kubernetes - 无法访问在 kubernetes 的 coreos 中安装法兰绒的容器
问题描述
我无法访问我的 coreos Kubernetes 基础架构部署的 Pod/容器。这个 Kubernetes 是使用点火部署的。我使用以下配置配置法兰绒:
[Unit]
Description=flannel - Network fabric for containers (System Application Container)
Documentation=https://github.com/coreos/flannel
After=etcd.service etcd2.service etcd-member.service
Requires=flannel-docker-opts.service
Requires=certs.service
After=certs.service
[Install]
WantedBy=multi-user.target
[Service]
Type=notify
Restart=always
RestartSec=10s
TimeoutStartSec=300s
LimitNOFILE=40000
LimitNPROC=1048576
EnvironmentFile=/etc/whoami
EnvironmentFile=/opt/env
EnvironmentFile=-/run/flannel/options.env
Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/flannel-wrapper.uuid\
--volume=etc-resolv-conf,kind=host,source=/etc/resolv.conf\
--mount=volume=etc-resolv-conf,target=/etc/resolv.conf"
Environment="ETCD_SSL_DIR=/etc/kubernetes/ssl"
Environment="FLANNEL_IMAGE_TAG=v0.9.1"
Environment="FLANNEL_OPTS=\
--etcd-cafile=/etc/kubernetes/ssl/ca.pem \
--etcd-certfile=/etc/kubernetes/ssl/apiserver.pem \
--etcd-keyfile=/etc/kubernetes/ssl/apiserver-key.pem"
ExecStartPre=/sbin/modprobe ip_tables
ExecStartPre=/usr/bin/mkdir --parents /var/lib/coreos /run/flannel
ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/lib/coreos/flannel-wrapper.uuid
ExecStartPre=/bin/env
ExecStartPre=/usr/bin/etcdctl --endpoints=https://${MASTER_DNS}:2379 \
--ca-file=/etc/kubernetes/ssl/ca.pem \
--cert-file=/etc/kubernetes/ssl/apiserver.pem \
--key-file=/etc/kubernetes/ssl/apiserver-key.pem \
set /coreos.com/network/config "{ \"Network\": \"10.1.0.0/16\", \"Backend\": {\"Type\": \"vxlan\"} }"
ExecStart=/usr/lib/coreos/flannel-wrapper --etcd-endpoints=https://${MASTER_DNS}:2379 $FLANNEL_OPTS
ExecStop=-/usr/bin/rkt stop --uuid-file=/var/lib/coreos/flannel-wrapper.uuid
Kube-apiserver 运行起来:
systemctl status kube-apiserver
● kube-apiserver.service - kube-apiserver
Loaded: loaded (/etc/systemd/system/kube-apiserver.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-08-01 10:44:12 UTC; 4min 20s ago
Docs: http://kubernetes.io/docs/
Process: 883 ExecStartPre=/usr/bin/rkt rm --uuid-file=/opt/rstor/kube-apiserver.uuid (code=exited, status=0/SUCCESS)
Process: 877 ExecStartPre=/bin/env (code=exited, status=0/SUCCESS)
Main PID: 932 (apiserver)
Tasks: 7 (limit: 7571)
Memory: 232.0M
CGroup: /system.slice/kube-apiserver.service
└─932 /apiserver --allow-privileged=true --anonymous-auth=false --advertise-address=172.31.100.113 --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,Resourc>
Aug 01 10:48:30 rstor-172-31-100-113 kubelet-wrapper[932]: I0801 10:48:30.772358 932 wrap.go:42] GET /api/v1/namespaces/kube-system/endpoints/kube-scheduler: (1.410324ms) 200 [[scheduler/v1.9.0+coreo>
Aug 01 10:48:30 rstor-172-31-100-113 kubelet-wrapper[932]: I0801 10:48:30.775532 932 wrap.go:42] PUT /api/v1/namespaces/kube-system/endpoints/kube-scheduler: (2.142835ms) 200 [[scheduler/v1.9.0+coreo>
Aug 01 10:48:31 rstor-172-31-100-113 kubelet-wrapper[932]: I0801 10:48:31.174490 932 wrap.go:42] GET /api/v1/namespaces/kube-system/endpoints/kube-controller-manager: (1.469425ms) 200 [[controller-ma>
Aug 01 10:48:31 rstor-172-31-100-113 kubelet-wrapper[932]: I0801 10:48:31.177207 932 wrap.go:42] PUT /api/v1/namespaces/kube-system/endpoints/kube-controller-manager: (2.072488ms) 200 [[controller-ma>
Aug 01 10:48:31 rstor-172-31-100-113 kubelet-wrapper[932]: I0801 10:48:31.548160 932 wrap.go:42] GET /api/v1/namespaces/fe763072-5/secrets/default-token-vcfx6?resourceVersion=0:
kubectl 获取节点:
NAME STATUS ROLES AGE VERSION
172.31.100.113 Ready <none> 5m v1.9.0+coreos.0
kubectl 获取 pods --all-namespaces -o 宽:
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE
default nginx-8586cf59-672n2 1/1 Running 0 27s 10.1.96.4 172.31.100.113
我可以正确地创建部署并创建它的容器并为我提供 IP,但是当我 ping 到该 IP 时会得到:
From 10.1.65.1 icmp_seq=1 Destination Host Unreachable
我什至无法使用 tcp 应用 readinnes/liveness 探针:
curl 10.1.65.8
curl: (7) Failed to connect to 10.1.65.8 port 80: No route to host
我究竟做错了什么?
解决方案
推荐阅读
- stored-procedures - 存储过程分析
- java - iText7.1.11 - 需要 BouncyCastle JAR 吗?
- sails.js - 有没有办法用自定义控制器覆盖sails.js 水线端点,但保持内置分页和过滤?
- r - lm() 和 geom_smooth() 的参数是否相同?
- r - 如何在因子变量中获取特定列?
- elasticsearch - GKE Elastic Search 只制作了 pod,但没有进行任何部署
- python - python中两个函数或两个类如何相互调用
- dataframe - spark数据帧的分区数?
- security - 如何在销售模块中添加额外的权限
- python - 如何在字典中的给定键处找到值的总和?