当前位置: 首页 > news >正文

rancher使用rke在华为云多网卡的服务器上安装k8s集群问题处理

news 2025/7/23 22:40:54

报错:

问题:

[[network] Host [192.168.0.213] is not able to connect to the following ports: [192.168.0.213:2379]. Please check network policies and firewall rules]

问题:
root@hwy-isms-210-66:~# gotelnet 172.17.210.66 2379
map[2379:failed]
root@hwy-isms-210-66:~# gotelnet 127.0.0.1 2379
map[2379:success]
root@hwy-isms-210-66:~# docker ps
CONTAINER ID   IMAGE                          COMMAND                  CREATED       STATUS       PORTS                                                    NAMES
b6f75ff566d5   rancher/rke-tools:v0.1.96      "/docker-entrypoint.…"   6 hours ago   Up 6 hours   80/tcp, 0.0.0.0:10250->1337/tcp                          rke-worker-port-listener
ac3e20c949df   rancher/rke-tools:v0.1.96      "/docker-entrypoint.…"   6 hours ago   Up 6 hours   80/tcp, 0.0.0.0:6443->1337/tcp                           rke-cp-port-listener
e106814143a3   rancher/rke-tools:v0.1.96      "/docker-entrypoint.…"   6 hours ago   Up 6 hours   80/tcp, 0.0.0.0:2379->1337/tcp, 0.0.0.0:2380->1337/tcp   rke-etcd-port-listener
6a866546f8bb   rancher/rancher-agent:v2.8.5   "run.sh --server htt…"   6 hours ago   Up 6 hours                                                            peaceful_albattani
9bbffd35d9a4   rancher/rancher-agent:v2.8.5   "run.sh --server htt…"   6 hours ago   Up 6 hours                                                            confident_fermi
root@hwy-isms-210-66:~# ifconfig 
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.18.0.1  netmask 255.255.0.0  broadcast 172.18.255.255ether a6:c3:99:d0:cf:03  txqueuelen 0  (Ethernet)RX packets 3547  bytes 100789 (98.4 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 86  bytes 5196 (5.0 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.17.210.66  netmask 255.255.255.0  broadcast 172.17.210.255ether fa:16:3e:40:01:71  txqueuelen 1000  (Ethernet)RX packets 122941811  bytes 23935288095 (22.2 GiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 127262310  bytes 14351697946 (13.3 GiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.17.210.67  netmask 255.255.255.0  broadcast 172.17.210.255ether fa:16:3e:40:01:72  txqueuelen 1000  (Ethernet)RX packets 207177  bytes 17420004 (16.6 MiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 202098  bytes 20182560 (19.2 MiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 172.17.210.68  netmask 255.255.255.0  broadcast 172.17.210.255ether fa:16:3e:40:01:73  txqueuelen 1000  (Ethernet)RX packets 180108  bytes 15241156 (14.5 MiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 248119  bytes 22751922 (21.6 MiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536inet 127.0.0.1  netmask 255.0.0.0loop  txqueuelen 1000  (Local Loopback)RX packets 1352589  bytes 102392483 (97.6 MiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 1352589  bytes 102392483 (97.6 MiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0veth13ea56c: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500ether 7a:fc:db:8f:3c:0f  txqueuelen 0  (Ethernet)RX packets 59  bytes 3636 (3.5 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 73  bytes 4338 (4.2 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0veth6b767de: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500ether 7e:17:74:fd:a7:27  txqueuelen 0  (Ethernet)RX packets 3  bytes 126 (126.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 6  bytes 412 (412.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0vethf9165ed: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500ether f6:46:67:c2:93:2e  txqueuelen 0  (Ethernet)RX packets 3  bytes 126 (126.0 B)RX errors 0  dropped 0  overruns 0  frame 0TX packets 9  bytes 538 (538.0 B)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0root@hwy-isms-210-66:~# cat /etc/rc.local 
#!/bin/sh -e
# rc.local
# 开机执行的路由配置命令
ip route add default via 172.17.210.1 dev eth0 table 10
ip route add 172.17.210.0/24 dev eth0 table 10
ip rule add from 172.17.210.66 table 10
ip route add default via 172.17.210.1 dev eth1 table 20
ip route add 172.17.210.0/24 dev eth1 table 20
ip rule add from 172.17.210.67 table 20
ip route add default via 172.17.210.1 dev eth2 table 30
ip route add 172.17.210.0/24 dev eth2 table 30
ip rule add from 172.17.210.68 table 30
exit 0
root@hwy-isms-210-66:~# 
为啥127.0.0.1 2379可以通,172.17.210.66 2379不通,且从同网段的服务器上是可以telnet通172.17.210.66 2379端口的。

该问题的根本原因在于网络路由策略和Docker端口绑定的限制,具体分析如下:

Docker端口绑定限制‌:

容器端口映射配置为0.0.0.0:2379->1337/tcp,理论上应允许所有IP访问
路由策略冲突‌:

/etc/rc.local中配置了多网卡策略路由,强制不同源IP走不同路由表
从172.17.210.66发出的流量被ip rule add from 172.17.210.66 table 10强制路由
可能因路由表10缺少到docker0网桥(172.18.0.1/16)的路由导致不通

root@hwy-isms-210-66:~#                                        ip route list
default via 172.17.210.1 dev eth0 proto dhcp metric 100 
169.254.169.254 via 172.17.210.1 dev eth0 proto dhcp metric 100 
172.17.210.0/24 dev eth0 proto kernel scope link src 172.17.210.66 metric 100 
172.17.210.0/24 dev eth1 proto kernel scope link src 172.17.210.67 metric 101 
172.17.210.0/24 dev eth2 proto kernel scope link src 172.17.210.68 metric 102 
172.18.0.0/16 dev docker0 proto kernel scope link src 172.18.0.1 
root@hwy-isms-210-66:~# ip rule list
0:	from all lookup local
32763:	from 172.17.210.68 lookup 30
32764:	from 172.17.210.67 lookup 20
32765:	from 172.17.210.66 lookup 10
32766:	from all lookup main
32767:	from all lookup default
root@hwy-isms-210-66:~# 
root@hwy-isms-210-66:~# ip route show table 10
default via 172.17.210.1 dev eth0 
172.17.210.0/24 dev eth0 scope link 
root@hwy-isms-210-66:~#


解决方案‌:

方案1:在路由表10中添加docker0网段路由

ip route add 172.18.0.0/16 dev docker0 table 10

http://www.dtcms.com/a/291444.html

相关文章:

  • Supervisor 核心原理:如何实现进程管理?
  • 机器视觉的食品包装贴标应用
  • [论文阅读] 人工智能 | ZipMPC:让短视的MPC拥有长远眼光——通过模仿学习压缩长 horizon 智慧
  • A1-静态Mpls
  • 二、计算机网络技术——第2章:物理层
  • [1-01-01].第90节:如何学习新特性:
  • 一文速通《矩阵的特征值和特征向量》
  • 如何解决pip安装报错ModuleNotFoundError: No module named ‘pywifi’问题
  • 马斯克布局儿童 AI 领域,xAI 推出 Baby Grok,将带来哪些变革?
  • Windows防火墙配置详解
  • PDF限制功能如何用?简单教程来了!
  • 网络设备功能对照表
  • TipTap 富文本编辑器在小说写作中的应用实践
  • PyCharm 未正确关联 .jpg 为图片格式
  • 重学前端008 --- 响应式网页设计 CSS 无障碍 Quiz
  • React探索高性能Tree树组件实现——react-window、react-vtree
  • 安装cobalt_Strike_4.7
  • B树、B+树的区别及MySQL为何选择B+树
  • Python 使用期物处理并发(使用concurrent.futures模块启动 进程)
  • 【Elasticsearch】BM25的discount_overlaps参数
  • 卷积神经网络(CNN)原理
  • 零拷贝技术(Zero-Copy)
  • OneCode 3.0 @APIEventAnnotation 注解速查手册
  • 从 Hi3861 平台到 WS63 星闪平台的程序移植全解析
  • 网络编程之 UDP:用户数据报协议详解与实战
  • 二分查找:区间内查询数字的频率
  • 网络协议(三)网络层 IPv4、CIDR(使用子网掩码进行网络划分)、NAT在私网划分中的应用
  • 大模型——上下文工程 (Context Engineering) – 现代 AI 系统的架构基础
  • c语言进阶 自定义类型 枚举,联合
  • 【LeetCode 热题 100】208. 实现 Trie (前缀树)