Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/kubernetes/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Networking “印花布印花”;连接到数据存储时出错:连接被拒绝;_Networking_Kubernetes_Project Calico - Fatal编程技术网
Fatal编程技术网
  • networking/
  • Networking “印花布印花”;连接到数据存储时出错:连接被拒绝;

Networking “印花布印花”;连接到数据存储时出错:连接被拒绝;

networking kubernetes

Networking “印花布印花”;连接到数据存储时出错:连接被拒绝;,networking,kubernetes,project-calico,Networking,Kubernetes,Project Calico,我使用以下命令在Ubuntu服务器上创建了一个集群: > kubeadm init --cri-socket /var/run/dockershim.sock --control-plane-endpoint servername.local --apiserver-cert-extra-sans servername.local 我加了印花布如下: > curl https://docs.projectcalico.org/manifests/calico.yaml -o cal

我使用以下命令在Ubuntu服务器上创建了一个集群:

> kubeadm init --cri-socket /var/run/dockershim.sock --control-plane-endpoint servername.local --apiserver-cert-extra-sans servername.local
我加了印花布如下:

> curl https://docs.projectcalico.org/manifests/calico.yaml -o calico.yaml
> kubectl apply -f calico.yaml
印花布吊舱打印错误:

> kubectl --namespace kube-system logs calico-node-2cg7x
2021-01-05 16:34:46.846 [INFO][8] startup/startup.go 379: Early log level set to info
2021-01-05 16:34:46.846 [INFO][8] startup/startup.go 395: Using NODENAME environment for node name
2021-01-05 16:34:46.846 [INFO][8] startup/startup.go 407: Determined node name: servername
2021-01-05 16:34:46.847 [INFO][8] startup/startup.go 439: Checking datastore connection
2021-01-05 16:34:46.853 [INFO][8] startup/startup.go 454: Hit error connecting to datastore - retry error=Get "https://10.96.0.1:443/api/v1/nodes/foo": dial tcp 10.96.0.1:443: connect: connection refused
2021-01-05 16:34:47.859 [INFO][8] startup/startup.go 454: Hit error connecting to datastore - retry error=Get "https://10.96.0.1:443/api/v1/nodes/foo": dial tcp 10.96.0.1:443: connect: connection refused
2021-01-05 16:34:48.866 [INFO][8] startup/startup.go 454: Hit error connecting to datastore - retry error=Get "https://10.96.0.1:443/api/v1/nodes/foo": dial tcp 10.96.0.1:443: connect: connection refused
2021-01-05 16:34:49.872 [INFO][8] startup/startup.go 454: Hit error connecting to datastore - retry error=Get "https://10.96.0.1:443/api/v1/nodes/foo": dial tcp 10.96.0.1:443: connect: connection refused
2021-01-05 16:34:50.878 [INFO][8] startup/startup.go 454: Hit error connecting to datastore - retry error=Get "https://10.96.0.1:443/api/v1/nodes/foo": dial tcp 10.96.0.1:443: connect: connection refused
2021-01-05 16:34:51.884 [INFO][8] startup/startup.go 454: Hit error connecting to datastore - retry error=Get "https://10.96.0.1:443/api/v1/nodes/foo": dial tcp 10.96.0.1:443: connect: connection refused
2021-01-05 16:34:52.890 [INFO][8] startup/startup.go 454: Hit error connecting to datastore - retry error=Get "https://10.96.0.1:443/api/v1/nodes/foo": dial tcp 10.96.0.1:443: connect: connection refused
2021-01-05 16:34:53.896 [INFO][8] startup/startup.go 454: Hit error connecting to datastore - retry error=Get "https://10.96.0.1:443/api/v1/nodes/foo": dial tcp 10.96.0.1:443: connect: connection refused
我不知道什么是
10.96.0.1
。它没有打开任何端口:

> ping 10.96.0.1 -c 1
PING 10.96.0.1 (10.96.0.1) 56(84) bytes of data.
64 bytes from 10.96.0.1: icmp_seq=1 ttl=248 time=5.62 ms

--- 10.96.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 5.621/5.621/5.621/0.000 ms

> nmap 10.96.0.1

Starting Nmap 7.60 ( https://nmap.org ) at 2021-01-05 17:37 CET
Nmap scan report for 10.96.0.1
Host is up (0.018s latency).
All 1000 scanned ports on 10.96.0.1 are closed

Nmap done: 1 IP address (1 host up) scanned in 1.62 seconds
pod实际上具有IP
192.168.1.19

我做错了什么?

原因是:kubernetes的iptables规则阻塞了连接,如下所示:

Chain KUBE-SERVICES (2 references)
pkts    bytes target     prot opt in     out     source               destination
1773   106380 REJECT     tcp  --  *      *       0.0.0.0/0            10.96.0.1            /* default/kubernetes:https has no endpoints */ tcp dpt:443 reject-with icmp-port-unreachable
原因是:kubernetes的iptables规则阻塞了连接,如下图:

Chain KUBE-SERVICES (2 references)
pkts    bytes target     prot opt in     out     source               destination
1773   106380 REJECT     tcp  --  *      *       0.0.0.0/0            10.96.0.1            /* default/kubernetes:https has no endpoints */ tcp dpt:443 reject-with icmp-port-unreachable
10.96.0.1是kube apiserver服务的IP。您能检查apiserver是否已启动并正在运行吗?是否有防火墙/代理可能会阻止连接?我遇到了完全相同的问题。我正在使用aws ec2,并使用公共dns作为控制平面端点。如果没有更多细节,很难说这里会出现什么问题。你能提供@MariuszK要求的信息吗:你能检查apiserver是否已经启动并运行吗?是否存在可能阻止连接的防火墙/代理?Apiserver已启动并运行,它可以在主机上启动calico node pod,但calico node无法将每个节点连接到Apiserver。我的节点位于具有公共地址的网关后面。“我的主节点是以控制平面端点作为dns地址设置的。@NishankSingla在其他人的dns地址下回答您的问题将是困难和混乱的。”。请在单独的线程中描述您的问题,以便社区能够帮助您。我们不应该在这里混为一谈。10.96.0.1是kube apiserver服务的IP。您能检查apiserver是否已启动并正在运行吗?是否有防火墙/代理可能会阻止连接?我遇到了完全相同的问题。我正在使用aws ec2,并使用公共dns作为控制平面端点。如果没有更多细节,很难说这里会出现什么问题。你能提供@MariuszK要求的信息吗:你能检查apiserver是否已经启动并运行吗?是否存在可能阻止连接的防火墙/代理?Apiserver已启动并运行,它可以在主机上启动calico node pod,但calico node无法将每个节点连接到Apiserver。我的节点位于具有公共地址的网关后面。“我的主节点是以控制平面端点作为dns地址设置的。@NishankSingla在其他人的dns地址下回答您的问题将是困难和混乱的。”。请在单独的线程中描述您的问题,以便社区能够帮助您。我们不应该把事情搞混。