我正在尝试在我的服务器(Debian 10)上安装 kubernetes 集群。在我的服务器上,我使用 ufw 作为防火墙。
在创建集群之前,我在 ufw 上允许了这些端口:
179/tcp、4789/udp、5473/tcp、443/tcp、6443/tcp、2379/tcp、4149/tcp、10250/tcp、10255/tcp、10256/tcp、9099/tcp、6443/tcp
正如 calico 文档所建议的那样(https://docs.projectcalico.org/getting-started/kubernetes/requirements https://docs.projectcalico.org/getting-started/kubernetes/requirements)以及这个关于 kubernetes 安全性的 git 存储库(https://github.com/freach/kubernetes-security-best-practice https://github.com/freach/kubernetes-security-best-practice).
但是当我想创建集群时,calico/node pod 无法启动,因为 Felix 不活动(我在 ufw 上允许 9099/tcp):
活动探测失败:calico/node 未准备好:Felix 不活动:获取http://localhost:9099/liveness http://localhost:9099/liveness:拨打 tcp [::1]:9099: 连接:连接被拒绝
如果我禁用 ufw,则会创建集群并且不会出现错误。
所以我想知道应该如何配置 ufw 才能让 kubernetes 工作。
如果有人能帮助我,那就太好了,谢谢!
编辑:我的 ufw 状态
To Action From
6443/tcp ALLOW Anywhere
9099 ALLOW Anywhere
179/tcp ALLOW Anywhere
4789/udp ALLOW Anywhere
5473/tcp ALLOW Anywhere
2379/tcp ALLOW Anywhere
8181 ALLOW Anywhere
8080 ALLOW Anywhere
###### (v6) LIMIT Anywhere (v6) # allow ssh connections in
Postfix (v6) ALLOW Anywhere (v6)
KUBE (v6) ALLOW Anywhere (v6)
6443 (v6) ALLOW Anywhere (v6)
6783/udp (v6) ALLOW Anywhere (v6)
6784/udp (v6) ALLOW Anywhere (v6)
6783/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
4149/tcp (v6) ALLOW Anywhere (v6)
10250/tcp (v6) ALLOW Anywhere (v6)
10255/tcp (v6) ALLOW Anywhere (v6)
10256/tcp (v6) ALLOW Anywhere (v6)
9099/tcp (v6) ALLOW Anywhere (v6)
6443/tcp (v6) ALLOW Anywhere (v6)
9099 (v6) ALLOW Anywhere (v6)
179/tcp (v6) ALLOW Anywhere (v6)
4789/udp (v6) ALLOW Anywhere (v6)
5473/tcp (v6) ALLOW Anywhere (v6)
2379/tcp (v6) ALLOW Anywhere (v6)
8181 (v6) ALLOW Anywhere (v6)
8080 (v6) ALLOW Anywhere (v6)
53 ALLOW OUT Anywhere # allow DNS calls out
123 ALLOW OUT Anywhere # allow NTP out
80/tcp ALLOW OUT Anywhere # allow HTTP traffic out
443/tcp ALLOW OUT Anywhere # allow HTTPS traffic out
21/tcp ALLOW OUT Anywhere # allow FTP traffic out
43/tcp ALLOW OUT Anywhere # allow whois
SMTPTLS ALLOW OUT Anywhere # open TLS port 465 for use with SMPT to send e-mails
10.32.0.0/12 ALLOW OUT Anywhere on weave
53 (v6) ALLOW OUT Anywhere (v6) # allow DNS calls out
123 (v6) ALLOW OUT Anywhere (v6) # allow NTP out
80/tcp (v6) ALLOW OUT Anywhere (v6) # allow HTTP traffic out
443/tcp (v6) ALLOW OUT Anywhere (v6) # allow HTTPS traffic out
21/tcp (v6) ALLOW OUT Anywhere (v6) # allow FTP traffic out
43/tcp (v6) ALLOW OUT Anywhere (v6) # allow whois
SMTPTLS (v6) ALLOW OUT Anywhere (v6) # open TLS port 465 for use with SMPT to send e-mails
抱歉,我的 ufw 规则有点混乱,我尝试了太多的方法来让 kubernetes 正常工作。
我正在尝试在我的服务器(Debian 10)上安装 kubernetes 集群。在我的服务器上,我使用 ufw 作为防火墙。在创建集群之前,我在 ufw 上允许了这些端口:
179/tcp、4789/udp、5473/tcp、443/tcp、6443/tcp、2379/tcp、4149/tcp、10250/tcp、10255/tcp、10256/tcp、9099/tcp、6443/tcp
NOTE:所有可执行命令都以$
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
