./iptables-tracer -f "-s 10.0.1.250 -p tcp" can't work at CentOS Linux release 8.5.2111
BurlyLuo opened this issue · 0 comments
BurlyLuo commented
1.issue details:
when exec ./iptables-tracer -f "-s 10.0.1.250 -p tcp" at the node, the ssh conn will be lost, and the k8s platform also come into abnormal status. esp about the kube-apiserver pods. it continues reboot.
- env details:
[root@bpf1 iptables-tracer]$ cat /etc/redhat-release
CentOS Linux release 8.5.2111
[root@bpf1 iptables-tracer]$ uname -r
4.18.0-348.7.1.el8_5.x86_64
[root@bpf1 iptables-tracer]$
k8s version:
[root@bpf1 iptables-tracer]$ k get nodes -owide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
bpf1 Ready control-plane 5h54m v1.27.3 192.168.2.91 <none> CentOS Linux 8 4.18.0-348.7.1.el8_5.x86_64 containerd://1.6.26
bpf2 Ready <none> 5h30m v1.27.3 192.168.2.92 <none> CentOS Linux 8 4.18.0-348.7.1.el8_5.x86_64 containerd://1.6.26
[root@bpf1 iptables-tracer]$
it seems like the iptables issue after the tracer, but only add the LOG trace, not sure why it impact the orig iptables.
Add: it can work fine at CentOS7 with k8s 1.27.3.