当前位置: 首页 > news >正文

rancher上使用rke在华为云多网卡的服务器上安装k8s集群问题处理了

news 2025/7/22 10:14:50

报错:

问题:

[[network] Host [192.168.0.213] is not able to connect to the following ports: [192.168.0.213:2379]. Please check network policies and firewall rules]

问题:
root@hwy-isms-210-66:~# gotelnet 172.17.210.66 2379
map[2379:failed]
root@hwy-isms-210-66:~# gotelnet 127.0.0.1 2379
map[2379:success]
root@hwy-isms-210-66:~# docker ps
CONTAINER ID   IMAGE                          COMMAND                  CREATED       STATUS       PORTS                                                    NAMES
b6f75ff566d5   rancher/rke-tools:v0.1.96      "/docker-entrypoint.…"   6 hours ago   Up 6 hours   80/tcp, 0.0.0.0:10250->1337/tcp                          rke-worker-port-listener
ac3e20c949df   rancher/rke-tools:v0.1.96      "/docker-entrypoint.…"   6 hours ago   Up 6 hours   80/tcp, 0.0.0.0:6443->1337/tcp                           rke-cp-port-listener
e106814143a3   rancher/rke-tools:v0.1.96      "/docker-entrypoint.…"   6 hours ago   Up 6 hours   80/tcp, 0.0.0.0:2379->1337/tcp, 0.0.0.0:2380->1337/tcp   rke-etcd-port-listener
6a866546f8bb   rancher/rancher-agent:v2.8.5   "run.sh --server htt…"   6 hours ago   Up 6 hours                                                            peaceful_albattani
9bbffd35d9a4   rancher/rancher-agent:v2.8.5   "run.sh --server htt…"   6 hours ago   Up 6 hours                                                            confident_fermi
root@hwy-isms-210-66:~# ifconfig 
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.18.0.1  netmask 255.255.0.0  broadcast 172.18.255.255ether a6:c3:99:d0:cf:03  txqueuelen 0  (Ethernet)RX packets 3547  bytes 100789 (98.4 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 86  bytes 5196 (5.0 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.17.210.66  netmask 255.255.255.0  broadcast 172.17.210.255ether fa:16:3e:40:01:71  txqueuelen 1000  (Ethernet)RX packets 122941811  bytes 23935288095 (22.2 GiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 127262310  bytes 14351697946 (13.3 GiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.17.210.67  netmask 255.255.255.0  broadcast 172.17.210.255ether fa:16:3e:40:01:72  txqueuelen 1000  (Ethernet)RX packets 207177  bytes 17420004 (16.6 MiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 202098  bytes 20182560 (19.2 MiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.17.210.68  netmask 255.255.255.0  broadcast 172.17.210.255ether fa:16:3e:40:01:73  txqueuelen 1000  (Ethernet)RX packets 180108  bytes 15241156 (14.5 MiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 248119  bytes 22751922 (21.6 MiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536inet 127.0.0.1  netmask 255.0.0.0loop  txqueuelen 1000  (Local Loopback)RX packets 1352589  bytes 102392483 (97.6 MiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 1352589  bytes 102392483 (97.6 MiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0veth13ea56c: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500ether 7a:fc:db:8f:3c:0f  txqueuelen 0  (Ethernet)RX packets 59  bytes 3636 (3.5 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 73  bytes 4338 (4.2 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0veth6b767de: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500ether 7e:17:74:fd:a7:27  txqueuelen 0  (Ethernet)RX packets 3  bytes 126 (126.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 6  bytes 412 (412.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0vethf9165ed: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500ether f6:46:67:c2:93:2e  txqueuelen 0  (Ethernet)RX packets 3  bytes 126 (126.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 9  bytes 538 (538.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0root@hwy-isms-210-66:~# cat /etc/rc.local 
#!/bin/sh -e
# rc.local
# 开机执行的路由配置命令
ip route add default via 172.17.210.1 dev eth0 table 10
ip route add 172.17.210.0/24 dev eth0 table 10
ip rule add from 172.17.210.66 table 10
ip route add default via 172.17.210.1 dev eth1 table 20
ip route add 172.17.210.0/24 dev eth1 table 20
ip rule add from 172.17.210.67 table 20
ip route add default via 172.17.210.1 dev eth2 table 30
ip route add 172.17.210.0/24 dev eth2 table 30
ip rule add from 172.17.210.68 table 30
exit 0
root@hwy-isms-210-66:~# 
为啥127.0.0.1 2379可以通,172.17.210.66 2379不通

该问题的根本原因在于网络路由策略和Docker端口绑定的限制,具体分析如下:

Docker端口绑定限制‌:

容器端口映射配置为0.0.0.0:2379->1337/tcp,理论上应允许所有IP访问
路由策略冲突‌:

/etc/rc.local中配置了多网卡策略路由,强制不同源IP走不同路由表
从172.17.210.66发出的流量被ip rule add from 172.17.210.66 table 10强制路由
可能因路由表10缺少到docker0网桥(172.18.0.1/16)的路由导致不通


解决方案‌:

方案1:在路由表10中添加docker0网段路由

ip route add 172.18.0.0/16 dev docker0 table 10

http://www.lryc.cn/news/595173.html

相关文章:

  • 安全告警研判流程
  • OpenGL鼠标控制沿着指定轴旋转
  • STM32 开发的鼠标:技术详解与实现指南
  • 数据结构堆的实现(C语言)
  • Selenium 处理表单、弹窗与文件上传:从基础到实战
  • Ubuntu 22.04 安装 Jdk 8和 Tomcat (安装包形式)
  • Ubuntu 22 集群部署 Apache Doris 3.0.3 笔记
  • 前端图像视频实时检测
  • GitHub+Git新手使用说明
  • Flutter中 Provider 的基础用法超详细讲解(一)
  • 数据库和数据仓库的区别
  • [Python]函数调用链中局部变量的内存影响:通过memory_profiler分析
  • 全新开发范式:uni-app X助力全平台原生应用
  • Type-C接口台式显示器:LDR6021引领新潮流
  • JAVA+AI教程-第三天
  • 将 RustFS 用作 GitLab 对象存储后端
  • 从 Hi3861 平台到 WS63 星闪平台的程序移植全解析
  • 部署zabbox企业级分布式监控
  • 后训练(Post-training)语言模型
  • 2025最新版IntelliJ IDEA Ultimate for Mac专业版安装使用指南
  • How does Misinformation Affect Large Language ModelBehaviors and Preferences?
  • Flink框架:keyBy实现按键逻辑分区
  • makefile-- 其他函数
  • 低代码平台买saas好还是私有化好
  • 【HTTP缓存机制深度解析:从ETag到实践策略】
  • Zabbix 企业级分布式监控部署
  • C++学习<2>--引用、函数、内存分区
  • 【2025】Vscode Python venv虚拟环境显示“激活终端”成功但是在终端中“并没有激活成功”,pip安装还是会安装到全局环境中的解决方法;
  • 第十八节:第七部分:java高级:注解的应用场景:模拟junit框架
  • nextjs+react接口会请求两次?