Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ubuntu 22.04 开启系统加固后k8s pod之间网络不同 #1338

Closed
richzhu369 opened this issue Dec 11, 2023 · 4 comments
Closed

ubuntu 22.04 开启系统加固后k8s pod之间网络不同 #1338

richzhu369 opened this issue Dec 11, 2023 · 4 comments
Labels
stale

Comments

@richzhu369
Copy link

What happened? 发生了什么问题?

我使用最新版的 v3.6.2 ,安装集群进行配置时,更改了数据默认目录和开启了系统加固,安装好集群后 pod之间无法通讯

What did you expect to happen? 期望的结果是什么?

可以放心开启系统加固功能

How can we reproduce it (as minimally and precisely as possible)? 尽可能最小化、精确地描述如何复现问题

使用ubuntu 22.04 关闭 apparmor 和开启 apparmor 都可以,安装必复现,我删了装 装了删,好几次都一样的问题

Anything else we need to know? 其他需要说明的情况

No response

Kubernetes version k8s 版本

k8s 1.28.1

Kubeasz version

v3.6.2

OS version 操作系统版本

# On Linux:
$ cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.3 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
$ uname -a
Linux aws-hk-all-pro-front-k8s-master01 6.2.0-1016-aws #16~22.04.1-Ubuntu SMP Sun Nov  5 20:08:16 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

Related plugins (CNI, CSI, ...) and versions (if applicable) 其他网络插件等需要说明的情况

containerd, calico
@gjmzj
Copy link
Collaborator

gjmzj commented Dec 28, 2023

不建议开启os-harden,没有更新上游项目,没有测试最近几个k8s版本的集群安装;已更新文档说明

kubeasz pushed a commit that referenced this issue Dec 31, 2023
@gjmzj
#1338 update docs, add deprecated to os-harden
c1be349
@chenpx0128
Copy link

centsos7安装集群开启kube-proxy安装就失败。如果不安装kube-proxy可以安装成功,但是pod的nodeport端口只能是pod所在的k8s节点才能访问,其他k8s节点ip加nodeport端口无法访问。
11111
2222

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 6, 2024

This issue is stale because it has been open for 30 days with no activity.

@github-actions github-actions bot added the stale label Feb 6, 2024
@github-actions GitHub Actions
Copy link

This issue was closed because it has been inactive for 14 days since being marked as stale.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gjmzj @chenpx0128 @richzhu369