Rancher离线安装，UI不能访问

Seaofstars · 2023 年8 月 24 日 12:21

RKE版本：
version: v1.2.6
Docker 版本: (docker version,docker info)
Server Version: 19.03.15
操作系统和内核: (cat /etc/os-release, uname -r)
CentOS Linux release 7.9.2009 (Core)
4.19.12-1.el7.elrepo.x86_64
主机类型和供应商: (VirtualBox/Bare-metal/AWS/GCE/DO)
VirtualBox
cluster.yml 文件:


nodes:
- address: *****
  user: rancher
  role: [ "controlplane", "etcd", "worker" ]
  port: 22
  ssh_key_path: ~/.ssh/id_rsa
- address: ******
  user: rancher
  role: [ "controlplane", "etcd", "worker" ]
  port: 22
  ssh_key_path: ~/.ssh/id_rsa
- address: ********
  user: rancher
  role: [ "controlplane", "etcd", "worker" ]
  port: 22
  ssh_key_path: ~/.ssh/id_rsa

private_registries:
- url: ********
  user: admin
  password: "*******"
  is_default: true

services:
  etcd:
    backup_config:
      enabled: true
      interval_hours: 1
      retention: 30
```
```
**问题描述：**
k8s新手，有不对的地方，望见谅。。
内网三台服务器通过rke安装的kubernetes集群，helm安装的rancher集群

pod都正常启动了。
~~~shell~~~
[root@YTH-TEST-DOCKER01 ~]# kubectl get pod -A
NAMESPACE                   NAME                                       READY   STATUS      RESTARTS   AGE
cattle-fleet-local-system   fleet-agent-5cc65b7c96-tbjl2               1/1     Running     0          47h
cattle-fleet-system         fleet-controller-7f84fb4647-gzp55          1/1     Running     0          47h
cattle-fleet-system         gitjob-7487f6b7b-mrxdx                     1/1     Running     0          47h
cattle-system               rancher-659fbcb549-dczv4                   1/1     Running     0          47h
cattle-system               rancher-659fbcb549-rs5nb                   1/1     Running     0          47h
cattle-system               rancher-659fbcb549-xfdxl                   1/1     Running     0          47h
cattle-system               rancher-post-delete-xpplc                  0/1     Completed   0          47h
cattle-system               rancher-webhook-94cfc6f-77r6p              1/1     Running     0          47h
ingress-nginx               default-http-backend-69bf75696d-br9pv      1/1     Running     0          47h
ingress-nginx               nginx-ingress-controller-mnqsh             1/1     Running     0          47h
ingress-nginx               nginx-ingress-controller-pkbtf             1/1     Running     0          47h
ingress-nginx               nginx-ingress-controller-w9zsm             1/1     Running     0          47h
kube-system                 calico-kube-controllers-5b6c984b9f-6fsb9   1/1     Running     0          47h
kube-system                 canal-6qkw9                                2/2     Running     0          47h
kube-system                 canal-dpkbs                                2/2     Running     0          47h
kube-system                 canal-flmzd                                2/2     Running     0          47h
kube-system                 coredns-85f545bff4-65xfm                   1/1     Running     0          47h
kube-system                 coredns-85f545bff4-ssq49                   1/1     Running     0          47h
kube-system                 coredns-autoscaler-56c6579c87-q5tsk        1/1     Running     0          47h
kube-system                 metrics-server-84df556f8d-l7w8x            1/1     Running     0          47h
kube-system                 rke-coredns-addon-deploy-job-g4kt2         0/1     Completed   0          47h
kube-system                 rke-ingress-controller-deploy-job-8plhg    0/1     Completed   0          47h
kube-system                 rke-metrics-addon-deploy-job-7pp4w         0/1     Completed   0          47h
kube-system                 rke-network-plugin-deploy-job-m6vpp        0/1     Completed   0          47h

## rancher日志: 
Cleanup finished successfully.
2023/08/22 22:25:40 [INFO] Updating TLS secret for cattle-system/serving-cert (count: 7): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.42.0.3:10.42.0.3 listener.cattle.io/cn-10.42.1.5:10.42.1.5 listener.cattle.io/cn-10.42.2.4:10.42.2.4 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=C62178B62C9AE85E05673331B72D82346097C253]
2023/08/22 22:25:40 [INFO] Updating TLS secret for cattle-system/tls-rancher-internal (count: 2): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.43.145.51:10.43.145.51 listener.cattle.io/fingerprint:SHA1=C109D5DDB46CB8A7191EA91669086F6C5D33A6D6]
2023/08/23 08:25:40 [INFO] Updating TLS secret for cattle-system/serving-cert (count: 7): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.42.0.3:10.42.0.3 listener.cattle.io/cn-10.42.1.5:10.42.1.5 listener.cattle.io/cn-10.42.2.4:10.42.2.4 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=C62178B62C9AE85E05673331B72D82346097C253]
2023/08/23 08:25:40 [INFO] Updating TLS secret for cattle-system/tls-rancher-internal (count: 2): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.43.145.51:10.43.145.51 listener.cattle.io/fingerprint:SHA1=C109D5DDB46CB8A7191EA91669086F6C5D33A6D6]
2023/08/23 12:25:35 [INFO] Loaded configuration from /var/lib/rancher-data/driver-metadata/data.json in [0x6fe0b70 /var/lib/rancher-data/driver-metadata/data.json]
2023/08/23 12:25:36 [INFO] Loaded configuration from /var/lib/rancher-data/driver-metadata/data.json in [0x6fe0b70 /var/lib/rancher-data/driver-metadata/data.json]
2023/08/23 18:25:40 [INFO] Updating TLS secret for cattle-system/tls-rancher-internal (count: 2): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.43.145.51:10.43.145.51 listener.cattle.io/fingerprint:SHA1=C109D5DDB46CB8A7191EA91669086F6C5D33A6D6]
2023/08/23 18:25:40 [INFO] Updating TLS secret for cattle-system/serving-cert (count: 7): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.42.0.3:10.42.0.3 listener.cattle.io/cn-10.42.1.5:10.42.1.5 listener.cattle.io/cn-10.42.2.4:10.42.2.4 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=C62178B62C9AE85E05673331B72D82346097C253]
2023/08/24 04:25:40 [INFO] Updating TLS secret for cattle-system/serving-cert (count: 7): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.42.0.3:10.42.0.3 listener.cattle.io/cn-10.42.1.5:10.42.1.5 listener.cattle.io/cn-10.42.2.4:10.42.2.4 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=C62178B62C9AE85E05673331B72D82346097C253]
2023/08/24 04:25:40 [INFO] Updating TLS secret for cattle-system/tls-rancher-internal (count: 2): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.43.145.51:10.43.145.51 listener.cattle.io/fingerprint:SHA1=C109D5DDB46CB8A7191EA91669086F6C5D33A6D6]
2023/08/24 04:25:33 [INFO] kontainerdriver azurekubernetesservice listening on address 127.0.0.1:37379
2023/08/24 04:25:33 [INFO] kontainerdriver amazonelasticcontainerservice listening on address 127.0.0.1:45507
2023/08/24 04:25:33 [INFO] kontainerdriver amazonelasticcontainerservice stopped
2023/08/24 04:25:33 [INFO] dynamic schema for kontainerdriver amazonelasticcontainerservice updating
2023/08/24 04:25:33 [INFO] kontainerdriver azurekubernetesservice stopped
2023/08/24 04:25:33 [INFO] dynamic schema for kontainerdriver azurekubernetesservice updating
2023/08/24 04:25:33 [INFO] kontainerdriver googlekubernetesengine stopped
2023/08/24 04:25:33 [INFO] dynamic schema for kontainerdriver googlekubernetesengine updating
2023/08/24 04:25:33 [INFO] Updating TLS secret for cattle-system/serving-cert (count: 7): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.42.0.3:10.42.0.3 listener.cattle.io/cn-10.42.1.5:10.42.1.5 listener.cattle.io/cn-10.42.2.4:10.42.2.4 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=C62178B62C9AE85E05673331B72D82346097C253]
2023/08/24 04:25:33 [INFO] Updating TLS secret for cattle-system/tls-rancher-internal (count: 2): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.43.145.51:10.43.145.51 listener.cattle.io/fingerprint:SHA1=C109D5DDB46CB8A7191EA91669086F6C5D33A6D6]
2023/08/22 22:25:58 [INFO] Updating TLS secret for cattle-system/tls-rancher-internal (count: 2): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.43.145.51:10.43.145.51 listener.cattle.io/fingerprint:SHA1=C109D5DDB46CB8A7191EA91669086F6C5D33A6D6]
2023/08/22 22:25:58 [INFO] Updating TLS secret for cattle-system/serving-cert (count: 7): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.42.0.3:10.42.0.3 listener.cattle.io/cn-10.42.1.5:10.42.1.5 listener.cattle.io/cn-10.42.2.4:10.42.2.4 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=C62178B62C9AE85E05673331B72D82346097C253]
2023/08/23 08:25:58 [INFO] Updating TLS secret for cattle-system/serving-cert (count: 7): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.42.0.3:10.42.0.3 listener.cattle.io/cn-10.42.1.5:10.42.1.5 listener.cattle.io/cn-10.42.2.4:10.42.2.4 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=C62178B62C9AE85E05673331B72D82346097C253]
2023/08/23 08:25:58 [INFO] Updating TLS secret for cattle-system/tls-rancher-internal (count: 2): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.43.145.51:10.43.145.51 listener.cattle.io/fingerprint:SHA1=C109D5DDB46CB8A7191EA91669086F6C5D33A6D6]
2023/08/23 12:25:57 [INFO] Loaded configuration from /var/lib/rancher-data/driver-metadata/data.json in [0x6fe0b70 /var/lib/rancher-data/driver-metadata/data.json]
2023/08/23 12:25:58 [INFO] Loaded configuration from /var/lib/rancher-data/driver-metadata/data.json in [0x6fe0b70 /var/lib/rancher-data/driver-metadata/data.json]
2023/08/23 18:25:58 [INFO] Updating TLS secret for cattle-system/serving-cert (count: 7): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.42.0.3:10.42.0.3 listener.cattle.io/cn-10.42.1.5:10.42.1.5 listener.cattle.io/cn-10.42.2.4:10.42.2.4 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=C62178B62C9AE85E05673331B72D82346097C253]
2023/08/23 18:25:58 [INFO] Updating TLS secret for cattle-system/tls-rancher-internal (count: 2): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.43.145.51:10.43.145.51 listener.cattle.io/fingerprint:SHA1=C109D5DDB46CB8A7191EA91669086F6C5D33A6D6]
2023/08/24 04:25:58 [INFO] Updating TLS secret for cattle-system/tls-rancher-internal (count: 2): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.43.145.51:10.43.145.51 listener.cattle.io/fingerprint:SHA1=C109D5DDB46CB8A7191EA91669086F6C5D33A6D6]
2023/08/24 04:25:58 [INFO] Updating TLS secret for cattle-system/serving-cert (count: 7): map[field.cattle.io/projectId:local:p-gvtfn listener.cattle.io/cn-10.42.0.3:10.42.0.3 listener.cattle.io/cn-10.42.1.5:10.42.1.5 listener.cattle.io/cn-10.42.2.4:10.42.2.4 listener.cattle.io/cn-127.0.0.1:127.0.0.1 listener.cattle.io/cn-localhost:localhost listener.cattle.io/cn-rancher.cattle-system:rancher.cattle-system listener.cattle.io/fingerprint:SHA1=C62178B62C9AE85E05673331B72D82346097C253]


### 通过nginx做的负载：###

cat stream-k8s-rancher.conf
upstream rancher_servers {
   least_conn;
   server ******:443 max_fails=3 fail_timeout=5s;
   server ******:443 max_fails=3 fail_timeout=5s;
   server *******:443 max_fails=3 fail_timeout=5s;
}
server {
   listen 443;
   proxy_pass rancher_servers;
}

**内网有DNS服务器，解析的域名：ranchertest.tjcz.com
内网nginx服务器只对堡垒机放开了443端口，通过堡垒机访问UI页面，一直显示loading....空白页面

![image|690x219](upload://yM0YtH2qfhoFJpVYixyi7AUhGSX.png)

请教一下这应该怎么排查啊？内网是有防火墙的。
### 三台rancher服务器端口开放情况：
协议		端口号					
TCP  		22	   	 		 
TCP			376	  			    
TCP			2379	  			 
TCP			2380	  			  
UDP		  8472	 			  
TCP			9099	  			 
TCP			9796	  			   
TCP			6783	   			
UDP		   6783-6784	       
TCP			10250	  			
TCP			10254   				
TCP			30000-32767	   
TCP			6443					
TCP			9443					
TCP			80						
TCP			443					   
TCP          	9091					 
TCP			9100					
TCP			9101				
TCP			18080				  
TCP			9198					
TCP			9093		
TCP			3000

#### nginx服务器只对堡垒机开放了443端口,访问  ranchertest.tjcz.com 浏览器可以看到rancher的牛头图标，但是一直显示loading....  排查了一天也不知道是哪里不对  或者哪个端口不通

ksd · 2023 年8 月 24 日 12:46

一脸懵逼，看不懂要表达啥

Seaofstars · 2023 年8 月 25 日 03:08

就是UI页面不能访问,一直是loading状态