rancher上使用rke在華為云多網卡的服務器上安裝k8s集群問題處理了

報錯:

問題：

[[network] Host [192.168.0.213] is not able to connect to the following ports: [192.168.0.213:2379]. Please check network policies and firewall rules]

問題：
root@hwy-isms-210-66:~# gotelnet 172.17.210.66 2379
map[2379:failed]
root@hwy-isms-210-66:~# gotelnet 127.0.0.1 2379
map[2379:success]
root@hwy-isms-210-66:~# docker ps
CONTAINER ID   IMAGE                          COMMAND                  CREATED       STATUS       PORTS                                                    NAMES
b6f75ff566d5   rancher/rke-tools:v0.1.96      "/docker-entrypoint.…"   6 hours ago   Up 6 hours   80/tcp, 0.0.0.0:10250->1337/tcp                          rke-worker-port-listener
ac3e20c949df   rancher/rke-tools:v0.1.96      "/docker-entrypoint.…"   6 hours ago   Up 6 hours   80/tcp, 0.0.0.0:6443->1337/tcp                           rke-cp-port-listener
e106814143a3   rancher/rke-tools:v0.1.96      "/docker-entrypoint.…"   6 hours ago   Up 6 hours   80/tcp, 0.0.0.0:2379->1337/tcp, 0.0.0.0:2380->1337/tcp   rke-etcd-port-listener
6a866546f8bb   rancher/rancher-agent:v2.8.5   "run.sh --server htt…"   6 hours ago   Up 6 hours                                                            peaceful_albattani
9bbffd35d9a4   rancher/rancher-agent:v2.8.5   "run.sh --server htt…"   6 hours ago   Up 6 hours                                                            confident_fermi
root@hwy-isms-210-66:~# ifconfig 
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.18.0.1  netmask 255.255.0.0  broadcast 172.18.255.255ether a6:c3:99:d0:cf:03  txqueuelen 0  (Ethernet)RX packets 3547  bytes 100789 (98.4 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 86  bytes 5196 (5.0 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.17.210.66  netmask 255.255.255.0  broadcast 172.17.210.255ether fa:16:3e:40:01:71  txqueuelen 1000  (Ethernet)RX packets 122941811  bytes 23935288095 (22.2 GiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 127262310  bytes 14351697946 (13.3 GiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.17.210.67  netmask 255.255.255.0  broadcast 172.17.210.255ether fa:16:3e:40:01:72  txqueuelen 1000  (Ethernet)RX packets 207177  bytes 17420004 (16.6 MiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 202098  bytes 20182560 (19.2 MiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.17.210.68  netmask 255.255.255.0  broadcast 172.17.210.255ether fa:16:3e:40:01:73  txqueuelen 1000  (Ethernet)RX packets 180108  bytes 15241156 (14.5 MiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 248119  bytes 22751922 (21.6 MiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536inet 127.0.0.1  netmask 255.0.0.0loop  txqueuelen 1000  (Local Loopback)RX packets 1352589  bytes 102392483 (97.6 MiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 1352589  bytes 102392483 (97.6 MiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0veth13ea56c: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500ether 7a:fc:db:8f:3c:0f  txqueuelen 0  (Ethernet)RX packets 59  bytes 3636 (3.5 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 73  bytes 4338 (4.2 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0veth6b767de: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500ether 7e:17:74:fd:a7:27  txqueuelen 0  (Ethernet)RX packets 3  bytes 126 (126.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 6  bytes 412 (412.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0vethf9165ed: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500ether f6:46:67:c2:93:2e  txqueuelen 0  (Ethernet)RX packets 3  bytes 126 (126.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 9  bytes 538 (538.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0root@hwy-isms-210-66:~# cat /etc/rc.local 
#!/bin/sh -e
# rc.local
# 開機執行的路由配置命令
ip route add default via 172.17.210.1 dev eth0 table 10
ip route add 172.17.210.0/24 dev eth0 table 10
ip rule add from 172.17.210.66 table 10
ip route add default via 172.17.210.1 dev eth1 table 20
ip route add 172.17.210.0/24 dev eth1 table 20
ip rule add from 172.17.210.67 table 20
ip route add default via 172.17.210.1 dev eth2 table 30
ip route add 172.17.210.0/24 dev eth2 table 30
ip rule add from 172.17.210.68 table 30
exit 0
root@hwy-isms-210-66:~# 
為啥127.0.0.1 2379可以通，172.17.210.66 2379不通

該問題的根本原因在于網絡路由策略和Docker端口綁定的限制，具體分析如下：

Docker端口綁定限制?：

容器端口映射配置為0.0.0.0:2379->1337/tcp，理論上應允許所有IP訪問
路由策略沖突?：

/etc/rc.local中配置了多網卡策略路由，強制不同源IP走不同路由表
從172.17.210.66發出的流量被ip rule add from 172.17.210.66 table 10強制路由
可能因路由表10缺少到docker0網橋(172.18.0.1/16)的路由導致不通

解決方案?：

方案1：在路由表10中添加docker0網段路由

ip route add 172.18.0.0/16 dev docker0 table 10

本文來自互聯網用戶投稿，該文觀點僅代表作者本人，不代表本站立場。本站僅提供信息存儲空間服務，不擁有所有權，不承擔相關法律責任。
如若轉載，請注明出處：http://www.pswp.cn/bicheng/89982.shtml
繁體地址，請注明出處：http://hk.pswp.cn/bicheng/89982.shtml
英文地址，請注明出處：http://en.pswp.cn/bicheng/89982.shtml

如若內容造成侵權/違法違規/事實不符，請聯系多彩編程網進行投訴反饋email:809451989@qq.com，一經查實，立即刪除！