我有以下的配置设置使用Rancher (RKE)集群。
牧场主,config.yml
nodes:
- address: 192.168.88.204
internal_address: 172.16.22.12
user: dockeruser
role: [controlplane,worker,etcd]
- address: 192.168.88.203
internal_address: 172.16.32.37
user: dockeruser
role: [controlplane,worker,etcd]
- address: 192.168.88.202
internal_address: 172.16.42.73
user: dockeruser
role: [controlplane,worker,etcd]
services:
etcd:
snapshot: true
creation: 6h
retention: 24h
据Rancher Networking,我已经打开以下端口的所有节点(192.168.88.204,192.168.88.203,192.168.88.202)防火墙服务。
节点firewall.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<port port="2376" protocol="tcp"/>
<port port="2379" protocol="tcp"/>
<port port="2380" protocol="tcp"/>
<port port="8472" protocol="udp"/>
<port port="9099" protocol="tcp"/>
<port port="10250" protocol="tcp"/>
<port port="443" protocol="tcp"/>
<port port="6443" protocol="tcp"/>
<port port="8472" protocol="udp"/>
<port port="6443" protocol="tcp"/>
<port port="10254" protocol="tcp"/>
<port port="30000-32767" protocol="tcp"/>
</service>
-> commmend
firewall-offline-cmd --new-service-from-file=node-firewall.xml --name=node-firewall
firewall-cmd --reload
firewall-cmd --add-service node-firewall
我RKE安装在192.168.88.151。对于RKE - >
rancher-firewall.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<port port="80" protocol="tcp"/>
<port port="433" protocol="tcp"/>
<port port="22" protocol="tcp"/>
<port port="2376" protocol="tcp"/>
<port port="6443" protocol="tcp"/>
</service>
firewall-offline-cmd --new-service-from-file=rancher-firewall.xml --name=rancher-firewall
firewall-cmd --reload
firewall-cmd --add-service rancher-firewall
所以,我运行下面的命令来了我qazxsw POI
RKE日志
rke up --config ./rancher-config.yml
我的问题是如何打开的端口[root@localhost ~]# rke up --config ./rancher-config.yml
INFO[0000] Building Kubernetes cluster
INFO[0000] [dialer] Setup tunnel for host [192.168.88.204]
INFO[0000] [dialer] Setup tunnel for host [192.168.88.203]
INFO[0000] [dialer] Setup tunnel for host [192.168.88.202]
INFO[0001] [network] Deploying port listener containers
INFO[0001] [network] Port listener containers deployed successfully
INFO[0001] [network] Running etcd <-> etcd port checks
INFO[0001] [network] Successfully started [rke-port-checker] container on host [192.168.88.202]
INFO[0001] [network] Successfully started [rke-port-checker] container on host [192.168.88.204]
INFO[0001] [network] Successfully started [rke-port-checker] container on host [192.168.88.203]
FATA[0016] [network] Host [192.168.88.202] is not able to connect to the following ports:
[172.16.22.12:2379, 172.16.22.12:2380, 172.16.32.37:2379, 172.16.32.37:2380, 172.16.42.73:2380, 172.16.42.73:2379].
Please check network policies and firewall rules
在internal_address集群中所有节点?
可能是缺少我的经验。我只是分享我发现了什么。 kubernates是必须internal_address的(网关)的IP地址。要知道泊坞窗的每个节点(192.168.88.204,192.168.88.203,192.168.88.202)的IP地址。
运行表彰docker。你可能会得到如下的网络信息。
docker network ls并运行命令qazxsw POI获得qazxsw POI的IP地址。你会得到下面的similer信息。
NETWORK ID NAME DRIVER SCOPE
aa13d08f2676 bridge bridge local
02eabe818790 host host local
1e5bb430d790 none null local
并且如下配置docker network inspect bridge并再次运行bridge
[
{
"Name": "bridge",
"Id": "aa13d08f2676e40df5a82521fccc4e402ef6b04f82bcd414cd065a1859b3799d",
"Created": "2019-01-31T21:32:02.381082005-05:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
....
...
..
.
]
这是不正确。
该internal_address提供有节点具有多个地址设置为专用网络上使用的主机间通信的特定地址的能力。如果没有设置internal_address,该地址用于主机间的通信。
对于rancher-config.yml
你可能有一个防火墙问题。
检查你的活动区域,并在这些区域的哪些接口。
rke up --config ./rancher-config.yml