[root@k8s-node1 ~]# tailf /opt/kubernetes/logs/kube-proxy.INFO
I0318 11:49:42.467892 1076 proxier.go:1724] Not using `--random-fully` in the MASQUERADE rule for iptables because the local version of iptables does not support it
I0318 11:50:12.488162 1076 proxier.go:1724] Not using `--random-fully` in the MASQUERADE rule for iptables because the local version of iptables does not support it
I0318 11:50:42.508151 1076 proxier.go:1724] Not using `--random-fully` in the MASQUERADE rule for iptables because the local version of iptables does not support it
原因:
iptables 本地iptables版本不支持,要升级iptables
安装升级iptables所需依赖
yum install gcc make libnftnl-devel libmnl-devel autoconf automake libtool bison flex \
libnetfilter_conntrack-devel libnetfilter_queue-devel libpcap-devel
iptables-1.6.2.tar.bz2软件包链接:
https://pan.baidu.com/s/1V1yKG3kzYcVtEy43NnNqOw
提取码:88eb
编译安装iptables
export LC_ALL=C
wget https://www.netfilter.org/projects/iptables/files/iptables-1.6.2.tar.bz2 --no-check-certificate
tar -xvf iptables-1.6.2.tar.bz2
cd iptables-1.6.2
./autogen.sh
./configure
make -j4
make install
# 覆盖
cd /usr/local/sbin
\cp iptables /sbin
\cp iptables-restore /sbin/
\cp iptables-save /sbin/
可以把/usr/local/sbin下面的iptables相关的东西打包然后分发到其它服务器
重启 kube-proxy 与 kubelet
systemctl restart kubelet.service kube-proxy.service