "default/helloworld-nodejs:http cluster IP" -m tcp --dport 80 -j KUBE-SVC-FNBEX7OB3JFWIMAV
-A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS
-A KUBE-SVC-3QDDWNGGGXWDZXKH -j KUBE-SEP-VVR4V5MV2O32XZUS
-A KUBE-SVC-4TRGGDIJATWMT3XV -j KUBE-SEP-VBEQKURN5NGDPWTO
-A KUBE-SVC-5DFX6SEOQCUDMA5P -j KUBE-SEP-3QOD56XRRTRNMI4S
-A KUBE-SVC-E4R4KXTYIBVHUVNR -j KUBE-SEP-HG7PFXMXH4IYMXCJ
-A KUBE-SVC-ERIFXISQEP7F7OF4 -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-AEMGHOWJJQQ6DW26
-A KUBE-SVC-ERIFXISQEP7F7OF4 -j KUBE-SEP-WEWRT3MINZEYGOXF
-A KUBE-SVC-FNBEX7OB3JFWIMAV -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-UHJEFCADESHAO3K5
-A KUBE-SVC-FNBEX7OB3JFWIMAV -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-LA63KJE232Q4S4XZ
-A KUBE-SVC-FNBEX7OB3JFWIMAV -j KUBE-SEP-JJKYWETUMLOGZNLA
-A KUBE-SVC-GGEEQVOYTMCTP2XY -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-R2UL2U7DM3EZVPZU
-A KUBE-SVC-GGEEQVOYTMCTP2XY -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-CGJF5R3NNJHCGPEK
-A KUBE-SVC-GGEEQVOYTMCTP2XY -j KUBE-SEP-IIXIK7NP4UOTPTZC
-A KUBE-SVC-GR3EPOOIGWVVJSKN -j KUBE-SEP-6RY3QQ3YQNDBU2CZ
-A KUBE-SVC-IHCLMTGLNNGRIKYP -j KUBE-SEP-TX2P555UVXYQK7MW
-A KUBE-SVC-KLKESZFIHQ5XX6FZ -j KUBE-SEP-NCZW263VPMBAMV3L
-A KUBE-SVC-LWWB2LJOQT3EJTNI -j KUBE-SEP-BCVCU7V3EIX5BN4S
-A KUBE-SVC-NDI7DJ6D7ATLKECA -j KUBE-SEP-NMTLTMLQM7BV424T
-A KUBE-SVC-NPX46M4PTMTKRN6Y -j KUBE-SEP-BC63JWUGOONNVHNT
-A KUBE-SVC-OWPGV4C2CWC7LC2V -j KUBE-SEP-2CJALHN5HAPMFVFM
-A KUBE-SVC-TCOU7JCQXEZGVUNU -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-SU6YQEXJP5F5D45Y
-A KUBE-SVC-TCOU7JCQXEZGVUNU -j KUBE-SEP-H42VNUUEL5O4AAFI
-A KUBE-SVC-XUQUPYZJOC34BVRR -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-VSE5GAZF5D4P52XN
-A KUBE-SVC-XUQUPYZJOC34BVRR -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-G3JRP3XNFD7YGTUJ
-A KUBE-SVC-XUQUPYZJOC34BVRR -j KUBE-SEP-3X6M2GG4X3N36IQA
[root@k8s-master docker]#

 

标签:iptables,comment,KUBE,SEP,--,SVC,tcp,k8s
From: https://www.cnblogs.com/tigergaonotes/p/17417034.html

相关文章

  • k8s快速部署Redis单机
    1.创建Redis配置apiVersion:v1data:redis.conf:|-bind0.0.0.0port6379requirepassSystem@123pidfile/var/run/redis_6379.pidsave9001save30010save6010000rdbcompressionyesrdbchecksumyesdbfilenamedum......
  • solrcloud 7.5在k8s上的部署安装和使用教程
    全栈工程师开发手册(作者:栾鹏)架构系列文章solr的dockerhub官网:https://hub.docker.com/_/solr/solr简介ApacheSolr支持不同格式,例如数据库,PDF文件,XML文件,CSV文件。7.5版本的主要升级内容:https://www.w3cschool.cn/solr_doc/solr_doc-s4kg2fp6.html为什么选择ApacheSolrApa......
  • k8s快速部署MySQL单机
    1.创建PV/PVC略2.创建MySQL配置文件kind:ConfigMapapiVersion:v1metadata:name:mysql-confignamespace:ops-sharedata:my.cnf:|-[mysqld]skip-host-cacheskip-name-resolvedatadir=/var/lib/mysqlsocket=/var/run/mysqld/mysqld.s......
  • k8s 1.23.0 安装使用ingress 1.1.1
    1、部署ingresscontroller下载yaml文件,要指定版本wgethttps://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.1/deploy/static/provider/cloud/deploy.yaml2、修改配置文件中的镜像下载地址,总共3处修改image:registry.cn-hangzhou.aliy......
  • K8S Pod 优雅停机
    优雅停止(GracfulShutdown)与502/504报错如果Pod正在处理大量请求(比如1000QPS+)时,因为节点故障或「竞价节点」被回收等原因被重新调度,你可能会观察到在容器被terminate的一段时间内出现少量502/504。为了搞清楚这个问题,需要先理解清楚terminate一个Pod的流程:1.Pod......
  • K8s 资源缩写
    点击查看代码[root@nginx~]#kubectlapi-resourcesNAMESHORTNAMESAPIVERSIONNAMESPACEDKINDbindingsv1trueBindingcompon......
  • k8s集群环境搭建
    注:如下文档不是一次性搭建成功的,可能有一些地方ip地址和实际成功的那次地址不一样。首先,我们准备3台虚拟机,配置都是是2核心2.2G内存192.168.3.121k8s-master192.168.3.133k8s-node1192.168.3.119k8s-node21修改主机名经过实践,发现,如果不修改主机名的话,安装可能......
  • k8s删除命名空间namespace一直显示Terminating问题处理
    转载自:https://huaweicloud.csdn.net/638db195dacf622b8df8c5f7.html============= 1、问题现象假设我们的现在要删除的namespace是dev,执行如下命令进行删除:执行如下命令查看namespace删除情况:可以看到删除状态显示Terminating,而且会一直持续这个状态。并且用:kubectldeleten......
  • 使用k8s configmap保存nginx.conf配置文件
    创建一个包含Nginx配置的文件(例如nginx.conf)。创建一个ConfigMap对象,将Nginx配置文件添加为其中的数据。kubectlcreateconfigmapnginx-config--from-file=nginx.conf这将创建一个名为"nginx-config"的ConfigMap,并将nginx.conf文件的内容作为其中的数据存......
  • 一、搭建k8s集群前置准备工作
    1、VM虚拟机配置网卡2、准备机器操作系统IP角色CPU核心数运行内存HostnameCentOS7.6192.168.1.2Master122Gk8s-master1CentOS7.6192.168.1.3Master222Gk8s-master2CentOS7.6192.168.1.4Master322Gk8s-master3CentOS7.6192.168.1.......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99