RHEL 8.5部署Rancher失败

Rancher Server 设置

  • Rancher 版本:
  • 安装选项 (Docker install/Helm Chart):
    • 如果是 Helm Chart 安装,需要提供 Local 集群的类型(RKE1, RKE2, k3s, EKS, 等)和版本:
  • 在线或离线部署:

下游集群信息

  • Kubernetes 版本: 1.25.1
  • Cluster Type (Local/Downstream):
    • 如果 Downstream,是什么类型的集群?(自定义/导入或为托管 等):

用户信息

  • 登录用户的角色是什么? (管理员/集群所有者/集群成员/项目所有者/项目成员/自定义):
    • 如果自定义,自定义权限集:
      管理员
      主机操作系统:
      redhat 8.5
      问题描述:
      podman run --privileged -d --restart=unless-stopped -p 8090:80 -p 8843:443 rancher/rancher:stable
      执行访问不了rancher

重现步骤:
podman run --privileged -d --restart=unless-stopped -p 8090:80 -p 8843:443 rancher/rancher:stable
结果:

2022/09/24 11:35:54 [INFO] Applying CRD machines.cluster.x-k8s.io
2022/09/24 11:35:54 [INFO] Applying CRD machinesets.cluster.x-k8s.io
2022/09/24 11:35:54 [FATAL] k3s exited with: exit status 2
INFO: Running k3s server --cluster-init --cluster-reset
2022/09/24 11:36:18 [INFO] Rancher version v2.6.8 (f650ce839) is starting
2022/09/24 11:36:18 [INFO] Rancher arguments {ACMEDomains: AddLocal:true Embedded:false BindHost: HTTPListenPort:80 HTTPSListenPort:443 K8sMode:auto Debug:false Trace:false NoCACerts:false AuditLogPath:/var/log/auditlog/rancher-api-audit.log AuditLogMaxage:10 AuditLogMaxsize:100 AuditLogMaxbackup:10 AuditLevel:0 Features: ClusterRegistry:}
2022/09/24 11:36:18 [INFO] Listening on /tmp/log.sock
2022/09/24 11:36:18 [INFO] Waiting for server to become available: Get “https://127.0.0.1:6444/version?timeout=15m0s”: dial tcp 127.0.0.1:6444: connect: connection refused
预期结果:

截图:

其他上下文信息:

日志


当启动过程中,可以 exec 到容器里查看 k3s.log

I0924 12:11:13.989409 172 server.go:410] “Adding debug handlers to kubelet server”
E0924 12:11:13.990479 172 kubelet_network_linux.go:99] “Failed to ensure that nat chain exists KUBE-MARK-DROP chain” err=<
error creating chain “KUBE-MARK-DROP”: exit status 3: iptables v1.8.6 (legacy): can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

I0924 12:11:13.990495 172 kubelet_network_linux.go:84] “Failed to initialize protocol iptables rules; some functionality may be missing.” protocol=IPv4
E0924 12:11:13.991026 172 kubelet_network_linux.go:99] “Failed to ensure that nat chain exists KUBE-MARK-DROP chain” err=<
error creating chain “KUBE-MARK-DROP”: exit status 3: ip6tables v1.8.6 (legacy): can’t initialize ip6tables table `nat’: Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.

I0924 12:11:13.991036 172 kubelet_network_linux.go:84] “Failed to initialize protocol iptables rules; some functionality may be missing.” protocol=IPv6
I0924 12:11:13.991041 172 status_manager.go:161] “Starting to sync pod status with apiserver”
I0924 12:11:13.991052 172 kubelet.go:1974] “Starting kubelet main sync loop”
E0924 12:11:13.991079 172 kubelet.go:1998] “Skipping pod synchronization” err="[container runtime status check may not have completed yet, PLEG is not healthy: pleg has yet to be successful]"
I0924 12:11:13.993580 172 controller.go:611] quota admission added evaluator for: leases.coordination.k8s.io
I0924 12:11:13.993688 172 cpu_manager.go:213] “Starting CPU manager” policy=“none”
I0924 12:11:13.993697 172 cpu_manager.go:214] “Reconciling” reconcilePeriod=“10s”
I0924 12:11:13.993709 172 state_mem.go:36] “Initialized new in-memory state store”
I0924 12:11:13.993820 172 state_mem.go:88] “Updated default CPUSet” cpuSet=""
I0924 12:11:13.993830 172 state_mem.go:96] “Updated CPUSet assignments” assignments=map
I0924 12:11:13.993835 172 policy_none.go:49] “None policy: Start”
I0924 12:11:13.994085 172 memory_manager.go:168] “Starting memorymanager” policy=“None”
I0924 12:11:13.994105 172 state_mem.go:35] “Initializing new in-memory state store”
I0924 12:11:13.994225 172 state_mem.go:75] “Updated machine memory state”
I0924 12:11:14.015747 172 manager.go:610] “Failed to read data from checkpoint” checkpoint=“kubelet_internal_checkpoint” err=“checkpoint is not found”
I0924 12:11:14.015919 172 plugin_manager.go:114] “Starting Kubelet Plugin Manager”
time=“2022-09-24T12:11:14Z” level=info msg=“Starting the netpol controller”
I0924 12:11:14.070524 172 network_policy_controller.go:151] Starting network policy controller
F0924 12:11:14.071092 172 network_policy_controller.go:368] failed to check for the existence of chain KUBE-ROUTER-FORWARD, error: running [/usr/bin/iptables -t filter -S KUBE-ROUTER-FORWARD 1 --wait]: exit status 3: iptables v1.8.6 (legacy): can’t initialize iptables table filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. panic: F0924 12:11:14.071092 172 network_policy_controller.go:368] failed to check for the existence of chain KUBE-ROUTER-FORWARD, error: running [/usr/bin/iptables -t filter -S KUBE-ROUTER-FORWARD 1 --wait]: exit status 3: iptables v1.8.6 (legacy): can't initialize iptables table filter’: Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

goroutine 10847 [running]:
k8s.io/klog/v2.(*loggingT).output(0x7d3c7e0, 0x3, 0x0, 0xc000963500, 0x1, {0x6331da1?, 0x2?}, 0xc000600800?, 0x0)
/go/pkg/mod/github.com/k3s-io/klog/v2@v2.60.1-k3s1/klog.go:820 +0x694
k8s.io/klog/v2.(*loggingT).printfDepth(0x7d3c7e0, 0x13?, 0x0, {0x0, 0x0}, 0xc0000a6000?, {0x4bcd221, 0x38}, {0xc0058982e0, 0x2, …})
/go/pkg/mod/github.com/k3s-io/klog/v2@v2.60.1-k3s1/klog.go:630 +0x1f2
k8s.io/klog/v2.(*loggingT).printf(…)
/go/pkg/mod/github.com/k3s-io/klog/v2@v2.60.1-k3s1/klog.go:612
k8s.io/klog/v2.Fatalf(...)
/go/pkg/mod/github.com/k3s-io/klog/v2@v2.60.1-k3s1/klog.go:1496
github.com/cloudnativelabs/kube-router/pkg/controllers/netpol.(*NetworkPolicyController).ensureTopLevelChains(0xc009785000)
/go/pkg/mod/github.com/k3s-io/kube-router@v1.3.3-0.20220405142336-8ea9a06dc0e3/pkg/controllers/netpol/network_policy_controller.go:368 +0x14dc
github.com/cloudnativelabs/kube-router/pkg/controllers/netpol.(*NetworkPolicyController).Run(0xc009785000, 0xc014028960, 0xc000083bc0, 0xc00b3fe390)
/go/pkg/mod/github.com/k3s-io/kube-router@v1.3.3-0.20220405142336-8ea9a06dc0e3/pkg/controllers/netpol/network_policy_controller.go:155 +0x16f
created by github.com/k3s-io/k3s/pkg/agent/netpol.Run
/go/src/github.com/k3s-io/k3s/pkg/agent/netpol/netpol.go:135 +0xaac

你可以现在你的RHEL 8.5上启动一个K3s,先确保K3s可以正常启动。

然后,按照新的Local K3s安装模式部署Rancher,这比single docker安装模式更合理。
参考:Helm CLI Quick Start | Rancher Manager