为什么cluster.yaml中配置的cidr不生效

环境信息:
RKE2 版本:

节点 CPU 架构,操作系统和版本:

集群配置:
3server

问题描述:
cluster.yaml中配置了cidr 但是kube-controller-manager启动的时候用了默认的cidr 10.42.0.0/24

重现步骤:
cluster.yaml 内容


kube-controller-manager启动报错

预期结果:

实际结果:

日志

有没有大神遇到过 这种情况该咋处理

使用 v1.32.8+rke2r1 验证,没重现:

root@ksd:~# mkdir -p /etc/rancher/rke2
root@ksd:~# vi /etc/rancher/rke2/config.yaml
root@ksd:~# cat /etc/rancher/rke2/config.yaml
cluster-cidr: 10.243.252.0/24
service-cidr: 10.243.253.0/24
cni: canal

root@ksd:~# curl -sfL https://get.rke2.io | sh -
[INFO]  finding release for channel stable
[INFO]  using v1.32.8+rke2r1 as release
[INFO]  downloading checksums at https://github.com/rancher/rke2/releases/download/v1.32.8%2Brke2r1/sha256sum-amd64.txt
[INFO]  downloading tarball at https://github.com/rancher/rke2/releases/download/v1.32.8%2Brke2r1/rke2.linux-amd64.tar.gz
[INFO]  verifying tarball
[INFO]  unpacking tarball file to /usr/local

root@ksd:~# systemctl enable rke2-server.service
Created symlink /etc/systemd/system/multi-user.target.wants/rke2-server.service → /usr/local/lib/systemd/system/rke2-server.service.
root@ksd:~# systemctl start rke2-server.service


root@ksd:~# export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
/var/lib/rancher/rke2/bin/kubectl get nodes
NAME   STATUS   ROLES                       AGE   VERSION
ksd    Ready    control-plane,etcd,master   83s   v1.32.8+rke2r1
root@ksd:~# /var/lib/rancher/rke2/bin/kubectl get pods -A
NAMESPACE     NAME                                                    READY   STATUS      RESTARTS   AGE
kube-system   cloud-controller-manager-ksd                            1/1     Running     0          79s
kube-system   etcd-ksd                                                1/1     Running     0          79s
kube-system   helm-install-rke2-canal-fwrtk                           0/1     Completed   0          80s
kube-system   helm-install-rke2-coredns-tcwvf                         0/1     Completed   0          80s
kube-system   helm-install-rke2-ingress-nginx-9h9dw                   1/1     Running     0          80s
kube-system   helm-install-rke2-metrics-server-fndls                  0/1     Completed   0          80s
kube-system   helm-install-rke2-runtimeclasses-gbt79                  0/1     Completed   0          80s
kube-system   helm-install-rke2-snapshot-controller-455k5             0/1     Completed   1          80s
kube-system   helm-install-rke2-snapshot-controller-crd-tps7n         0/1     Completed   0          80s
kube-system   kube-apiserver-ksd                                      1/1     Running     0          79s
kube-system   kube-controller-manager-ksd                             1/1     Running     0          79s
kube-system   kube-proxy-ksd                                          1/1     Running     0          79s
kube-system   kube-scheduler-ksd                                      1/1     Running     0          79s
kube-system   rke2-canal-xbn27                                        2/2     Running     0          63s
kube-system   rke2-coredns-rke2-coredns-86c455b944-n7bdw              0/1     Running     0          65s
kube-system   rke2-coredns-rke2-coredns-autoscaler-79677f89c4-4d6ws   1/1     Running     0          65s
kube-system   rke2-ingress-nginx-admission-create-5mx2k               1/1     Running     0          19s
kube-system   rke2-metrics-server-69bdccfdd9-l6cb6                    0/1     Running     0          20s
kube-system   rke2-snapshot-controller-696989ffdd-x8cnv               1/1     Running     0          20s

我裂开了 重试了几次都是这样

我试了好几台机器都是会用到默认的cidr

你详细的写一下重现步骤,比如你的操作系统,你的 rke2 版本,最好把你所有的操作都 copy 进来,配置相关的尽量别截图,文本复制过来。

1.操作系统
centos7.9 Linux CCPNM-tst015 3.10.0-1160.71.1.el7.x86_64 #1 SMP Tue Jun 28 15:37:28 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
rke2版本:v1.32.8+rke2r1

2.系统初始化

添加网桥过滤及地址转发配置

echo “配置内核参数…”
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
EOF

加载 br_netfilter 模块

echo “加载br_netfilter模块…”
echo “modprobe br_netfilter” >> /etc/rc.d/rc.local
modprobe br_netfilter

加载网桥过滤配置文件

echo “应用内核参数…”
sysctl -p /etc/sysctl.d/k8s.conf

安装 ipset 及 ipvsadm

echo “安装ipset及ipvsadm”
yum -y install ipset ipvsadm

ipvs作为kube-proxy的转发机制,开启ipvs模块支持

cat > /etc/ipvs.modules << EOF
#!/bin/bash
modprobe – ip_vs
modprobe – ip_vs_rr
modprobe – ip_vs_wrr
modprobe – ip_vs_sh
modprobe – nf_conntrack
EOF
chmod +x /etc/ipvs.modules && bash /etc/ipvs.modules

3.离线安装
gitlab上下载离线安装包:
mkdir /root/rke2-artifacts && cd /root/rke2-artifacts/
curl -OLs https://github.com/rancher/rke2/releases/download/v1.38.2%2Brke2r2/rke2-images.linux-amd64.tar.zst
curl -OLs https://github.com/rancher/rke2/releases/download/v1.38.2%2Brke2r2/rke2.linux-amd64.tar.gz
curl -OLs https://github.com/rancher/rke2/releases/download/v1.38.2%2Brke2r2/sha256sum-amd64.txt
curl -sfL https://get.rke2.io --output install.sh
INSTALL_RKE2_MIRROR=cn INSTALL_RKE2_TYPE=“server” INSTALL_RKE2_VERSION=v1.32.8+rke2r1 INSTALL_RKE2_ARTIFACT_PATH=/root/rke2-artifacts sh install.sh

mkdir -p /etc/rancher/rke2 /var/lib/rancher/rke2/db/snapshots

配置/etc/rancher/rke2/config.yaml:
cat > /etc/rancher/rke2/config.yaml << EOF
write-kubeconfig: “/root/.kube/config”
write-kubeconfig-mode: “0644”

data-dir: “/var/lib/rancher/rke2”
token: “Infinitus3048”
tls-san:
-“10.86.37.86”

system-default-registry: “registry.cn-hangzhou.aliyuncs.com

kube-controller-manager-arg:
-“node-cidr-mask-size=27”

cluster-cidr: 10.243.252.0/24
service-cidr: 10.243.253.0/24
cni: canal

disable: rke2-ingress-nginx

etcd-snapshot-schedule-cron: “0 */12 * * *”
etcd-snapshot-retention: “6”
etcd-snapshot-dir: “$(data-dir)/db/snapshots”

kube-proxy-arg: # 不指定的话,默认是 iptables 模式

  • “proxy-mode=ipvs”
  • “ipvs-strict-arp=true”
    EOF

启动:
systemctl start rke2-server

我使用 centos 7.9,并且根据你的步骤复制粘贴下来的,还是没重现,我不知道是不是你的 config.yaml 格式错误了导致的

[root@ksd-centos ~]# cat /etc/rancher/rke2/config.yaml
write-kubeconfig: "/root/.kube/config"
write-kubeconfig-mode: "0644"

data-dir: "/var/lib/rancher/rke2"
token: "Infinitus3048"

tls-san:
  - "10.86.37.86"

kube-controller-manager-arg:
  - "node-cidr-mask-size=27"

cluster-cidr: "10.243.252.0/24"
service-cidr: "10.243.253.0/24"
cni: "canal"

disable:
  - rke2-ingress-nginx

etcd-snapshot-schedule-cron: "0 */12 * * *"
etcd-snapshot-retention: 6
etcd-snapshot-dir: "/var/lib/rancher/rke2/db/snapshots"

kube-proxy-arg:
  - "proxy-mode=ipvs"
  - "ipvs-strict-arp=true"
[root@ksd-centos ~]# /var/lib/rancher/rke2/bin/kubectl get pods -A -o wide | grep kube-controller-manager
kube-system   kube-controller-manager-ksd-centos                      1/1     Running            0              4m11s   10.201.170.180   ksd-centos   <none>           <none>
[root@ksd-centos ~]#

另外根据 rke2 支持矩阵 已经不支持 centos 了,可以选取一个受支持的 OS 来安装 rke2

:bulb: 如果您在生产环境中使用 Rancher,希望获得更专业、及时的技术支持,也欢迎了解一下我们的商业订阅服务。可以点击论坛右上角聊天(:speech_balloon:)图标,私信联系我了解详细信息,我们有中文支持团队为您服务 :blush:

我换成v1.32.7+rke2r1的离线版本就能成功部署了