Kubernetes/CoresOS节点无法与ApiServer Kube代理通信
我按照本指南设置了Kubernetes网络,当我运行仪表板或DNS加载项时,它们在25秒后导致崩溃。然后,我遵循这一点,在执行时超时 kubectl exec test-701078429-s5kca——旋度-k 注意:如果我执行了kubectl exec test-701078429-s5kca--curl-k,它就工作了(公共IP) 另外,如果我在主节点上执行curl-k,也可以工作Kubernetes/CoresOS节点无法与ApiServer Kube代理通信,kubernetes,kube-proxy,Kubernetes,Kube Proxy,我按照本指南设置了Kubernetes网络,当我运行仪表板或DNS加载项时,它们在25秒后导致崩溃。然后,我遵循这一点,在执行时超时 kubectl exec test-701078429-s5kca——旋度-k 注意:如果我执行了kubectl exec test-701078429-s5kca--curl-k,它就工作了(公共IP) 另外,如果我在主节点上执行curl-k,也可以工作 因此,问题在于10.2.0.0/16上的Kubelets无法与10.3.0.1/24上的api服务器通信,这
因此,问题在于10.2.0.0/16上的Kubelets无法与10.3.0.1/24上的api服务器通信,这表明这可能是kube代理问题。仅供参考:我可以使用10.2.x.x成功地从一台机器上的一个节点内部ping到另一台机器上的另一个节点。问题是kubelets/etc/kubernetes/manifests/kube-proxy.yaml中的配置问题
apiVersion: v1
kind: Pod
metadata:
name: kube-proxy
namespace: kube-system
spec:
hostNetwork: true
containers:
- name: kube-proxy
image: quay.io/coreos/hyperkube:v1.6.1_coreos.0
command:
- /hyperkube
- proxy
- --master=https://192.168.3.240
- --kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml
- --proxy-mode=iptables
securityContext:
privileged: true
volumeMounts:
- mountPath: /etc/ssl/certs
name: "ssl-certs"
- mountPath: /etc/kubernetes/worker-kubeconfig.yaml
name: "kubeconfig"
readOnly: true
- mountPath: /etc/kubernetes/ssl
name: "etc-kube-ssl"
readOnly: true
volumes:
- name: "ssl-certs"
hostPath:
path: "/usr/share/ca-certificates"
- name: "kubeconfig"
hostPath:
path: "/etc/kubernetes/worker-kubeconfig.yaml"
- name: "etc-kube-ssl"
hostPath:
path: "/etc/kubernetes/ssl"
行----master=https://需要https://当我只有IP 192.168.3.220时。下面是我的工作kube-proxy.yaml
apiVersion: v1
kind: Pod
metadata:
name: kube-proxy
namespace: kube-system
spec:
hostNetwork: true
containers:
- name: kube-proxy
image: quay.io/coreos/hyperkube:v1.6.1_coreos.0
command:
- /hyperkube
- proxy
- --master=https://192.168.3.240
- --kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml
- --proxy-mode=iptables
securityContext:
privileged: true
volumeMounts:
- mountPath: /etc/ssl/certs
name: "ssl-certs"
- mountPath: /etc/kubernetes/worker-kubeconfig.yaml
name: "kubeconfig"
readOnly: true
- mountPath: /etc/kubernetes/ssl
name: "etc-kube-ssl"
readOnly: true
volumes:
- name: "ssl-certs"
hostPath:
path: "/usr/share/ca-certificates"
- name: "kubeconfig"
hostPath:
path: "/etc/kubernetes/worker-kubeconfig.yaml"
- name: "etc-kube-ssl"
hostPath:
path: "/etc/kubernetes/ssl"
很好的指南在这方面只是有点误导,因为它之前的代码片段是/etc/systemd/system/kubelet.service--api servers=https://${MASTER\u HOST}\带有https://present,其中作为/etc/kubernetes/manifests/kube-proxy.yaml的yaml有---MASTER=${MASTER u HOST}没有https://前缀