I love Rancher - looks really promising - but have one issue.
i am trying to setup kubernetes cluster on such machines:
Red Hat 7.2
user namespace enabled in kernel
docker 1.10.3
selinux enabled
I have 3 hosts with such configuration. On one I just run rancher/server 1.1.2- nothing more.
The other two are ment to be kubernetes cluster.
Now - If I add hosts to the Kubernetes environment they create cluster with no issues. BUT if I create service with one container running on one host I can connect to this service only via host where it runs.
Service and RC are configured with NodePort and 1 replica.
kube-proxy says : Dial failed: dial tcp 172.17.0.6:8080: i/o timeout
Both docker engines have default network configuration.
I tried also with servers with selinux and user namespace disbled - still no luck.
I tried add flannel to docker and then setup kubernetes cluster from rancher but then kubernetes went mad
Could you tell me what is that thing ?
If you need some more information just tell me what is needed.
Thanks!
edit :
fixed it by adding static routes on the nodes.
Hi xifedi
did you get an answer for your issue? I’m running into sort of the same issue. I can’t access the cluster from my workstation even after using the config file generated by Rancher. Let me know. Thanks
So yes - i have fixed it by changing docker network on nodes to:
node 1 (lets say node IP 192.168.10.11/24) : docker net :172.17.1.0/24
node 2 (192.168.10.12/24) : 172.17.2.0/24
node 3 (192.168.10.13/24) : 172.17.3.0/24
and by adding static routes :
on node 1:
route to 172.17.2.0/24 via 182.168.10.12
route to 172.17.3.0/24 via 182.168.10.13
on node 2:
route to 172.17.1.0/24 via 182.168.10.11
route to 172.17.3.0/24 via 182.168.10.13
on node 3:
route to 172.17.1.0/24 via 182.168.10.11
route to 172.17.2.0/24 via 182.168.10.12
As I said kubernetes cluster services/containers in archer all were green but proxy could not reach pod/container on the other nodes.
or maybe simply I should configure network as subnets of kubernetes cluster network ? 10.42.x.x/24 or something like that ?
I wanted to see how rancher works before I recommend it for QC/Prod environment. For now it is a bit disappointing.
The next thing is when I create service in particular namespace in kubernetes it is shown as standalone until I restart the whole cluster. Moreover when I take node where pod is running down it is moved to another node (as it should) but it is shown as standalone again… I am talking about host view .
If somebody knows what I am doing wrong I would appreciate some hints These artificial static routes are not a fix in fact but workaround.
Thanks!
ps: I didn’t try to use kubectl from my workstation.
hi @xifedi. Thank You so much for the feedback. I agree with you, i don’t really think that is the solution. I am looking at Rancher as the main solution for our CaaS, what i was looking forward also, was using the docker-machine drivers to use on our internally developed IaaS. Will continue testing further, hoping Rancher can provide a more automated solution for deploying Kubernetes environment. @denise - thoughts on your side? Thanks
Have a good weekend to all
after hours of digging it looks like io.rancher.container.network=true label is not set for docker containers created by kubernetes.
My docker network is default on all hosts : 172.17.0.0/16
rancher network is set to 172.18.0.0/16.
Kubernetes cluster components are assigned IP addresses from rancher network - so it is fine.
When I create service and replication controller pod always get IP address from 172.17.0.0/16 range - WRONG.
Any idea how to add it durig RC / SVC creation ? I do not plan to run any containers as standalone so setting this label for all newly created containers is fine as well.
Seriously I am really tired to make it work so this is the last thing I want to try before I give up …
any thoughts on this issue ?
I tried with rancher 1.1.2, 1.1.3 and v1.2.0-pre2 but still no luck.
Pods always gets IP from docker network instead of rancher network ;/
Only if I create container it gets rancher IP…
uninstalling docker-selinux package from red hat 7.2 and removing --selinux-enable from docker daemon options solved problem but exposed host filesystem as unrestricted to containers. It is possible to modify host filesystem without any restrictions including whole /etc … This is unacceptable
Question to Rancher guys - what selinux settings are required for rancher to run correctly ?
I have same problem on Ubuntu 14.04.4.
I don’t have any selinux installed on host servers. Still every pod i creating gets ip from 172.17.0.0/16 range 8(
Has there been any resolution to this? I’m trying to get this to work with ubuntu 16 and it always dies on the proxy.
Should I be setting io.rancher.container.network=true somewhere in the config of each of the hosts? I tried adding that without any success. I should also mention that all of my ip addresses are assigned prior to the deployment and I’m also having trouble with the kubelet process.
These artificial static routes are not a fix in fact but workaround.