本文介绍了在Rancher/Kubernates(RKE)中为internal_address打开端口吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我具有以下配置,可以使用 Rancher(RKE).

I have the following configuration to setup the cluster using Rancher (RKE).

rancher-config.yml

rancher-config.yml

nodes:
  - address: 192.168.88.204
    internal_address: 172.16.22.12
    user: dockeruser
    role: [controlplane,worker,etcd]
  - address: 192.168.88.203
    internal_address: 172.16.32.37
    user: dockeruser
    role: [controlplane,worker,etcd]
  - address: 192.168.88.202
    internal_address: 172.16.42.73
    user: dockeruser
    role: [controlplane,worker,etcd]

services:
  etcd:
    snapshot: true
    creation: 6h
    retention: 24h 

根据 Rancher Networking ,我已经打开了所有节点的以下端口(192.168.88.204、192.168.88.203、192.168.88.202)作为防火墙服务.

According Rancher Networking, I already open the following port for all nodes(192.168.88.204, 192.168.88.203, 192.168.88.202) as firewall-services.

node-firewall.xml

node-firewall.xml

<?xml version="1.0" encoding="utf-8"?>
<service>
    <port port="2376" protocol="tcp"/>
    <port port="2379" protocol="tcp"/>
    <port port="2380" protocol="tcp"/>
    <port port="8472" protocol="udp"/>
    <port port="9099" protocol="tcp"/>
    <port port="10250" protocol="tcp"/>
    <port port="443" protocol="tcp"/>
    <port port="6443" protocol="tcp"/>
    <port port="8472" protocol="udp"/>
    <port port="6443" protocol="tcp"/>
    <port port="10254" protocol="tcp"/>
    <port port="30000-32767" protocol="tcp"/>
</service>

-> commmend

firewall-offline-cmd --new-service-from-file=node-firewall.xml --name=node-firewall
firewall-cmd --reload
firewall-cmd --add-service node-firewall

我的RKE安装在192.168.88.151上.对于RKE->

My RKE is installed on 192.168.88.151. For RKE ->

rancher-firewall.xml

<?xml version="1.0" encoding="utf-8"?>
<service>
    <port port="80" protocol="tcp"/>
    <port port="433" protocol="tcp"/>
    <port port="22" protocol="tcp"/>
    <port port="2376" protocol="tcp"/>
    <port port="6443" protocol="tcp"/>
</service>
firewall-offline-cmd --new-service-from-file=rancher-firewall.xml --name=rancher-firewall
firewall-cmd --reload
firewall-cmd --add-service rancher-firewall

因此,我运行以下命令以提高我的RKE

So, I run the following commend to up my RKE

rke up --config ./rancher-config.yml

日志是

[root@localhost ~]# rke up --config ./rancher-config.yml
INFO[0000] Building Kubernetes cluster
INFO[0000] [dialer] Setup tunnel for host [192.168.88.204]
INFO[0000] [dialer] Setup tunnel for host [192.168.88.203]
INFO[0000] [dialer] Setup tunnel for host [192.168.88.202]
INFO[0001] [network] Deploying port listener containers
INFO[0001] [network] Port listener containers deployed successfully
INFO[0001] [network] Running etcd <-> etcd port checks
INFO[0001] [network] Successfully started [rke-port-checker] container on host [192.168.88.202]
INFO[0001] [network] Successfully started [rke-port-checker] container on host [192.168.88.204]
INFO[0001] [network] Successfully started [rke-port-checker] container on host [192.168.88.203]
FATA[0016] [network] Host [192.168.88.202] is not able to connect to the following ports: 
            [172.16.22.12:2379, 172.16.22.12:2380, 172.16.32.37:2379, 172.16.32.37:2380, 172.16.42.73:2380, 172.16.42.73:2379]. 
            Please check network policies and firewall rules

我的问题是如何为kubernates群集中的所有节点打开internal_address的端口?

My question is how to open the port for the internal_address for all nodes in kubernates cluster?

推荐答案

可能是缺乏我的经验.我只是分享我发现的东西.internal_address必须是docker的(网关)的IP地址.要知道每个节点的docker的IP地址(192.168.88.204、192.168.88.203、192.168.88.202).

May be it is lack of my experience. I just share what I found.internal_address is have to be ip-address of (Gateway) of docker. To know the ip-address of docker for each node (192.168.88.204, 192.168.88.203, 192.168.88.202).

运行推荐的docker network ls.您可能会得到以下网络信息.

Run the commend docker network ls. You might be get following network information.

NETWORK ID          NAME                DRIVER              SCOPE
aa13d08f2676        bridge              bridge              local
02eabe818790        host                host                local
1e5bb430d790        none                null                local

并运行命令docker network inspect bridge以获取bridge的ip-addres.您将获得以下类似信息.

And run the commend docker network inspect bridge to get ip-addres of bridge.you will get the following similer info.

[
    {
        "Name": "bridge",
        "Id": "aa13d08f2676e40df5a82521fccc4e402ef6b04f82bcd414cd065a1859b3799d",
        "Created": "2019-01-31T21:32:02.381082005-05:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        ....
        ...
        ..
        .

]

并按如下所示配置rancher-config.yml并再次运行rke up --config ./rancher-config.yml

and configure rancher-config.yml as below and run rke up --config ./rancher-config.yml again

nodes:
  - address: 192.168.88.204
    internal_address: 172.17.0.1
    ...
...
..
..

这篇关于在Rancher/Kubernates(RKE)中为internal_address打开端口吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-27 09:50