Docker Rancher/Kubernates(RKE)内部地址的开放端口?
我使用以下配置来设置集群 rancher-config.ymlDocker Rancher/Kubernates(RKE)内部地址的开放端口?,docker,kubernetes,rancher,rke,Docker,Kubernetes,Rancher,Rke,我使用以下配置来设置集群 rancher-config.yml nodes: - address: 192.168.88.204 internal_address: 172.16.22.12 user: dockeruser role: [controlplane,worker,etcd] - address: 192.168.88.203 internal_address: 172.16.32.37 user: dockeruser ro
nodes:
- address: 192.168.88.204
internal_address: 172.16.22.12
user: dockeruser
role: [controlplane,worker,etcd]
- address: 192.168.88.203
internal_address: 172.16.32.37
user: dockeruser
role: [controlplane,worker,etcd]
- address: 192.168.88.202
internal_address: 172.16.42.73
user: dockeruser
role: [controlplane,worker,etcd]
services:
etcd:
snapshot: true
creation: 6h
retention: 24h
根据,我已经为所有节点(192.168.88.204、192.168.88.203、192.168.88.202)打开了以下端口作为防火墙服务
node-firewall.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<port port="2376" protocol="tcp"/>
<port port="2379" protocol="tcp"/>
<port port="2380" protocol="tcp"/>
<port port="8472" protocol="udp"/>
<port port="9099" protocol="tcp"/>
<port port="10250" protocol="tcp"/>
<port port="443" protocol="tcp"/>
<port port="6443" protocol="tcp"/>
<port port="8472" protocol="udp"/>
<port port="6443" protocol="tcp"/>
<port port="10254" protocol="tcp"/>
<port port="30000-32767" protocol="tcp"/>
</service>
-> commmend
firewall-offline-cmd --new-service-from-file=node-firewall.xml --name=node-firewall
firewall-cmd --reload
firewall-cmd --add-service node-firewall
日志是
[root@localhost ~]# rke up --config ./rancher-config.yml
INFO[0000] Building Kubernetes cluster
INFO[0000] [dialer] Setup tunnel for host [192.168.88.204]
INFO[0000] [dialer] Setup tunnel for host [192.168.88.203]
INFO[0000] [dialer] Setup tunnel for host [192.168.88.202]
INFO[0001] [network] Deploying port listener containers
INFO[0001] [network] Port listener containers deployed successfully
INFO[0001] [network] Running etcd <-> etcd port checks
INFO[0001] [network] Successfully started [rke-port-checker] container on host [192.168.88.202]
INFO[0001] [network] Successfully started [rke-port-checker] container on host [192.168.88.204]
INFO[0001] [network] Successfully started [rke-port-checker] container on host [192.168.88.203]
FATA[0016] [network] Host [192.168.88.202] is not able to connect to the following ports:
[172.16.22.12:2379, 172.16.22.12:2380, 172.16.32.37:2379, 172.16.32.37:2380, 172.16.42.73:2380, 172.16.42.73:2379].
Please check network policies and firewall rules
[root@localhost~]#rke up--config./rancher-config.yml
信息[0000]建设库伯内特斯集群
信息[0000][dialer]主机的设置隧道[192.168.88.204]
信息[0000][dialer]主机的设置隧道[192.168.88.203]
信息[0000][dialer]主机的设置隧道[192.168.88.202]
信息[0001][网络]正在部署端口侦听器容器
信息[0001][网络]端口侦听器容器已成功部署
信息[0001][网络]正在运行etcd etcd端口检查
信息[0001][network]已在主机[192.168.88.202]上成功启动[rke端口检查器]容器
信息[0001][network]已在主机[192.168.88.204]上成功启动[rke端口检查器]容器
信息[0001][network]已在主机[192.168.88.203]上成功启动[rke端口检查器]容器
FATA[0016][network]主机[192.168.88.202]无法连接到以下端口:
[172.16.22.12:2379, 172.16.22.12:2380, 172.16.32.37:2379, 172.16.32.37:2380, 172.16.42.73:2380, 172.16.42.73:2379].
请检查网络策略和防火墙规则
我的问题是如何为
kubernates
集群中的所有节点打开内部\u地址的端口?可能是我缺乏经验。我只是分享我的发现。
internal_address
必须是docker
的(网关)的ip地址。
了解每个节点的docker ip地址(192.168.88.204、192.168.88.203、192.168.88.202)
运行docker网络ls
。您可能会获得以下网络信息
NETWORK ID NAME DRIVER SCOPE
aa13d08f2676 bridge bridge local
02eabe818790 host host local
1e5bb430d790 none null local
并运行docker network inspect bridge,以获取网桥
的ip地址。
您将获得以下类似信息
[
{
"Name": "bridge",
"Id": "aa13d08f2676e40df5a82521fccc4e402ef6b04f82bcd414cd065a1859b3799d",
"Created": "2019-01-31T21:32:02.381082005-05:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
....
...
..
.
]
然后如下配置rancher config.yml
,然后再次运行rke up--config./rancher config.yml
nodes:
- address: 192.168.88.204
internal_address: 172.17.0.1
...
...
..
..
这是不正确的
内部_地址提供了
具有多个地址的节点设置要用于的特定地址
专用网络上的主机间通信。如果内部地址
未设置,该地址用于主机间通信
您可能有防火墙问题
检查活动区域以及这些区域中有哪些接口
firewall-cmd --get-active-zones
检查我上面的答案。你的假设不正确
nodes:
- address: 192.168.88.204
internal_address: 172.17.0.1
...
...
..
..
firewall-cmd --get-active-zones