开启了firewalld，防火墙，按照官网文档开放的端口，登陆还是报错了，不知道怎么搞，求助论坛

Hhuang · 2024年11月25日

创建部署问题时，请参考下面模板，你提供的信息越多，越容易及时获得解答。如果未按模板创建问题，管理员有权关闭问题。
确保帖子格式清晰易读，用 markdown code block 语法格式化代码块。
你只花一分钟创建的问题，不能指望别人花上半个小时给你解答。

操作系统信息
虚拟机，Centos7.9，4C/8G

Kubernetes版本信息
将 kubectl version 命令执行结果贴在下方

容器运行时
将 docker version / crictl version / nerdctl version 结果贴在下方

KubeSphere版本信息
例如：v2.1.1/v3.0.0。离线安装还是在线安装。在已有K8s上安装还是使用kk安装。
v4.1
问题是什么
开启了firewalld，防火墙，按照官网文档开放的端口
#防火墙开启
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo firewall-cmd –state

sudo firewall-cmd –zone=public –add-port=22/tcp –permanent
sudo firewall-cmd –zone=public –add-port=2379-2380/tcp –permanent
sudo firewall-cmd –zone=public –add-port=6443/tcp –permanent
sudo firewall-cmd –zone=public –add-port=9099-9100/tcp –permanent
sudo firewall-cmd –zone=public –add-port=179/tcp –permanent
sudo firewall-cmd –zone=public –add-port=30000-32767/tcp –permanent
sudo firewall-cmd –zone=public –add-port=10250-10258/tcp –permanent
sudo firewall-cmd –zone=public –add-port=53/tcp –permanent
sudo firewall-cmd –zone=public –add-port=53/udp –permanent
sudo firewall-cmd –zone=public –add-port=5000/tcp –permanent
sudo firewall-cmd –zone=public –add-port=5080/tcp –permanent
sudo firewall-cmd –zone=public –add-port=111/tcp –permanent
sudo firewall-cmd –zone=public –add-port=8443/tcp –permanent
sudo firewall-cmd –zone=public –add-port=9090/tcp –permanent
sudo firewall-cmd –permanent –zone=public –add-rich-rule=‘rule protocol value=“ipip” accept’

sudo firewall-cmd –reload
sudo firewall-cmd –zone=public –list-ports
sudo firewall-cmd –zone=public –list-rich-rules

允许Kubernetes API server的入站TCP流量

sudo firewall-cmd –zone=public –add-port=443/tcp –permanent
sudo firewall-cmd –zone=public –add-port=6443/tcp –permanent

允许etcd server client API的入站TCP流量

sudo firewall-cmd –zone=public –add-port=2379/tcp –permanent
sudo firewall-cmd –zone=public –add-port=2380/tcp –permanent

允许Kubelet API的入站TCP流量

sudo firewall-cmd –zone=public –add-port=10250/tcp –permanent

允许kube-scheduler的入站TCP流量

sudo firewall-cmd –zone=public –add-port=10259/tcp –permanent

允许kube-controller-manager的入站TCP流量

sudo firewall-cmd –zone=public –add-port=10257/tcp –permanent

允许kube-proxy的入站TCP流量（通常kube-proxy不需要直接开放端口，除非有特定配置）

sudo firewall-cmd –zone=public –add-port=10256/tcp –permanent

允许NodePort Services的入站TCP流量范围

sudo firewall-cmd –zone=public –add-port=30000-32767/tcp –permanent

允许DNS Node Cache的入站TCP和UDP流量

sudo firewall-cmd –zone=public –add-port=53/tcp –permanent
sudo firewall-cmd –zone=public –add-port=9253/tcp –permanent
sudo firewall-cmd –zone=public –add-port=9254/tcp –permanent
sudo firewall-cmd –zone=public –add-port=9353/tcp –permanent
sudo firewall-cmd –zone=public –add-port=53/udp –permanent

重新加载firewalld配置以使更改生效

sudo firewall-cmd –reload
登陆还是报错了，不知道怎么搞，求助论坛