Kubernetes api/仪表板问题
我也在serverfault上发布了这篇文章,但希望能在这里获得更多的意见/反馈: 尝试使用Kubernetes api/仪表板问题,kubernetes,dashboard,kubeadm,Kubernetes,Dashboard,Kubeadm,我也在serverfault上发布了这篇文章,但希望能在这里获得更多的意见/反馈: 尝试使用kubectl代理进行远程访问,使仪表板UI在kubeadm集群中工作。得到 Error: 'dial tcp 192.168.2.3:8443: connect: connection refused' Trying to reach: 'https://192.168.2.3:8443/' 访问http://localhost:8001/api/v1/namespaces/kube-系统/服务/ht
kubectl代理kubeadmError: 'dial tcp 192.168.2.3:8443: connect: connection refused'
Trying to reach: 'https://192.168.2.3:8443/'
http://localhost:8001/api/v1/namespaces/kube-系统/服务/https:kubernetes仪表板:/proxy/I1215 20:18:46.601151 1 log.go:172] http: TLS handshake error from 10.21.72.28:50268: remote error: tls: unknown certificate authority
I1215 20:19:15.444580 1 log.go:172] http: TLS handshake error from 10.21.72.28:50271: remote error: tls: unknown certificate authority
I1215 20:19:31.850501 1 log.go:172] http: TLS handshake error from 10.21.72.28:50275: remote error: tls: unknown certificate authority
I1215 20:55:55.574729 1 log.go:172] http: TLS handshake error from 10.21.72.28:50860: remote error: tls: unknown certificate authority
E1215 21:19:47.246642 1 watch.go:233] unable to encode watch object *v1.WatchEvent: write tcp 134.84.53.162:6443->134.84.53.163:38894: write: connection timed out (&streaming.encoder{writer:(*metrics.fancyResponseWriterDelegator)(0xc42d6fecb0), encoder:(*versioning.codec)(0xc429276990), buf:(*bytes.Buffer)(0xc42cae68c0)})
[gms@thalia0 ~]$ kubectl describe pod kubernetes-dashboard-77fd78f978-tjzxt --namespace=kube-system
Name: kubernetes-dashboard-77fd78f978-tjzxt
Namespace: kube-system
Priority: 0
PriorityClassName: <none>
Node: thalia2.hostdoman/hostip<redacted>
Start Time: Sat, 15 Dec 2018 15:17:57 -0600
Labels: k8s-app=kubernetes-dashboard
pod-template-hash=77fd78f978
Annotations: cni.projectcalico.org/podIP: 192.168.2.3/32
Status: Running
IP: 192.168.2.3
Controlled By: ReplicaSet/kubernetes-dashboard-77fd78f978
Containers:
kubernetes-dashboard:
Container ID: docker://ed5ff580fb7d7b649d2bd1734e5fd80f97c80dec5c8e3b2808d33b8f92e7b472
Image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
Image ID: docker-pullable://k8s.gcr.io/kubernetes-dashboard-amd64@sha256:1d2e1229a918f4bc38b5a3f9f5f11302b3e71f8397b492afac7f273a0008776a
Port: 8443/TCP
Host Port: 0/TCP
Args:
--auto-generate-certificates
State: Running
Started: Sat, 15 Dec 2018 15:18:04 -0600
Ready: True
Restart Count: 0
Liveness: http-get https://:8443/ delay=30s timeout=30s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/certs from kubernetes-dashboard-certs (rw)
/tmp from tmp-volume (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kubernetes-dashboard-token-mrd9k (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kubernetes-dashboard-certs:
Type: Secret (a volume populated by a Secret)
SecretName: kubernetes-dashboard-certs
Optional: false
tmp-volume:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
kubernetes-dashboard-token-mrd9k:
Type: Secret (a volume populated by a Secret)
SecretName: kubernetes-dashboard-token-mrd9k
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node-role.kubernetes.io/master:NoSchedule
node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events: <none>
[gms@thalia0~]$kubectl描述pod kubernetes-dashboard-77fd78f978-tjzxt--namespace=kube系统
名称:kubernetes-dashboard-77fd78f978-tjzxt
名称空间:kube系统
优先级:0
PriorityClassName:
节点:thalia2.hostdoman/hostip
开始时间:2018年12月15日星期六15:17:57-0600
标签:k8s app=kubernetes仪表板
pod模板哈希=77fd78f978
注释:cni.projectcalico.org/podIP:192.168.2.3/32
状态:正在运行
IP:192.168.2.3
控制人:ReplicaSet/kubernetes-dashboard-77fd78f978
容器:
kubernetes仪表板:
容器ID:docker://ed5ff580fb7d7b649d2bd1734e5fd80f97c80dec5c8e3b2808d33b8f92e7b472
图片:k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
图像ID:docker-pullable://k8s.gcr.io/kubernetes-dashboard-amd64@sha256:1d2e1229a918f4bc38b5a3f9f5f11302b3e71f8397b492afac7f273a0008776a
端口:8443/TCP
主机端口:0/TCP
Args:
--自动生成证书
状态:正在运行
开始时间:2018年12月15日星期六15:18:04-0600
准备好了吗
重新启动计数:0
活跃度:http get https://:8443/延迟=30s超时=30s周期=10s#成功=1#失败=3
环境:
挂载:
/来自kubernetes仪表板证书(rw)的证书
/来自tmp卷(rw)的tmp
/来自kubernetes-dashboard-token-mrd9k(ro)的var/run/secrets/kubernetes.io/serviceCount
条件:
类型状态
初始化为True
准备好了吗
集装箱准备好了吗
播客预定为真
卷数:
kubernetes仪表板证书:
类型:Secret(由Secret填充的卷)
SecretName:kubernetes仪表板证书
可选:false
tmp卷:
类型:EmptyDir(共享pod生存期的临时目录)
中等:
kubernetes-dashboard-token-mrd9k:
类型:Secret(由Secret填充的卷)
SecretName:kubernetes-dashboard-token-mrd9k
可选:false
QoS等级:最佳努力
节点选择器:
容差:节点角色.kubernetes.io/master:NoSchedule
node.kubernetes.io/not ready:NoExecute持续300秒
node.kubernetes.io/不可访问:不执行300秒
活动:
[gms@thalia0 ~]$ kubectl -n kube-system get service kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard ClusterIP 10.103.93.93 <none> 443/TCP 4d23h
[gms@thalia0~]$kubectl-n kube系统获取服务kubernetes仪表板
名称类型CLUSTER-IP外部IP端口年龄
kubernetes仪表盘群集IP 10.103.93.93 443/TCP 4d23h
curlhttp://localhost:8001/api我刚刚将集群升级到1.13.1,希望这个问题能够得到解决,但遗憾的是,没有。当您使用kubectl proxy时,默认端口8001只能从本地主机访问。如果ssh到安装kubernetes的机器,则必须将此端口映射到笔记本电脑或用于ssh的任何设备 您可以通过以下方式ssh到主节点并将8001端口映射到localbox:
ssh -L 8001:localhost:8001 hostname@master_node_IP
在执行kubectl代理时,默认端口8001只能从本地主机访问。如果ssh到安装kubernetes的机器,则必须将此端口映射到笔记本电脑或用于ssh的任何设备 您可以通过以下方式ssh到主节点并将8001端口映射到localbox:
ssh -L 8001:localhost:8001 hostname@master_node_IP
我将群集中的所有节点升级到1.13.1版,瞧,仪表板现在可以工作了,到目前为止,我还没有应用上面提到的CoreDNS修复。我将群集中的所有节点升级到1.13.1版,瞧,仪表板现在可以工作了,到目前为止,我还没有应用上面提到的CoreDNS修复。是的,我这样做了。我有解决方案,将在适当的时候发布。现在我正在处理一个更糟糕的问题。谢谢是的,我这样做。我有解决方案,将在适当的时候发布。现在我正在处理一个更糟糕的问题。谢谢