Rancher 启动成功,但无法访问 rancher ui

Rancher 2.x
1

Rancher Server 设置

  • Rancher 版本:2.9.3

  • 安装选项 (Docker install/Helm Chart): hel chart

    • 如果是 Helm Chart 安装,需要提供 Local 集群的类型(RKE1, RKE2, k3s, EKS, 等)和版本:
      rke2,1.30.6

  • 在线或离线部署:
    在线部署

下游集群信息

  • Kubernetes 版本:
    Client Version: v1.30.6+rke2r1
    Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
    Server Version: v1.30.6+rke2r1

  • Cluster Type (Local/Downstream): Local

    • 如果 Downstream,是什么类型的集群?(自定义/导入或为托管 等):
      托管

用户信息

  • 登录用户的角色是什么? (管理员/集群所有者/集群成员/项目所有者/项目成员/自定义):
    • 如果自定义,自定义权限集:管理员

主机操作系统:
ubuntu

问题描述:
使用rke2部署完 k8s集群后,rancher ui 无法访问,报404 not found

重现步骤:
根据教程部署rke2 , 高可用版,采用rancher的ssl 配置,按照官方教程helm chart install rancher,
访问相应url not found,查看服务器下是否有进程监控443 和 80端口,都没有进程监听。但查看pod信息都显示工作状态

结果:

预期结果:

截图:

其他上下文信息:

日志 
2024/11/22 02:23:44 [INFO] Rancher version v2.10.0 (df45e368c82d4027410fa4700371982b9236b7c8) is starting
2024/11/22 02:23:44 [INFO] Rancher arguments {ACMEDomains:[] AddLocal:true Embedded:false BindHost: HTTPListenPort:80 HTTPSListenPort:443 K8sMode:auto Debug:false Trace:false NoCACerts:false AuditLogPath:/var/log/auditlog/rancher-api-audit.log AuditLogMaxage:10 AuditLogMaxsize:100 AuditLogMaxbackup:10 AuditLevel:0 Features: ClusterRegistry:}
。。。
2024/11/22 02:24:10 [INFO] Starting management.cattle.io/v3, Kind=User controller
2024/11/22 02:24:10 [INFO] Starting management.cattle.io/v3, Kind=Cluster controller
2024/11/22 02:24:10 [INFO] Listening on :443
2024/11/22 02:24:10 [INFO] Listening on :80
2024/11/22 02:24:10 [INFO] Active TLS secret cattle-system/serving-cert (ver=159215) (count 5): map[field.cattle.io/projectId:local:p-lxbct listener.cattle.io/cn-10.42.0.19:10.42.0.19 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=7D629BB16DD0DEB58063DD6A9C9E22F0FBF6408B]
2024/11/22 02:24:10 [INFO] certificate CN=dynamic,O=dynamic signed by CN=dynamiclistener-ca@1732242219,O=dynamiclistener-org: notBefore=2024-11-22 02:23:39 +0000 UTC notAfter=2025-11-22 02:24:10 +0000 UTC
2024/11/22 02:24:10 [INFO] certificate CN=dynamic,O=dynamic signed by CN=dynamiclistener-ca@1732242219,O=dynamiclistener-org: notBefore=2024-11-22 02:23:39 +0000 UTC notAfter=2025-11-22 02:24:10 +0000 UTC
2024/11/22 02:24:10 [INFO] Updating TLS secret for cattle-system/serving-cert (count: 6): map[field.cattle.io/projectId:local:p-lxbct listener.cattle.io/cn-10.42.0.19:10.42.0.19 listener.cattle.io/cn-10.42.0.20:10.42.0.20 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=FEC450FBC70DD290D5D2FC4EA0FBD762BB8E1E60]
2024/11/22 02:24:10 [INFO] Starting cluster agent for local [owner=false]
2024/11/22 02:24:10 [INFO] Starting rbac.authorization.k8s.io/v1, Kind=ClusterRole controller
2024/11/22 02:24:10 [INFO] Starting /v1, Kind=Secret controller
2024/11/22 02:24:10 [INFO] Starting rbac.authorization.k8s.io/v1, Kind=Role controller
2024/11/22 02:24:10 [INFO] Starting /v1, Kind=Namespace controller
2024/11/22 02:24:10 [INFO] Starting /v1, Kind=ServiceAccount controller
2024/11/22 02:24:10 [INFO] Starting rbac.authorization.k8s.io/v1, Kind=RoleBinding controller
2024/11/22 02:24:10 [INFO] Starting rbac.authorization.k8s.io/v1, Kind=ClusterRoleBinding controller
2024/11/22 02:24:10 [INFO] Active TLS secret cattle-system/serving-cert (ver=160437) (count 6): map[field.cattle.io/projectId:local:p-lxbct listener.cattle.io/cn-10.42.0.19:10.42.0.19 listener.cattle.io/cn-10.42.0.20:10.42.0.20 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=FEC450FBC70DD290D5D2FC4EA0FBD762BB8E1E60]
2024/11/22 02:24:10 [INFO] Listening on :444
2024/11/22 02:24:10 [INFO] Active TLS secret cattle-system/tls-rancher-internal (ver=159262) (count 2): map[field.cattle.io/projectId:local:p-lxbct listener.cattle.io/cn-10.43.177.99:10.43.177.99 listener.cattle.io/fingerprint:SHA1=710FF3242EAA82F6317EADC38ACB09BE4010A956]
2024/11/22 02:24:10 [INFO] Starting /v1, Kind=Secret controller
2024/11/22 02:24:10 [INFO] Updating TLS secret for cattle-system/serving-cert (count: 6): map[field.cattle.io/projectId:local:p-lxbct listener.cattle.io/cn-10.42.0.19:10.42.0.19 listener.cattle.io/cn-10.42.0.20:10.42.0.20 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=FEC450FBC70DD290D5D2FC4EA0FBD762BB8E1E60]
2024/11/22 02:24:10 [INFO] Updating TLS secret for cattle-system/tls-rancher-internal (count: 2): map[field.cattle.io/projectId:local:p-lxbct listener.cattle.io/cn-10.43.177.99:10.43.177.99 listener.cattle.io/fingerprint:SHA1=710FF3242EAA82F6317EADC38ACB09BE4010A956]
W1122 02:24:11.213148      39 warnings.go:70] v1 ComponentStatus is deprecated in v1.19+
2024/11/22 02:24:11 [INFO] Watching metadata for fleet.cattle.io/v1alpha1, Kind=Bundle
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=ClusterTemplateRevision
2024/11/22 02:24:11 [INFO] Watching metadata for groupsnapshot.storage.k8s.io/v1alpha1, Kind=VolumeGroupSnapshotClass
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=FleetWorkspace
2024/11/22 02:24:11 [INFO] Watching metadata for project.cattle.io/v3, Kind=App
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=KontainerDriver
2024/11/22 02:24:11 [INFO] Watching metadata for networking.k8s.io/v1, Kind=Ingress
2024/11/22 02:24:11 [INFO] Watching metadata for crd.projectcalico.org/v1, Kind=IPAMBlock
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=RkeAddon
2024/11/22 02:24:11 [INFO] Watching metadata for /v1, Kind=Endpoints
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=ProjectCatalog
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=ClusterRoleTemplateBinding
2024/11/22 02:24:11 [INFO] Watching metadata for admissionregistration.k8s.io/v1, Kind=ValidatingAdmissionPolicyBinding
2024/11/22 02:24:11 [INFO] Watching metadata for rke.cattle.io/v1, Kind=RKEControlPlane
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=MultiClusterApp
2024/11/22 02:24:11 [INFO] Watching metadata for apps/v1, Kind=StatefulSet
2024/11/22 02:24:11 [INFO] Watching metadata for cluster.x-k8s.io/v1beta1, Kind=Machine
2024/11/22 02:24:11 [INFO] Watching metadata for crd.projectcalico.org/v1, Kind=GlobalNetworkPolicy
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine-config.cattle.io/v1, Kind=Amazonec2Config
2024/11/22 02:24:11 [INFO] Watching metadata for storage.k8s.io/v1, Kind=VolumeAttachment
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=Preference
2024/11/22 02:24:11 [INFO] Watching metadata for cluster.x-k8s.io/v1beta1, Kind=MachineHealthCheck
2024/11/22 02:24:11 [INFO] Watching metadata for /v1, Kind=Node
2024/11/22 02:24:11 [INFO] Watching metadata for cert-manager.io/v1, Kind=CertificateRequest
2024/11/22 02:24:11 [INFO] Watching metadata for discovery.k8s.io/v1, Kind=EndpointSlice
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=ProjectRoleTemplateBinding
2024/11/22 02:24:11 [INFO] Watching metadata for apps/v1, Kind=Deployment
2024/11/22 02:24:11 [INFO] Watching metadata for /v1, Kind=Event
2024/11/22 02:24:11 [INFO] Watching metadata for helm.cattle.io/v1, Kind=HelmChartConfig
2024/11/22 02:24:11 [INFO] Watching metadata for helm.cattle.io/v1, Kind=HelmChart
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=NodeTemplate
2024/11/22 02:24:11 [INFO] Watching metadata for crd.projectcalico.org/v1, Kind=FelixConfiguration
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=GlobalRole
2024/11/22 02:24:11 [INFO] Watching metadata for ui.cattle.io/v1, Kind=NavLink
2024/11/22 02:24:11 [INFO] Watching metadata for snapshot.storage.k8s.io/v1, Kind=VolumeSnapshotContent
2024/11/22 02:24:11 [INFO] Watching metadata for groupsnapshot.storage.k8s.io/v1alpha1, Kind=VolumeGroupSnapshotContent
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine-config.cattle.io/v1, Kind=HarvesterConfig
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine-config.cattle.io/v1, Kind=LinodeConfig
2024/11/22 02:24:11 [INFO] Watching metadata for crd.projectcalico.org/v1, Kind=IPPool
2024/11/22 02:24:11 [INFO] Watching metadata for storage.k8s.io/v1, Kind=CSIStorageCapacity
2024/11/22 02:24:11 [INFO] Watching metadata for cluster.x-k8s.io/v1beta1, Kind=MachineDeployment
2024/11/22 02:24:11 [INFO] Watching metadata for batch/v1, Kind=Job
2024/11/22 02:24:11 [INFO] Watching metadata for crd.projectcalico.org/v1, Kind=ClusterInformation
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine.cattle.io/v1, Kind=Amazonec2Machine
2024/11/22 02:24:11 [INFO] Watching metadata for storage.k8s.io/v1, Kind=CSINode
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=ClusterCatalog
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=RkeK8sSystemImage
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=SamlToken
2024/11/22 02:24:11 [INFO] Watching metadata for flowcontrol.apiserver.k8s.io/v1, Kind=FlowSchema
2024/11/22 02:24:11 [INFO] Watching metadata for flowcontrol.apiserver.k8s.io/v1, Kind=PriorityLevelConfiguration
2024/11/22 02:24:11 [INFO] Watching metadata for crd.projectcalico.org/v1, Kind=BlockAffinity
2024/11/22 02:24:11 [INFO] Watching metadata for apiregistration.k8s.io/v1, Kind=APIService
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine.cattle.io/v1, Kind=HarvesterMachineTemplate
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=Group
2024/11/22 02:24:11 [INFO] Watching metadata for node.k8s.io/v1, Kind=RuntimeClass
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=User
2024/11/22 02:24:11 [INFO] Watching metadata for provisioning.cattle.io/v1, Kind=Cluster
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine.cattle.io/v1, Kind=LinodeMachineTemplate
2024/11/22 02:24:11 [INFO] Watching metadata for acme.cert-manager.io/v1, Kind=Challenge
2024/11/22 02:24:11 [INFO] Watching metadata for cert-manager.io/v1, Kind=ClusterIssuer
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine-config.cattle.io/v1, Kind=DigitaloceanConfig
2024/11/22 02:24:11 [INFO] Watching metadata for storage.k8s.io/v1, Kind=StorageClass
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=NodeDriver
2024/11/22 02:24:11 [INFO] Watching metadata for rke.cattle.io/v1, Kind=CustomMachine
2024/11/22 02:24:11 [INFO] Watching metadata for apps/v1, Kind=DaemonSet
2024/11/22 02:24:11 [INFO] Watching metadata for /v1, Kind=ReplicationController
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine.cattle.io/v1, Kind=HarvesterMachine
2024/11/22 02:24:11 [INFO] Watching metadata for apps/v1, Kind=ReplicaSet
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=Cluster
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=CatalogTemplate
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=RoleTemplate
2024/11/22 02:24:11 [INFO] Watching metadata for crd.projectcalico.org/v1, Kind=CalicoNodeStatus
2024/11/22 02:24:11 [INFO] Watching metadata for rbac.authorization.k8s.io/v1, Kind=ClusterRole
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=ClusterTemplate
2024/11/22 02:24:11 [INFO] Watching metadata for networking.k8s.io/v1, Kind=NetworkPolicy
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=CatalogTemplateVersion
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=Node
2024/11/22 02:24:11 [INFO] Watching metadata for catalog.cattle.io/v1, Kind=Operation
2024/11/22 02:24:11 [INFO] Watching metadata for /v1, Kind=ResourceQuota
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine.cattle.io/v1, Kind=VmwarevsphereMachine
2024/11/22 02:24:11 [INFO] Watching metadata for storage.k8s.io/v1, Kind=CSIDriver
2024/11/22 02:24:11 [INFO] Watching metadata for rke.cattle.io/v1, Kind=RKECluster
2024/11/22 02:24:11 [INFO] Watching metadata for crd.projectcalico.org/v1, Kind=IPAMConfig
2024/11/22 02:24:11 [INFO] Watching metadata for certificates.k8s.io/v1, Kind=CertificateSigningRequest
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=ClusterRegistrationToken
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine.cattle.io/v1, Kind=AzureMachine
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=APIService
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=ProjectNetworkPolicy
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=RkeK8sServiceOption
2024/11/22 02:24:11 [INFO] Watching metadata for scheduling.k8s.io/v1, Kind=PriorityClass
2024/11/22 02:24:11 [INFO] Watching metadata for fleet.cattle.io/v1alpha1, Kind=Cluster
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine.cattle.io/v1, Kind=Amazonec2MachineTemplate
2024/11/22 02:24:11 [INFO] Watching metadata for crd.projectcalico.org/v1, Kind=IPReservation
2024/11/22 02:24:11 [INFO] Watching metadata for rke.cattle.io/v1, Kind=RKEBootstrapTemplate
2024/11/22 02:24:11 [INFO] Watching metadata for crd.projectcalico.org/v1, Kind=HostEndpoint
2024/11/22 02:24:11 [INFO] Watching metadata for /v1, Kind=PodTemplate
2024/11/22 02:24:11 [INFO] Watching metadata for events.k8s.io/v1, Kind=Event
2024/11/22 02:24:11 [INFO] Watching metadata for snapshot.storage.k8s.io/v1, Kind=VolumeSnapshotClass
2024/11/22 02:24:11 [INFO] Watching metadata for catalog.cattle.io/v1, Kind=UIPlugin
2024/11/22 02:24:11 [INFO] Watching metadata for cluster.x-k8s.io/v1beta1, Kind=MachineSet
2024/11/22 02:24:11 [INFO] Watching metadata for rke.cattle.io/v1, Kind=ETCDSnapshot
2024/11/22 02:24:11 [INFO] Watching metadata for autoscaling/v2, Kind=HorizontalPodAutoscaler
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=Feature
2024/11/22 02:24:11 [INFO] Watching metadata for snapshot.storage.k8s.io/v1, Kind=VolumeSnapshot
2024/11/22 02:24:11 [INFO] Watching metadata for /v1, Kind=ConfigMap
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=AuthConfig
2024/11/22 02:24:11 [INFO] Watching metadata for admissionregistration.k8s.io/v1, Kind=ValidatingAdmissionPolicy
2024/11/22 02:24:11 [INFO] Watching metadata for rbac.authorization.k8s.io/v1, Kind=RoleBinding
2024/11/22 02:24:11 [INFO] Watching metadata for groupsnapshot.storage.k8s.io/v1alpha1, Kind=VolumeGroupSnapshot
2024/11/22 02:24:11 [INFO] Watching metadata for cert-manager.io/v1, Kind=Certificate
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=DynamicSchema
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=UserAttribute
2024/11/22 02:24:11 [INFO] Watching metadata for /v1, Kind=PersistentVolume
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=Project
2024/11/22 02:24:11 [INFO] Watching metadata for project.cattle.io/v3, Kind=AppRevision
2024/11/22 02:24:11 [INFO] Watching metadata for rke.cattle.io/v1, Kind=RKEBootstrap
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=RancherUserNotification
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=TemplateContent
2024/11/22 02:24:11 [INFO] Watching metadata for crd.projectcalico.org/v1, Kind=BGPPeer
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine.cattle.io/v1, Kind=AzureMachineTemplate
2024/11/22 02:24:11 [INFO] Watching metadata for /v1, Kind=Namespace
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=EtcdBackup
2024/11/22 02:24:11 [INFO] Watching metadata for admissionregistration.k8s.io/v1, Kind=MutatingWebhookConfiguration
2024/11/22 02:24:11 [INFO] Watching metadata for cert-manager.io/v1, Kind=Issuer
2024/11/22 02:24:11 [INFO] Watching metadata for coordination.k8s.io/v1, Kind=Lease
2024/11/22 02:24:11 [INFO] Watching metadata for catalog.cattle.io/v1, Kind=App
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=ComposeConfig
2024/11/22 02:24:11 [INFO] Watching metadata for policy/v1, Kind=PodDisruptionBudget
2024/11/22 02:24:11 [INFO] Watching metadata for /v1, Kind=Pod
2024/11/22 02:24:11 [INFO] Watching metadata for k3s.cattle.io/v1, Kind=Addon
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=TemplateVersion
2024/11/22 02:24:11 [INFO] Watching metadata for crd.projectcalico.org/v1, Kind=GlobalNetworkSet
2024/11/22 02:24:11 [INFO] Watching metadata for crd.projectcalico.org/v1, Kind=NetworkPolicy
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine.cattle.io/v1, Kind=LinodeMachine
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=ManagedChart
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=MultiClusterAppRevision
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine.cattle.io/v1, Kind=DigitaloceanMachine
2024/11/22 02:24:11 [INFO] Watching metadata for rbac.authorization.k8s.io/v1, Kind=Role
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine.cattle.io/v1, Kind=DigitaloceanMachineTemplate
2024/11/22 02:24:11 [INFO] Watching metadata for crd.projectcalico.org/v1, Kind=IPAMHandle
2024/11/22 02:24:11 [INFO] Watching metadata for apiextensions.k8s.io/v1, Kind=CustomResourceDefinition
2024/11/22 02:24:11 [INFO] Watching metadata for /v1, Kind=ServiceAccount
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine.cattle.io/v1, Kind=VmwarevsphereMachineTemplate
2024/11/22 02:24:11 [INFO] Watching metadata for cluster.x-k8s.io/v1beta1, Kind=Cluster
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=Token
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=GroupMember
2024/11/22 02:24:11 [INFO] Watching metadata for rbac.authorization.k8s.io/v1, Kind=ClusterRoleBinding
2024/11/22 02:24:11 [INFO] Watching metadata for crd.projectcalico.org/v1, Kind=BGPConfiguration
2024/11/22 02:24:11 [INFO] Watching metadata for /v1, Kind=Secret
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine-config.cattle.io/v1, Kind=VmwarevsphereConfig
2024/11/22 02:24:11 [INFO] Watching metadata for crd.projectcalico.org/v1, Kind=NetworkSet
2024/11/22 02:24:11 [INFO] Watching metadata for batch/v1, Kind=CronJob
2024/11/22 02:24:11 [INFO] Watching metadata for /v1, Kind=Service
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=Template
2024/11/22 02:24:11 [INFO] Watching metadata for k3s.cattle.io/v1, Kind=ETCDSnapshotFile
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=NodePool
2024/11/22 02:24:11 [INFO] Watching metadata for catalog.cattle.io/v1, Kind=ClusterRepo
2024/11/22 02:24:11 [INFO] Watching metadata for rke-machine-config.cattle.io/v1, Kind=AzureConfig
2024/11/22 02:24:11 [INFO] Watching metadata for admissionregistration.k8s.io/v1, Kind=ValidatingWebhookConfiguration
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=Catalog
2024/11/22 02:24:11 [INFO] Watching metadata for apps/v1, Kind=ControllerRevision
2024/11/22 02:24:11 [INFO] Watching metadata for acme.cert-manager.io/v1, Kind=Order
2024/11/22 02:24:11 [INFO] Watching metadata for /v1, Kind=PersistentVolumeClaim
2024/11/22 02:24:11 [INFO] Watching metadata for crd.projectcalico.org/v1, Kind=KubeControllersConfiguration
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=GlobalRoleBinding
2024/11/22 02:24:11 [INFO] Watching metadata for /v1, Kind=LimitRange
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=Setting
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=PodSecurityAdmissionConfigurationTemplate
2024/11/22 02:24:11 [INFO] Watching metadata for networking.k8s.io/v1, Kind=IngressClass
2024/11/22 02:24:11 [INFO] Watching metadata for fleet.cattle.io/v1alpha1, Kind=ClusterGroup
2024/11/22 02:24:11 [INFO] Watching metadata for management.cattle.io/v3, Kind=ClusterProxyConfig
2024/11/22 02:24:11 [INFO] driverMetadata: refreshing data from upstream https://releases.rancher.com/kontainer-driver-metadata/release-v2.10/data.json
2024/11/22 02:24:11 [INFO] Retrieve data.json from local path /var/lib/rancher-data/driver-metadata/data.json
2024/11/22 02:24:11 [INFO] Handling backend connection request [10.42.0.19]
2024/11/22 02:24:12 [INFO] Loaded configuration from https://releases.rancher.com/kontainer-driver-metadata/release-v2.10/data.json in [0x10c85620]
2024/11/22 02:24:13 [INFO] Loaded configuration from https://releases.rancher.com/kontainer-driver-metadata/release-v2.10/data.json in [0x10c85620]
2024/11/22 02:24:25 [ERROR] Failed to handle tunnel request from remote address 10.42.0.21:48070: response 400: cluster not found
2024/11/22 02:24:25 [INFO] Updating TLS secret for cattle-system/serving-cert (count: 7): map[field.cattle.io/projectId:local:p-lxbct listener.cattle.io/cn-10.42.0.19:10.42.0.19 listener.cattle.io/cn-10.42.0.20:10.42.0.20 listener.cattle.io/cn-10.42.0.21:10.42.0.21 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=B7210B879F28B3353D4070920632354A15555DB6]
2024/11/22 02:24:25 [INFO] Active TLS secret cattle-system/serving-cert (ver=160515) (count 7): map[field.cattle.io/projectId:local:p-lxbct listener.cattle.io/cn-10.42.0.19:10.42.0.19 listener.cattle.io/cn-10.42.0.20:10.42.0.20 listener.cattle.io/cn-10.42.0.21:10.42.0.21 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=B7210B879F28B3353D4070920632354A15555DB6]
2024/11/22 02:24:30 [INFO] error in remotedialer server [400]: read tcp 10.42.0.20:443->10.42.0.19:43194: use of closed network connection
2024/11/22 02:24:30 [ERROR] Failed to handle tunnel request from remote address 10.42.0.21:48072: response 400: cluster not found
2024/11/22 02:24:30 [ERROR] Failed to serve peer connection 10.42.0.19: websocket: close 1006 (abnormal closure): unexpected EOF
2024/11/22 02:24:30 [INFO] Adding peer wss://10.42.0.21/v3/connect, 10.42.0.21
2024/11/22 02:24:30 [INFO] Stopping cluster agent for local
2024/11/22 02:24:30 [INFO] Shutting down rbac.authorization.k8s.io/v1, Kind=ClusterRoleBinding workers
2024/11/22 02:24:30 [INFO] Shutting down rbac.authorization.k8s.io/v1, Kind=RoleBinding workers
2024/11/22 02:24:30 [INFO] Shutting down /v1, Kind=ServiceAccount workers
2024/11/22 02:24:30 [INFO] Shutting down /v1, Kind=Namespace workers
2024/11/22 02:24:30 [INFO] Shutting down rbac.authorization.k8s.io/v1, Kind=Role workers
2024/11/22 02:24:30 [INFO] Shutting down /v1, Kind=Secret workers
2024/11/22 02:24:30 [INFO] Shutting down rbac.authorization.k8s.io/v1, Kind=ClusterRole workers
2024/11/22 02:24:31 [INFO] Starting cluster controllers for local
2024/11/22 02:24:31 [INFO] Starting cluster.x-k8s.io/v1beta1, Kind=Cluster controller
2024/11/22 02:24:31 [INFO] Starting rke.cattle.io/v1, Kind=RKEControlPlane controller
2024/11/22 02:24:31 [INFO] Starting /v1, Kind=LimitRange controller
2024/11/22 02:24:31 [INFO] Starting /v1, Kind=Node controller
2024/11/22 02:24:31 [INFO] Starting /v1, Kind=Secret controller
2024/11/22 02:24:31 [INFO] Starting /v1, Kind=Namespace controller
2024/11/22 02:24:31 [INFO] Starting /v1, Kind=ResourceQuota controller
2024/11/22 02:24:31 [INFO] Starting rbac.authorization.k8s.io/v1, Kind=ClusterRoleBinding controller
2024/11/22 02:24:31 [INFO] Starting rbac.authorization.k8s.io/v1, Kind=Role controller
2024/11/22 02:24:31 [INFO] Starting apiregistration.k8s.io/v1, Kind=APIService controller
2024/11/22 02:24:31 [INFO] Starting /v1, Kind=ServiceAccount controller
2024/11/22 02:24:31 [INFO] Starting rbac.authorization.k8s.io/v1, Kind=ClusterRole controller
2024/11/22 02:24:31 [INFO] Starting rbac.authorization.k8s.io/v1, Kind=RoleBinding controller
2024/11/22 02:24:31 [INFO] Starting cluster agent for local [owner=true]
2024/11/22 02:24:35 [INFO] Handling backend connection request [10.42.0.21]
2024/11/22 02:24:35 [INFO] Handling backend connection request [10.42.0.19]
W1122 02:25:01.403990      39 warnings.go:70] v1 ComponentStatus is deprecated in v1.19+
2024/11/22 02:25:01 [INFO] Watching metadata for fleet.cattle.io/v1alpha1, Kind=BundleDeployment
2024/11/22 02:25:01 [INFO] Watching metadata for fleet.cattle.io/v1alpha1, Kind=ImageScan
2024/11/22 02:25:01 [INFO] Watching metadata for fleet.cattle.io/v1alpha1, Kind=BundleNamespaceMapping
2024/11/22 02:25:01 [INFO] Watching metadata for fleet.cattle.io/v1alpha1, Kind=GitRepoRestriction
2024/11/22 02:25:01 [INFO] Watching metadata for fleet.cattle.io/v1alpha1, Kind=ClusterRegistration
2024/11/22 02:25:01 [INFO] Watching metadata for fleet.cattle.io/v1alpha1, Kind=Content
2024/11/22 02:25:01 [INFO] Watching metadata for fleet.cattle.io/v1alpha1, Kind=GitRepo
2024/11/22 02:25:01 [INFO] Watching metadata for fleet.cattle.io/v1alpha1, Kind=ClusterRegistrationToken
2024/11/22 02:25:10 [INFO] certificate CN=dynamic,O=dynamic signed by CN=dynamiclistener-ca@1732242220,O=dynamiclistener-org: notBefore=2024-11-22 02:23:40 +0000 UTC notAfter=2025-11-22 02:25:10 +0000 UTC
2024/11/22 02:25:10 [INFO] Updating TLS secret for cattle-system/tls-rancher-internal (count: 3): map[field.cattle.io/projectId:local:p-lxbct listener.cattle.io/cn-10.42.0.20:10.42.0.20 listener.cattle.io/cn-10.43.177.99:10.43.177.99 listener.cattle.io/fingerprint:SHA1=E321B8954417AB2D9FE4EFE1D24C4B8C034D60F9]
2024/11/22 02:25:10 [INFO] certificate CN=dynamic,O=dynamic signed by CN=dynamiclistener-ca@1732242220,O=dynamiclistener-org: notBefore=2024-11-22 02:23:40 +0000 UTC notAfter=2025-11-22 02:25:10 +0000 UTC
2024/11/22 02:25:10 [INFO] Updating TLS secret for cattle-system/tls-rancher-internal (count: 4): map[field.cattle.io/projectId:local:p-lxbct listener.cattle.io/cn-10.42.0.20:10.42.0.20 listener.cattle.io/cn-10.42.0.21:10.42.0.21 listener.cattle.io/cn-10.43.177.99:10.43.177.99 listener.cattle.io/fingerprint:SHA1=D48CEA1EF718DC956EDE5558E18CB27B45C1847C]
2024/11/22 02:25:10 [INFO] Updating TLS secret for cattle-system/tls-rancher-internal (count: 3): map[field.cattle.io/projectId:local:p-lxbct listener.cattle.io/cn-10.42.0.21:10.42.0.21 listener.cattle.io/cn-10.43.177.99:10.43.177.99 listener.cattle.io/fingerprint:SHA1=4CEEE5AA21DF6750ED9FC6D1D98C4ED000A5BBA8]
2024/11/22 02:25:10 [INFO] Active TLS secret cattle-system/tls-rancher-internal (ver=160967) (count 4): map[field.cattle.io/projectId:local:p-lxbct listener.cattle.io/cn-10.42.0.20:10.42.0.20 listener.cattle.io/cn-10.42.0.21:10.42.0.21 listener.cattle.io/cn-10.43.177.99:10.43.177.99 listener.cattle.io/fingerprint:SHA1=D48CEA1EF718DC956EDE5558E18CB27B45C1847C]
2024/11/22 02:25:10 [INFO] Updating TLS secret for cattle-system/tls-rancher-internal (count: 4): map[field.cattle.io/projectId:local:p-lxbct listener.cattle.io/cn-10.42.0.20:10.42.0.20 listener.cattle.io/cn-10.42.0.21:10.42.0.21 listener.cattle.io/cn-10.43.177.99:10.43.177.99 listener.cattle.io/fingerprint:SHA1=D48CEA1EF718DC956EDE5558E18CB27B45C1847C]
2024/11/22 02:25:13 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=cattle-fleet-local-system, err=Operation cannot be fulfilled on namespaces "cattle-fleet-local-system": the object has been modified; please apply your changes to the latest version and try again
2024/11/22 02:25:13 [ERROR] defaultSvcAccountHandler: Sync: error handling default ServiceAccount of namespace key=cattle-fleet-local-system, err=Operation cannot be fulfilled on namespaces "cattle-fleet-local-system": the object has been modified; please apply your changes to the latest version and try again
2024/11/22 02:25:13 [INFO] Updating TLS secret for cattle-system/tls-rancher-internal (count: 5): map[field.cattle.io/projectId:local:p-lxbct listener.cattle.io/cn-10.42.0.19:10.42.0.19 listener.cattle.io/cn-10.42.0.20:10.42.0.20 listener.cattle.io/cn-10.42.0.21:10.42.0.21 listener.cattle.io/cn-10.43.177.99:10.43.177.99 listener.cattle.io/fingerprint:SHA1=D44D195EE97E799F9E46298046D817CED442AA94]
2024/11/22 02:25:13 [INFO] Active TLS secret cattle-system/tls-rancher-internal (ver=161048) (count 5): map[field.cattle.io/projectId:local:p-lxbct listener.cattle.io/cn-10.42.0.19:10.42.0.19 listener.cattle.io/cn-10.42.0.20:10.42.0.20 listener.cattle.io/cn-10.42.0.21:10.42.0.21 listener.cattle.io/cn-10.43.177.99:10.43.177.99 listener.cattle.io/fingerprint:SHA1=D44D195EE97E799F9E46298046D817CED442AA94]
W1122 02:25:58.844390      39 warnings.go:70] v1 ComponentStatus is deprecated in v1.19+
2024/11/22 02:25:58 [INFO] Watching metadata for upgrade.cattle.io/v1, Kind=Plan
W1122 02:26:06.444534      39 warnings.go:70] v1 ComponentStatus is deprecated in v1.19+
2

把完整的安装步骤都列下吧

1 个赞
3

完整安装步骤:
server 节点:

mkdir -p /etc/rancher/rke2/
echo  \
token: my-shared-secret \
tls-san: \
  - my-kubernetes-domain.com \
  - another-kubernetes-domain.com  > /etc/rancher/rke2/config.yaml

curl -sfL https://get.rke2.io | sh -
systemctl enable rke2-server.service
systemctl start rke2-server.service

 本机节点:
rke2.yaml 拷贝来自server节点生成的kubeconfig 文件,后省略 --kubeconfig
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
kubectl --kubeconfig rke2.yaml create namespace cattle-system

// install cert-manager
# 如果你手动安装了CRD,而不是在 Helm 安装命令中添加了 `--set installCRDs=true` 选项,你应该在升级 Helm Chart 之前升级 CRD 资源。
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16/cert-manager.crds.yaml

# 添加 Jetstack Helm 仓库
helm repo add jetstack https://charts.jetstack.io

# 更新本地 Helm Chart 仓库缓存
helm repo update

# 安装 cert-manager Helm Chart
helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace

helm repo add rancher-latest https://releases.rancher.com/server-charts/latest

helm install rancher rancher-latest/rancher \
  --namespace cattle-system \
  --set hostname=rancher.my.org \
  --set bootstrapPassword=admin
4

你说 rancher ui 无法访问,是指 rancher.my.org 输入到浏览器之后没显示是不?

那你将这个域名映射到主机了么?

5

我访问时使用的是ip访问,我尝试使用浏览器访问没显示,用curl 和 telnet 访问了ip端口也没用,后续我查看了server上的 端口使用,并没有看到80或者443端口被占用,在使用docker启动的方式里,则是能看到

7

helm 安装的 rancher 只能用域名去访问,不能用 ip 访问,你得把域名和ingress controller 的主机做个映射才行,你可以参考下 本论坛 权威教程 章节里的高可用安装

1 个赞
8

可是我是用netstat -anp | grep 80 都没有发现相应rancher进程

9

iptables -L -t nat | grep 443

10

这条命令也没有

11

有相关的443端口,但ip是10.43.x.x的,不是server 的 ip

12

我按照权威中的走一遍试下

13

确实是这个问题,必须用域名访问,否则会ssl认证失败,非常感谢