堆栈内存溢出
  简体   繁体   English

kubectl代理无法与API服务器通信

[英]kubectl proxy can't talk to API server

 原文  2019-03-27 20:05:05       networking/ kubernetes/ marathon/ dcos

问题描述

I'm having a problem with kubectl proxy on a fresh install. 我在全新安装时kubectl proxy问题。

When I browse to http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ I get a 503 response. 当我浏览到http:// localhost:8001 / api / v1 / namespaces / kube-system / services / https:kubernetes-dashboard:/ proxy /我得到503响应。 It seems that the proxy isn't able to reach the kubernetes API even though other commands can. 似乎代理无法访问kubernetes API,即使其他命令可以。

Kubernetes runs in DC/OS with package 1.3.1-1.10.8. Kubernetes使用软件包1.3.1-1.10.8在DC / OS中运行。 Both kubectl and Kubernetes are version 1.10.8. kubectl和Kubernetes都是版本1.10.8。 There's a load balancer configured in dc/os to expose the API. 在dc / os中配置了负载均衡器以公开API。

The LB definition is from the kubernetes on dcos help page . LB定义来自dcos帮助页面上kubernetes I added "HAPROXY_0_VHOST": "k8s-proxy.dcos.<domain>.com" to the labels. 我在标签上添加了"HAPROXY_0_VHOST": "k8s-proxy.dcos.<domain>.com" 

$ kubectl cluster-info
Kubernetes master is running at https://k8s-proxy.dcos.<domain>.com
KubeDNS is running at https://k8s-proxy.dcos.<domain>.com/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

I ran kubectl proxy in verbose output mode to see what call it was trying to make. 我在详细输出模式下运行kubectl proxy以查看它正在尝试进行的调用。 It got a 503 response. 得到了503回复。 

$ kubectl proxy --insecure-skip-tls-verify=true --alsologtostderr=true -v=99
I0327 12:26:45.461259   19980 loader.go:357] Config loaded from file U:\/.kube/config
Starting to serve on 127.0.0.1:8001
I0327 12:26:56.200819   19980 proxy_server.go:98] /api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ matched ^.*
I0327 12:26:56.200819   19980 proxy_server.go:98] localhost matched ^localhost$
I0327 12:26:56.200819   19980 proxy_server.go:138] Filter accepting GET /api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ localhost
I0327 12:26:56.200819   19980 upgradeaware.go:237] Request was not an upgrade
I0327 12:26:56.200819   19980 round_trippers.go:387] curl -k -v -XGET  -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8" -H "Cache-Control: max-age=0" -H "User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36" -H "Authorization: Bearer <my_token>" -H "X-Forwarded-For: 127.0.0.1" -H "Accept-Language: en-US,en;q=0.9" -H "Dnt: 1" -H "Accept-Encoding: gzip, deflate, br" -H "Upgrade-Insecure-Requests: 1" https://k8s-proxy.dcos.<domain>.com/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
I0327 12:26:56.313141   19980 round_trippers.go:406] GET https://k8s-proxy.dcos.<domain>.com/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ 503 Service Unavailable in 112 milliseconds
I0327 12:26:56.313141   19980 round_trippers.go:412] Response Headers:
I0327 12:26:56.313141   19980 round_trippers.go:415]     Cache-Control: no-cache
I0327 12:26:56.313141   19980 round_trippers.go:415]     Content-Type: text/html

In the same shell I tried running the curl that the proxy runs. 在同一个shell中,我尝试运行代理运行的curl。 It got a 200 instead of a 503. 它得到了200而不是503。 

$ curl -k -v -XGET  -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8" -H "Cache-Control: max-age=0" -H "User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36" -H "Authorization: Bearer <my_token>" -H "X-Forwarded-For: 127.0.0.1" -H "Accept-Language: en-US,en;q=0.9" -H "Dnt: 1" -H "Accept-Encoding: gzip, deflate, br" -H "Upgrade-Insecure-Requests: 1" https://k8s-proxy.dcos.<domain>.com/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

[...]
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Cache-Control: no-store
< Content-Encoding: gzip
< Content-Type: text/html; charset=utf-8
< Date: Wed, 27 Mar 2019 19:30:24 GMT
< Last-Modified: Fri, 24 Aug 2018 05:39:29 GMT
< Content-Length: 529
[...]

I expected to be able to access my cluster but valid requests are returning a 503. Other kubectl commands work fine. 我希望能够访问我的群集,但有效请求返回503.其他kubectl命令工作正常。 This is not a problem that's specific to the dashboard. 这不是仪表板特有的问题。

1 个解决方案

解决方案1
 0  2019-05-22 08:17:00

The most common issue, while deploying dashboard is missing to grant privileges to the service account to manage secretes in kube-system namespace. 最常见的问题是,在部署仪表板时缺少授予服务帐户权限以管理kube-system命名空间中的密钥。 More details here 更多细节在这里

This is causing dashboard pod to fall into crashloopbackoff and consequently, lack of endpoint for your dashboard service. 这导致仪表板pod陷入crashloopbackoff ,因此缺少仪表板服务的端点。

So the first step to troubleshoot it is to check endpoints 因此,对其进行故障排除的第一步是检查端点 

kubectl get ep -n kube-system kubernetes-dashboard

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Kubectl:通过公司支持SSL的代理访问AKS(Kubernetes)公共API端点 - Kubectl: Accessing the AKS (Kubernetes) public API endpoint through a corporate SSL-aware proxy 从服务器A到服务器B没有流量(反之亦然),但是所有其他服务器都可以与它们通信(反之亦然) - No traffic from Server A to Server B (and vise versa) but all other servers can talk to them (and vise versa) 允许客户端按顺序与服务器对话 - Allowing clients to talk to the server in order 外部 Web 服务器无法与 EC2 Flask API 通信 - External Web Server can't communicate with EC2 flask API 无法从archlinux服务器联系google api - google api can't be contacted from archlinux server 让iOS应用与我的家庭服务器通话 - Getting iOS app to talk to my home server C#UDP服务器与客户端对话 - C# UDP Server talk with Client 我们如何设置代理服务器处理UDP数据包? - how can we set up Proxy server dealing with UDP packets? 有谁知道facebook移动应用程序如何与服务器对话? - Is there anyone knows how facebook mobile app talk to the server? UDP打孔。 让服务器与客户交谈 - UDP hole punching. Have server talk to client
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM