Menu
I'm new to flannel and K8s. I'm playing around them on my 1 master and 2 nodes cluster (created from KVM).
I initialized my cluster with flannel network addon. And then I found I can't reach the Internal. It turned out that there may be something wrong with my network or DNS process.
Following https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/, I add 8285 and 8472 to firewalld
[root@k8smaster ~]# firewall-cmd --list-port
6443/tcp 80/tcp 8285/udp 8472/udp 8472/tcp 8285/tcp
And I got
[root@k8smaster ~]# kubectl exec -ti dnsutils -- nslookup kubernetes.default
;; connection timed out; no servers could be reached
command terminated with exit code 1
However, if I stop the firewalld, everything is just fine.
[root@k8smaster ~]# kubectl exec -ti dnsutils -- nslookup kubernetes.default
Server: 10.96.0.10
Address: 10.96.0.10#53
Name: kubernetes.default.svc.cluster.local
Address: 10.96.0.1
So my question is, are there any ports I should add into firewalld? Let me know if any info. I should add here. Thank you.
920
Suggested by @KoopaKiller, I indeed missed configuring the ports for k8s itself. I paste my script below for your reference.
# Master
firewall-cmd --permanent --add-port=6443/tcp # Kubernetes API server
firewall-cmd --permanent --add-port=2379-2380/tcp # etcd server client API
firewall-cmd --permanent --add-port=10250/tcp # Kubelet API
firewall-cmd --permanent --add-port=10251/tcp # kube-scheduler
firewall-cmd --permanent --add-port=10252/tcp # kube-controller-manager
firewall-cmd --permanent --add-port=8285/udp # Flannel
firewall-cmd --permanent --add-port=8472/udp # Flannel
firewall-cmd --add-masquerade --permanent
# only if you want NodePorts exposed on control plane IP as well
firewall-cmd --permanent --add-port=30000-32767/tcp
firewall-cmd --reload
systemctl restart firewalld
# Node
firewall-cmd --permanent --add-port=10250/tcp
firewall-cmd --permanent --add-port=8285/udp # Flannel
firewall-cmd --permanent --add-port=8472/udp # Flannel
firewall-cmd --permanent --add-port=30000-32767/tcp
firewall-cmd --add-masquerade --permanent
firewall-cmd --reload
systemctl restart firewalld
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With