Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/kubernetes/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Kubernetes Traefik无法在k8s api上读取_Kubernetes_Rbac_Traefik - Fatal编程技术网
Fatal编程技术网
  • kubernetes/
  • Kubernetes Traefik无法在k8s api上读取

Kubernetes Traefik无法在k8s api上读取

kubernetes

Kubernetes Traefik无法在k8s api上读取,kubernetes,rbac,traefik,Kubernetes,Rbac,Traefik,这是我第四次建立kubernetes集群。它总是相同的设置:基本的k8s,作为反向代理的traefik,仪表板,普罗米修斯,麋鹿堆栈。但这次traefik部署有些奇怪 因此,对于所有其他集群,我只是使用一些rbac条目部署了默认设置,一个包含toml文件的配置映射、实际部署、一个服务和web ui: RBAC: 配置映射: --- apiVersion: v1 kind: ConfigMap metadata: name: traefik-toml labels: name: t

这是我第四次建立kubernetes集群。它总是相同的设置:基本的k8s,作为反向代理的traefik,仪表板,普罗米修斯,麋鹿堆栈。但这次traefik部署有些奇怪

因此,对于所有其他集群,我只是使用一些rbac条目部署了默认设置,一个包含toml文件的配置映射、实际部署、一个服务和web ui:

RBAC:

配置映射:

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: traefik-toml
  labels:
    name: traefik-toml
  namespace: infra
data:
  traefik.toml: |-
    defaultEntryPoints = ["http","https"]
    [entryPoints]
      [entryPoints.http]
      address = ":80"
        [entryPoints.http.redirect]
          entryPoint = "https"
      [entryPoints.https]
      address = ":443"
        [entryPoints.https.tls]
          [[entryPoints.https.tls.certificates]]
          CertFile = "/ssl/external/<EXTERNAL_URL>.crt"
          KeyFile = "/ssl/external/<EXTERNAL_URL>.key"
          [[entryPoints.https.tls.certificates]]
          CertFile = "/ssl/internal/<INTERNAL_URL>.crt"
          KeyFile = "/ssl/internal/<INTERNAL_URL>.key"
    [accessLog]
有人知道吗?这是一个已知的问题吗?在这个话题上我找不到任何已知的问题

提前谢谢

我设法解决了这个问题:

问题在于更新的docker引擎设置了错误的iptables转发策略:

目前,我们有一个变通办法,那就是稳步地将该政策重新设定为可接受的政策

如果我们有一个真正的解决方案,我希望能记得回到这里发布:)

看起来像是网络问题,你的网络工作正常吗,你能提供输出,
kubectl获取pods——所有的名称空间
?除了默认运行的pods和traefik ingress控制器之外,我没有运行的pods。这里的一切似乎都很好。你运行了很多系统吊舱,它们可能不健康。这就是为什么我要求你提供这些信息。对不起,我忘了这个。该问题与IP表中的某些docker配置有关。我将写一篇帖子,并将其标记为已回答。无论如何谢谢你的帮助:)嗨!你能分享你所做的步骤吗?我也使用了Vagrant,和你的错误一样。事实上,我的服务提供商帮我找到了并修复了它。这是我得到的唯一信息。他们告诉我,使用更新的docker引擎,这个问题应该得到解决。但我不确定情况是否已经如此。对不起,我帮不上什么忙了。。。 
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: traefik-toml
  labels:
    name: traefik-toml
  namespace: infra
data:
  traefik.toml: |-
    defaultEntryPoints = ["http","https"]
    [entryPoints]
      [entryPoints.http]
      address = ":80"
        [entryPoints.http.redirect]
          entryPoint = "https"
      [entryPoints.https]
      address = ":443"
        [entryPoints.https.tls]
          [[entryPoints.https.tls.certificates]]
          CertFile = "/ssl/external/<EXTERNAL_URL>.crt"
          KeyFile = "/ssl/external/<EXTERNAL_URL>.key"
          [[entryPoints.https.tls.certificates]]
          CertFile = "/ssl/internal/<INTERNAL_URL>.crt"
          KeyFile = "/ssl/internal/<INTERNAL_URL>.key"
    [accessLog]

---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: traefik-ingress-controller
  namespace: infra
  labels:
    k8s-app: traefik-ingress-lb
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: traefik-ingress-lb
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      containers:
      - image: traefik:v1.6.5
        name: traefik-ingress-lb
        volumeMounts:
        - mountPath: /ssl/external
          name: ssl-external
        - mountPath: /ssl/internal
          name: ssl-internal
        - name: traefik-toml
          subPath: traefik.toml
          mountPath: /config/traefik.toml
        ports:
        - name: http
          containerPort: 80
        - name: https
          containerPort: 443
        - name: admin
          containerPort: 8080
        args:
        - --configfile=/config/traefik.toml
        - --api
        - --kubernetes
        - --logLevel=INFO
      volumes:
      - name: ssl-external
        secret:
          secretName: <EXTERNAL_URL>.cert
      - name: ssl-internal
        secret:
          secretName: <INTERNAL_URL>.cert
      - name: traefik-toml
        configMap:
          name: traefik-toml

---
kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-service
  namespace: infra
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      port: 80
      name: web
    - protocol: TCP
      port: 443
      name: sweb
  externalIPs:
    - <WORKER IP 1>
    - <WORKER IP 2>

E0827 14:29:49.566294       1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Service: Get https://10.96.0.1:443/api/v1/services?limit=500&resourceVersion=0: dial tcp 10.96.0.1:443: i/o timeout                                                       
E0827 14:29:49.572633       1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Endpoints: Get https://10.96.0.1:443/api/v1/endpoints?limit=500&resourceVersion=0: dial tcp 10.96.0.1:443: i/o timeout                                                    
E0827 14:29:49.592844       1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1beta1.Ingress: Get https://10.96.0.1:443/apis/extensions/v1beta1/ingresses?limit=500&resourceVersion=0: dial tcp 10.96.0.1:443: i/o timeout                                
time="2018-08-27T14:30:00Z" level=warning msg="Error checking new version: Get https://update.traefik.io/repos/containous/traefik/releases: dial tcp: i/o timeout"