Kubernetes Traefik无法在k8s api上读取
这是我第四次建立kubernetes集群。它总是相同的设置:基本的k8s,作为反向代理的traefik,仪表板,普罗米修斯,麋鹿堆栈。但这次traefik部署有些奇怪 因此,对于所有其他集群,我只是使用一些rbac条目部署了默认设置,一个包含toml文件的配置映射、实际部署、一个服务和web ui: RBAC: 配置映射:Kubernetes Traefik无法在k8s api上读取,kubernetes,rbac,traefik,Kubernetes,Rbac,Traefik,这是我第四次建立kubernetes集群。它总是相同的设置:基本的k8s,作为反向代理的traefik,仪表板,普罗米修斯,麋鹿堆栈。但这次traefik部署有些奇怪 因此,对于所有其他集群,我只是使用一些rbac条目部署了默认设置,一个包含toml文件的配置映射、实际部署、一个服务和web ui: RBAC: 配置映射: --- apiVersion: v1 kind: ConfigMap metadata: name: traefik-toml labels: name: t
---
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-toml
labels:
name: traefik-toml
namespace: infra
data:
traefik.toml: |-
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "/ssl/external/<EXTERNAL_URL>.crt"
KeyFile = "/ssl/external/<EXTERNAL_URL>.key"
[[entryPoints.https.tls.certificates]]
CertFile = "/ssl/internal/<INTERNAL_URL>.crt"
KeyFile = "/ssl/internal/<INTERNAL_URL>.key"
[accessLog]
有人知道吗?这是一个已知的问题吗?在这个话题上我找不到任何已知的问题
提前谢谢 我设法解决了这个问题: 问题在于更新的docker引擎设置了错误的iptables转发策略: 目前,我们有一个变通办法,那就是稳步地将该政策重新设定为可接受的政策
如果我们有一个真正的解决方案,我希望能记得回到这里发布:)看起来像是网络问题,你的网络工作正常吗,你能提供输出,
kubectl获取pods——所有的名称空间
?除了默认运行的pods和traefik ingress控制器之外,我没有运行的pods。这里的一切似乎都很好。你运行了很多系统吊舱,它们可能不健康。这就是为什么我要求你提供这些信息。对不起,我忘了这个。该问题与IP表中的某些docker配置有关。我将写一篇帖子,并将其标记为已回答。无论如何谢谢你的帮助:)嗨!你能分享你所做的步骤吗?我也使用了Vagrant,和你的错误一样。事实上,我的服务提供商帮我找到了并修复了它。这是我得到的唯一信息。他们告诉我,使用更新的docker引擎,这个问题应该得到解决。但我不确定情况是否已经如此。对不起,我帮不上什么忙了。。。
---
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-toml
labels:
name: traefik-toml
namespace: infra
data:
traefik.toml: |-
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "/ssl/external/<EXTERNAL_URL>.crt"
KeyFile = "/ssl/external/<EXTERNAL_URL>.key"
[[entryPoints.https.tls.certificates]]
CertFile = "/ssl/internal/<INTERNAL_URL>.crt"
KeyFile = "/ssl/internal/<INTERNAL_URL>.key"
[accessLog]
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: traefik-ingress-controller
namespace: infra
labels:
k8s-app: traefik-ingress-lb
spec:
replicas: 1
selector:
matchLabels:
k8s-app: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
containers:
- image: traefik:v1.6.5
name: traefik-ingress-lb
volumeMounts:
- mountPath: /ssl/external
name: ssl-external
- mountPath: /ssl/internal
name: ssl-internal
- name: traefik-toml
subPath: traefik.toml
mountPath: /config/traefik.toml
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: admin
containerPort: 8080
args:
- --configfile=/config/traefik.toml
- --api
- --kubernetes
- --logLevel=INFO
volumes:
- name: ssl-external
secret:
secretName: <EXTERNAL_URL>.cert
- name: ssl-internal
secret:
secretName: <INTERNAL_URL>.cert
- name: traefik-toml
configMap:
name: traefik-toml
---
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
namespace: infra
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: web
- protocol: TCP
port: 443
name: sweb
externalIPs:
- <WORKER IP 1>
- <WORKER IP 2>
E0827 14:29:49.566294 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Service: Get https://10.96.0.1:443/api/v1/services?limit=500&resourceVersion=0: dial tcp 10.96.0.1:443: i/o timeout
E0827 14:29:49.572633 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1.Endpoints: Get https://10.96.0.1:443/api/v1/endpoints?limit=500&resourceVersion=0: dial tcp 10.96.0.1:443: i/o timeout
E0827 14:29:49.592844 1 reflector.go:205] github.com/containous/traefik/vendor/k8s.io/client-go/informers/factory.go:86: Failed to list *v1beta1.Ingress: Get https://10.96.0.1:443/apis/extensions/v1beta1/ingresses?limit=500&resourceVersion=0: dial tcp 10.96.0.1:443: i/o timeout
time="2018-08-27T14:30:00Z" level=warning msg="Error checking new version: Get https://update.traefik.io/repos/containous/traefik/releases: dial tcp: i/o timeout"