创建部署问题时,请参考下面模板,你提供的信息越多,越容易及时获得解答。如果未按模板创建问题,管理员有权关闭问题。
确保帖子格式清晰易读,用 markdown code block 语法格式化代码块。
你只花一分钟创建的问题,不能指望别人花上半个小时给你解答。
操作系统信息
虚拟机,Centos7.9,4C/8G
Kubernetes版本信息
将 kubectl version 命令执行结果贴在下方
容器运行时
将 docker version / crictl version / nerdctl version 结果贴在下方
KubeSphere版本信息
例如:v2.1.1/v3.0.0。离线安装还是在线安装。在已有K8s上安装还是使用kk安装。
v4.1
问题是什么
开启了firewalld,防火墙,按照官网文档开放的端口
#防火墙开启
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo firewall-cmd –state
sudo firewall-cmd –zone=public –add-port=22/tcp –permanent
sudo firewall-cmd –zone=public –add-port=2379-2380/tcp –permanent
sudo firewall-cmd –zone=public –add-port=6443/tcp –permanent
sudo firewall-cmd –zone=public –add-port=9099-9100/tcp –permanent
sudo firewall-cmd –zone=public –add-port=179/tcp –permanent
sudo firewall-cmd –zone=public –add-port=30000-32767/tcp –permanent
sudo firewall-cmd –zone=public –add-port=10250-10258/tcp –permanent
sudo firewall-cmd –zone=public –add-port=53/tcp –permanent
sudo firewall-cmd –zone=public –add-port=53/udp –permanent
sudo firewall-cmd –zone=public –add-port=5000/tcp –permanent
sudo firewall-cmd –zone=public –add-port=5080/tcp –permanent
sudo firewall-cmd –zone=public –add-port=111/tcp –permanent
sudo firewall-cmd –zone=public –add-port=8443/tcp –permanent
sudo firewall-cmd –zone=public –add-port=9090/tcp –permanent
sudo firewall-cmd –permanent –zone=public –add-rich-rule=‘rule protocol value=“ipip” accept’
sudo firewall-cmd –reload
sudo firewall-cmd –zone=public –list-ports
sudo firewall-cmd –zone=public –list-rich-rules
允许Kubernetes API server的入站TCP流量
sudo firewall-cmd –zone=public –add-port=443/tcp –permanent
sudo firewall-cmd –zone=public –add-port=6443/tcp –permanent
允许etcd server client API的入站TCP流量
sudo firewall-cmd –zone=public –add-port=2379/tcp –permanent
sudo firewall-cmd –zone=public –add-port=2380/tcp –permanent
允许Kubelet API的入站TCP流量
sudo firewall-cmd –zone=public –add-port=10250/tcp –permanent
允许kube-scheduler的入站TCP流量
sudo firewall-cmd –zone=public –add-port=10259/tcp –permanent
允许kube-controller-manager的入站TCP流量
sudo firewall-cmd –zone=public –add-port=10257/tcp –permanent
允许kube-proxy的入站TCP流量(通常kube-proxy不需要直接开放端口,除非有特定配置)
sudo firewall-cmd –zone=public –add-port=10256/tcp –permanent
允许NodePort Services的入站TCP流量范围
sudo firewall-cmd –zone=public –add-port=30000-32767/tcp –permanent
允许DNS Node Cache的入站TCP和UDP流量
sudo firewall-cmd –zone=public –add-port=53/tcp –permanent
sudo firewall-cmd –zone=public –add-port=9253/tcp –permanent
sudo firewall-cmd –zone=public –add-port=9254/tcp –permanent
sudo firewall-cmd –zone=public –add-port=9353/tcp –permanent
sudo firewall-cmd –zone=public –add-port=53/udp –permanent
重新加载firewalld配置以使更改生效
sudo firewall-cmd –reload
登陆还是报错了,不知道怎么搞,求助论坛
