Fatal编程技术网
  • kubernetes/
  • Kubernetes/CoresOS节点无法与ApiServer Kube代理通信

Kubernetes/CoresOS节点无法与ApiServer Kube代理通信

kubernetes

Kubernetes/CoresOS节点无法与ApiServer Kube代理通信,kubernetes,kube-proxy,Kubernetes,Kube Proxy,我按照本指南设置了Kubernetes网络,当我运行仪表板或DNS加载项时,它们在25秒后导致崩溃。然后,我遵循这一点,在执行时超时 kubectl exec test-701078429-s5kca——旋度-k 注意:如果我执行了kubectl exec test-701078429-s5kca--curl-k,它就工作了(公共IP) 另外,如果我在主节点上执行curl-k,也可以工作 因此,问题在于10.2.0.0/16上的Kubelets无法与10.3.0.1/24上的api服务器通信,这

我按照本指南设置了Kubernetes网络,当我运行仪表板或DNS加载项时,它们在25秒后导致崩溃。然后,我遵循这一点,在执行时超时

kubectl exec test-701078429-s5kca——旋度-k

注意:如果我执行了kubectl exec test-701078429-s5kca--curl-k,它就工作了(公共IP)

另外,如果我在主节点上执行curl-k,也可以工作

因此,问题在于10.2.0.0/16上的Kubelets无法与10.3.0.1/24上的api服务器通信,这表明这可能是kube代理问题。仅供参考:我可以使用10.2.x.x成功地从一台机器上的一个节点内部ping到另一台机器上的另一个节点。问题是kubelets/etc/kubernetes/manifests/kube-proxy.yaml中的配置问题

    apiVersion: v1
    kind: Pod
    metadata:
      name: kube-proxy
      namespace: kube-system
    spec:
      hostNetwork: true
      containers:
      - name: kube-proxy
        image: quay.io/coreos/hyperkube:v1.6.1_coreos.0
        command:
        - /hyperkube
        - proxy
        - --master=https://192.168.3.240
        - --kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml
        - --proxy-mode=iptables
        securityContext:
          privileged: true
        volumeMounts:
        - mountPath: /etc/ssl/certs
          name: "ssl-certs"
        - mountPath: /etc/kubernetes/worker-kubeconfig.yaml
          name: "kubeconfig"
          readOnly: true
        - mountPath: /etc/kubernetes/ssl
          name: "etc-kube-ssl"
          readOnly: true
      volumes:
      - name: "ssl-certs"
        hostPath:
          path: "/usr/share/ca-certificates"
      - name: "kubeconfig"
        hostPath:
          path: "/etc/kubernetes/worker-kubeconfig.yaml"
      - name: "etc-kube-ssl"
        hostPath:
          path: "/etc/kubernetes/ssl"
行----master=https://需要https://当我只有IP 192.168.3.220时。下面是我的工作kube-proxy.yaml

    apiVersion: v1
    kind: Pod
    metadata:
      name: kube-proxy
      namespace: kube-system
    spec:
      hostNetwork: true
      containers:
      - name: kube-proxy
        image: quay.io/coreos/hyperkube:v1.6.1_coreos.0
        command:
        - /hyperkube
        - proxy
        - --master=https://192.168.3.240
        - --kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml
        - --proxy-mode=iptables
        securityContext:
          privileged: true
        volumeMounts:
        - mountPath: /etc/ssl/certs
          name: "ssl-certs"
        - mountPath: /etc/kubernetes/worker-kubeconfig.yaml
          name: "kubeconfig"
          readOnly: true
        - mountPath: /etc/kubernetes/ssl
          name: "etc-kube-ssl"
          readOnly: true
      volumes:
      - name: "ssl-certs"
        hostPath:
          path: "/usr/share/ca-certificates"
      - name: "kubeconfig"
        hostPath:
          path: "/etc/kubernetes/worker-kubeconfig.yaml"
      - name: "etc-kube-ssl"
        hostPath:
          path: "/etc/kubernetes/ssl"
很好的指南在这方面只是有点误导,因为它之前的代码片段是/etc/systemd/system/kubelet.service--api servers=https://${MASTER\u HOST}\带有https://present,其中作为/etc/kubernetes/manifests/kube-proxy.yaml的yaml有---MASTER=${MASTER u HOST}没有https://前缀