rancher上使用rke在华为云多网卡的服务器上安装k8s集群问题处理了

报错:

问题：

[[network] Host [192.168.0.213] is not able to connect to the following ports: [192.168.0.213:2379]. Please check network policies and firewall rules]

问题：
root@hwy-isms-210-66:~# gotelnet 172.17.210.66 2379
map[2379:failed]
root@hwy-isms-210-66:~# gotelnet 127.0.0.1 2379
map[2379:success]
root@hwy-isms-210-66:~# docker ps
CONTAINER ID   IMAGE                          COMMAND                  CREATED       STATUS       PORTS                                                    NAMES
b6f75ff566d5   rancher/rke-tools:v0.1.96      "/docker-entrypoint.…"   6 hours ago   Up 6 hours   80/tcp, 0.0.0.0:10250->1337/tcp                          rke-worker-port-listener
ac3e20c949df   rancher/rke-tools:v0.1.96      "/docker-entrypoint.…"   6 hours ago   Up 6 hours   80/tcp, 0.0.0.0:6443->1337/tcp                           rke-cp-port-listener
e106814143a3   rancher/rke-tools:v0.1.96      "/docker-entrypoint.…"   6 hours ago   Up 6 hours   80/tcp, 0.0.0.0:2379->1337/tcp, 0.0.0.0:2380->1337/tcp   rke-etcd-port-listener
6a866546f8bb   rancher/rancher-agent:v2.8.5   "run.sh --server htt…"   6 hours ago   Up 6 hours                                                            peaceful_albattani
9bbffd35d9a4   rancher/rancher-agent:v2.8.5   "run.sh --server htt…"   6 hours ago   Up 6 hours                                                            confident_fermi
root@hwy-isms-210-66:~# ifconfig 
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.18.0.1  netmask 255.255.0.0  broadcast 172.18.255.255ether a6:c3:99:d0:cf:03  txqueuelen 0  (Ethernet)RX packets 3547  bytes 100789 (98.4 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 86  bytes 5196 (5.0 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.17.210.66  netmask 255.255.255.0  broadcast 172.17.210.255ether fa:16:3e:40:01:71  txqueuelen 1000  (Ethernet)RX packets 122941811  bytes 23935288095 (22.2 GiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 127262310  bytes 14351697946 (13.3 GiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.17.210.67  netmask 255.255.255.0  broadcast 172.17.210.255ether fa:16:3e:40:01:72  txqueuelen 1000  (Ethernet)RX packets 207177  bytes 17420004 (16.6 MiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 202098  bytes 20182560 (19.2 MiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.17.210.68  netmask 255.255.255.0  broadcast 172.17.210.255ether fa:16:3e:40:01:73  txqueuelen 1000  (Ethernet)RX packets 180108  bytes 15241156 (14.5 MiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 248119  bytes 22751922 (21.6 MiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536inet 127.0.0.1  netmask 255.0.0.0loop  txqueuelen 1000  (Local Loopback)RX packets 1352589  bytes 102392483 (97.6 MiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 1352589  bytes 102392483 (97.6 MiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0veth13ea56c: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500ether 7a:fc:db:8f:3c:0f  txqueuelen 0  (Ethernet)RX packets 59  bytes 3636 (3.5 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 73  bytes 4338 (4.2 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0veth6b767de: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500ether 7e:17:74:fd:a7:27  txqueuelen 0  (Ethernet)RX packets 3  bytes 126 (126.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 6  bytes 412 (412.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0vethf9165ed: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500ether f6:46:67:c2:93:2e  txqueuelen 0  (Ethernet)RX packets 3  bytes 126 (126.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 9  bytes 538 (538.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0root@hwy-isms-210-66:~# cat /etc/rc.local 
#!/bin/sh -e
# rc.local
# 开机执行的路由配置命令
ip route add default via 172.17.210.1 dev eth0 table 10
ip route add 172.17.210.0/24 dev eth0 table 10
ip rule add from 172.17.210.66 table 10
ip route add default via 172.17.210.1 dev eth1 table 20
ip route add 172.17.210.0/24 dev eth1 table 20
ip rule add from 172.17.210.67 table 20
ip route add default via 172.17.210.1 dev eth2 table 30
ip route add 172.17.210.0/24 dev eth2 table 30
ip rule add from 172.17.210.68 table 30
exit 0
root@hwy-isms-210-66:~# 
为啥127.0.0.1 2379可以通，172.17.210.66 2379不通

该问题的根本原因在于网络路由策略和Docker端口绑定的限制，具体分析如下：

Docker端口绑定限制‌：

容器端口映射配置为0.0.0.0:2379->1337/tcp，理论上应允许所有IP访问
路由策略冲突‌：

/etc/rc.local中配置了多网卡策略路由，强制不同源IP走不同路由表
从172.17.210.66发出的流量被ip rule add from 172.17.210.66 table 10强制路由
可能因路由表10缺少到docker0网桥(172.18.0.1/16)的路由导致不通

解决方案‌：

方案1：在路由表10中添加docker0网段路由

ip route add 172.18.0.0/16 dev docker0 table 10

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。
如若转载，请注明出处：http://www.pswp.cn/bicheng/89982.shtml
繁体地址，请注明出处：http://hk.pswp.cn/bicheng/89982.shtml

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈email:809451989@qq.com，一经查实，立即删除！