当前位置: 首页 > ds >正文

rancher上使用rke在华为云多网卡的服务器上安装k8s集群问题处理了

ds 2025/7/22 5:38:00

报错:

问题:

[[network] Host [192.168.0.213] is not able to connect to the following ports: [192.168.0.213:2379]. Please check network policies and firewall rules]

问题:
root@hwy-isms-210-66:~# gotelnet 172.17.210.66 2379
map[2379:failed]
root@hwy-isms-210-66:~# gotelnet 127.0.0.1 2379
map[2379:success]
root@hwy-isms-210-66:~# docker ps
CONTAINER ID   IMAGE                          COMMAND                  CREATED       STATUS       PORTS                                                    NAMES
b6f75ff566d5   rancher/rke-tools:v0.1.96      "/docker-entrypoint.…"   6 hours ago   Up 6 hours   80/tcp, 0.0.0.0:10250->1337/tcp                          rke-worker-port-listener
ac3e20c949df   rancher/rke-tools:v0.1.96      "/docker-entrypoint.…"   6 hours ago   Up 6 hours   80/tcp, 0.0.0.0:6443->1337/tcp                           rke-cp-port-listener
e106814143a3   rancher/rke-tools:v0.1.96      "/docker-entrypoint.…"   6 hours ago   Up 6 hours   80/tcp, 0.0.0.0:2379->1337/tcp, 0.0.0.0:2380->1337/tcp   rke-etcd-port-listener
6a866546f8bb   rancher/rancher-agent:v2.8.5   "run.sh --server htt…"   6 hours ago   Up 6 hours                                                            peaceful_albattani
9bbffd35d9a4   rancher/rancher-agent:v2.8.5   "run.sh --server htt…"   6 hours ago   Up 6 hours                                                            confident_fermi
root@hwy-isms-210-66:~# ifconfig 
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.18.0.1  netmask 255.255.0.0  broadcast 172.18.255.255ether a6:c3:99:d0:cf:03  txqueuelen 0  (Ethernet)RX packets 3547  bytes 100789 (98.4 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 86  bytes 5196 (5.0 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.17.210.66  netmask 255.255.255.0  broadcast 172.17.210.255ether fa:16:3e:40:01:71  txqueuelen 1000  (Ethernet)RX packets 122941811  bytes 23935288095 (22.2 GiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 127262310  bytes 14351697946 (13.3 GiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.17.210.67  netmask 255.255.255.0  broadcast 172.17.210.255ether fa:16:3e:40:01:72  txqueuelen 1000  (Ethernet)RX packets 207177  bytes 17420004 (16.6 MiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 202098  bytes 20182560 (19.2 MiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.17.210.68  netmask 255.255.255.0  broadcast 172.17.210.255ether fa:16:3e:40:01:73  txqueuelen 1000  (Ethernet)RX packets 180108  bytes 15241156 (14.5 MiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 248119  bytes 22751922 (21.6 MiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536inet 127.0.0.1  netmask 255.0.0.0loop  txqueuelen 1000  (Local Loopback)RX packets 1352589  bytes 102392483 (97.6 MiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 1352589  bytes 102392483 (97.6 MiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0veth13ea56c: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500ether 7a:fc:db:8f:3c:0f  txqueuelen 0  (Ethernet)RX packets 59  bytes 3636 (3.5 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 73  bytes 4338 (4.2 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0veth6b767de: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500ether 7e:17:74:fd:a7:27  txqueuelen 0  (Ethernet)RX packets 3  bytes 126 (126.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 6  bytes 412 (412.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0vethf9165ed: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500ether f6:46:67:c2:93:2e  txqueuelen 0  (Ethernet)RX packets 3  bytes 126 (126.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 9  bytes 538 (538.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0root@hwy-isms-210-66:~# cat /etc/rc.local 
#!/bin/sh -e
# rc.local
# 开机执行的路由配置命令
ip route add default via 172.17.210.1 dev eth0 table 10
ip route add 172.17.210.0/24 dev eth0 table 10
ip rule add from 172.17.210.66 table 10
ip route add default via 172.17.210.1 dev eth1 table 20
ip route add 172.17.210.0/24 dev eth1 table 20
ip rule add from 172.17.210.67 table 20
ip route add default via 172.17.210.1 dev eth2 table 30
ip route add 172.17.210.0/24 dev eth2 table 30
ip rule add from 172.17.210.68 table 30
exit 0
root@hwy-isms-210-66:~# 
为啥127.0.0.1 2379可以通,172.17.210.66 2379不通

该问题的根本原因在于网络路由策略和Docker端口绑定的限制,具体分析如下:

Docker端口绑定限制‌:

容器端口映射配置为0.0.0.0:2379->1337/tcp,理论上应允许所有IP访问
路由策略冲突‌:

/etc/rc.local中配置了多网卡策略路由,强制不同源IP走不同路由表
从172.17.210.66发出的流量被ip rule add from 172.17.210.66 table 10强制路由
可能因路由表10缺少到docker0网桥(172.18.0.1/16)的路由导致不通


解决方案‌:

方案1:在路由表10中添加docker0网段路由

ip route add 172.18.0.0/16 dev docker0 table 10

http://www.xdnf.cn/news/16057.html

相关文章:

  • 使用Trae简单编写一个登陆页面
  • 智能合约安全 - 重入攻击 - 常见漏洞(第一篇)
  • AUTOSAR进阶图解==>AUTOSAR_SWS_COMManager
  • 【JS逆向基础】数据库之MongoDB
  • c#转python第四天:生态系统与常用库
  • 近期工作感想:职业规划篇
  • Web开发 04
  • 【企业架构】TOGAF概念之一
  • Android系统5层架构
  • XSS知识总结
  • kafka生产端和消费端的僵尸实例以及解决办法
  • `MYSQL`、`MYSQL_RES` 和 `MYSQL_FIELD`的含义与使用案例
  • 【硬件】GalaxyTabPro10.1(SM-T520)刷机/TWRP/LineageOS14/安卓7升级全过程
  • 浅谈 Vue 的双向数据绑定
  • Java 字符集(Charset)详解:从编码基础到实战应用,彻底掌握字符处理核心机制
  • 【数据结构】双向循环链表的实现
  • 基于机器视觉的迈克耳孙干涉环自动计数系统设计与实现
  • Node.js:函数、路由、全局对象
  • Docker Compose 配置
  • 如何5分钟快速搭建智能问答系统
  • 详解如何解决Mysql主从复制延迟
  • LINUX720 SWAP扩容;新增逻辑卷;逻辑卷扩容;数据库迁移;gdisk
  • Ajax简单介绍及Axios请求方式的别名
  • 复杂度+包装类型+泛型
  • 统计与大数据分析和数字经济:专业选择指南
  • spring-cloud使用
  • ptmalloc(glibc-2.12.1)整体结构
  • Linux:线程控制
  • 基于SpringBoot+MyBatis+MySQL+VUE实现的医疗挂号管理系统(附源码+数据库+毕业论文+答辩PPT+项目部署视频教程+项目所需软件工具)
  • LeetCode 刷题【8. 字符串转换整数 (atoi), 9. 回文数】