Networking “印花布印花”;连接到数据存储时出错:连接被拒绝;
我使用以下命令在Ubuntu服务器上创建了一个集群:Networking “印花布印花”;连接到数据存储时出错:连接被拒绝;,networking,kubernetes,project-calico,Networking,Kubernetes,Project Calico,我使用以下命令在Ubuntu服务器上创建了一个集群: > kubeadm init --cri-socket /var/run/dockershim.sock --control-plane-endpoint servername.local --apiserver-cert-extra-sans servername.local 我加了印花布如下: > curl https://docs.projectcalico.org/manifests/calico.yaml -o cal
> kubeadm init --cri-socket /var/run/dockershim.sock --control-plane-endpoint servername.local --apiserver-cert-extra-sans servername.local
我加了印花布如下:
> curl https://docs.projectcalico.org/manifests/calico.yaml -o calico.yaml
> kubectl apply -f calico.yaml
印花布吊舱打印错误:
> kubectl --namespace kube-system logs calico-node-2cg7x
2021-01-05 16:34:46.846 [INFO][8] startup/startup.go 379: Early log level set to info
2021-01-05 16:34:46.846 [INFO][8] startup/startup.go 395: Using NODENAME environment for node name
2021-01-05 16:34:46.846 [INFO][8] startup/startup.go 407: Determined node name: servername
2021-01-05 16:34:46.847 [INFO][8] startup/startup.go 439: Checking datastore connection
2021-01-05 16:34:46.853 [INFO][8] startup/startup.go 454: Hit error connecting to datastore - retry error=Get "https://10.96.0.1:443/api/v1/nodes/foo": dial tcp 10.96.0.1:443: connect: connection refused
2021-01-05 16:34:47.859 [INFO][8] startup/startup.go 454: Hit error connecting to datastore - retry error=Get "https://10.96.0.1:443/api/v1/nodes/foo": dial tcp 10.96.0.1:443: connect: connection refused
2021-01-05 16:34:48.866 [INFO][8] startup/startup.go 454: Hit error connecting to datastore - retry error=Get "https://10.96.0.1:443/api/v1/nodes/foo": dial tcp 10.96.0.1:443: connect: connection refused
2021-01-05 16:34:49.872 [INFO][8] startup/startup.go 454: Hit error connecting to datastore - retry error=Get "https://10.96.0.1:443/api/v1/nodes/foo": dial tcp 10.96.0.1:443: connect: connection refused
2021-01-05 16:34:50.878 [INFO][8] startup/startup.go 454: Hit error connecting to datastore - retry error=Get "https://10.96.0.1:443/api/v1/nodes/foo": dial tcp 10.96.0.1:443: connect: connection refused
2021-01-05 16:34:51.884 [INFO][8] startup/startup.go 454: Hit error connecting to datastore - retry error=Get "https://10.96.0.1:443/api/v1/nodes/foo": dial tcp 10.96.0.1:443: connect: connection refused
2021-01-05 16:34:52.890 [INFO][8] startup/startup.go 454: Hit error connecting to datastore - retry error=Get "https://10.96.0.1:443/api/v1/nodes/foo": dial tcp 10.96.0.1:443: connect: connection refused
2021-01-05 16:34:53.896 [INFO][8] startup/startup.go 454: Hit error connecting to datastore - retry error=Get "https://10.96.0.1:443/api/v1/nodes/foo": dial tcp 10.96.0.1:443: connect: connection refused
我不知道什么是10.96.0.1
。它没有打开任何端口:
> ping 10.96.0.1 -c 1
PING 10.96.0.1 (10.96.0.1) 56(84) bytes of data.
64 bytes from 10.96.0.1: icmp_seq=1 ttl=248 time=5.62 ms
--- 10.96.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 5.621/5.621/5.621/0.000 ms
> nmap 10.96.0.1
Starting Nmap 7.60 ( https://nmap.org ) at 2021-01-05 17:37 CET
Nmap scan report for 10.96.0.1
Host is up (0.018s latency).
All 1000 scanned ports on 10.96.0.1 are closed
Nmap done: 1 IP address (1 host up) scanned in 1.62 seconds
pod实际上具有IP192.168.1.19
我做错了什么?原因是:kubernetes的iptables规则阻塞了连接,如下所示:
Chain KUBE-SERVICES (2 references)
pkts bytes target prot opt in out source destination
1773 106380 REJECT tcp -- * * 0.0.0.0/0 10.96.0.1 /* default/kubernetes:https has no endpoints */ tcp dpt:443 reject-with icmp-port-unreachable
原因是:kubernetes的iptables规则阻塞了连接,如下图:
Chain KUBE-SERVICES (2 references)
pkts bytes target prot opt in out source destination
1773 106380 REJECT tcp -- * * 0.0.0.0/0 10.96.0.1 /* default/kubernetes:https has no endpoints */ tcp dpt:443 reject-with icmp-port-unreachable
10.96.0.1是kube apiserver服务的IP。您能检查apiserver是否已启动并正在运行吗?是否有防火墙/代理可能会阻止连接?我遇到了完全相同的问题。我正在使用aws ec2,并使用公共dns作为控制平面端点。如果没有更多细节,很难说这里会出现什么问题。你能提供@MariuszK要求的信息吗:你能检查apiserver是否已经启动并运行吗?是否存在可能阻止连接的防火墙/代理?Apiserver已启动并运行,它可以在主机上启动calico node pod,但calico node无法将每个节点连接到Apiserver。我的节点位于具有公共地址的网关后面。“我的主节点是以控制平面端点作为dns地址设置的。@NishankSingla在其他人的dns地址下回答您的问题将是困难和混乱的。”。请在单独的线程中描述您的问题,以便社区能够帮助您。我们不应该在这里混为一谈。10.96.0.1是kube apiserver服务的IP。您能检查apiserver是否已启动并正在运行吗?是否有防火墙/代理可能会阻止连接?我遇到了完全相同的问题。我正在使用aws ec2,并使用公共dns作为控制平面端点。如果没有更多细节,很难说这里会出现什么问题。你能提供@MariuszK要求的信息吗:你能检查apiserver是否已经启动并运行吗?是否存在可能阻止连接的防火墙/代理?Apiserver已启动并运行,它可以在主机上启动calico node pod,但calico node无法将每个节点连接到Apiserver。我的节点位于具有公共地址的网关后面。“我的主节点是以控制平面端点作为dns地址设置的。@NishankSingla在其他人的dns地址下回答您的问题将是困难和混乱的。”。请在单独的线程中描述您的问题,以便社区能够帮助您。我们不应该把事情搞混。