IPv4 forwarding is disabled

现象

某一台机器上的容器内部无法解析域名，其他机器正常，容器日志如下：

[dumb-init] Unable to detach from controlling tty (errno=25 Not a tty).
[dumb-init] Child spawned with PID 8.
[dumb-init] Unable to attach to controlling tty (errno=25 Not a tty).
[dumb-init] setsid complete.
2018/11/25 13:26:22 [emerg] 8#8: host not found in upstream "kubernetes-dashboard.kube-system" in /etc/nginx/conf.d/default.conf:11
nginx: [emerg] host not found in upstream "kubernetes-dashboard.kube-system" in /etc/nginx/conf.d/default.conf:11
[dumb-init] Received signal 17.
[dumb-init] A child with PID 8 exited with exit status 1.
[dumb-init] Forwarded signal 15 to children.
[dumb-init] Child exited with status 1. Goodbye.

手动运行容器，找到原因

WARNING: IPv4 forwarding is disabled. Networking will not work.
[dumb-init] Child spawned with PID 9.
[dumb-init] Received signal 1.
[dumb-init] Forwarded signal 1 to children.
[dumb-init] Received signal 18.
[dumb-init] Forwarded signal 18 to children.
[dumb-init] setsid complete.
/ # cat /etc/resolv.conf 
nameserver 169.169.0.2
/ # ping 169.169.0.2
PING 169.169.0.2 (169.169.0.2): 56 data bytes
64 bytes from 169.169.0.2: seq=0 ttl=64 time=0.283 ms
64 bytes from 169.169.0.2: seq=1 ttl=64 time=0.129 ms
^C
--- 169.169.0.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.129/0.206/0.283 ms
/ # telnet 169.169.0.2 53
/bin/sh: telnet: not found
/ # ping baidu.com
ping: bad address 'baidu.com'

监控

通过Zabbix添加监控 参考

配置管理

通过puppet管理该配置

其他

重启kube-proxy，该值会变为1