[英]init a kubernetes cluster with kubeadm but public IP on aws
[英]Fail to init aws cluster (kubeadm init) with the message "could not init cloud provider "aws": error finding instance ... timeout
我遇到的问题是kubeadm
永远不会完全初始化。 output:
...
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connect: connection refused.
...
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connect: connection refused.
...
journalctl -xeu kubelet
显示了以下有趣的信息:
Dec 03 17:54:08 ip-10-83-62-10.ec2.internal kubelet[14709]: W1203 17:54:08.017925 14709 plugins.go:105] WARNING: aws built-in cloud provider is now deprecated. The AWS provider is deprecated. The AWS provider is deprecated and will be removed in a future release
Dec 03 17:54:08 ip-10-83-62-10.ec2.internal kubelet[14709]: I1203 17:54:08.018044 14709 aws.go:1235] Building AWS cloudprovider
Dec 03 17:54:08 ip-10-83-62-10.ec2.internal kubelet[14709]: I1203 17:54:08.018112 14709 aws.go:1195] Zone not specified in configuration file; querying AWS metadata service
Dec 03 17:56:08 ip-10-83-62-10.ec2.internal kubelet[14709]: F1203 17:56:08.332951 14709 server.go:265] failed to run Kubelet: could not init cloud provider "aws": error finding instance i-03e00e9192370ca0d: "error listing AWS instances: \"RequestError: send request failed\\ncaused by: Post \\\"https://ec2.us-east-1.amazonaws.com/\\\": dial tcp 10.83.60.11:443: i/o timeout
上下文是:它是一个完全私有的 AWS VPC。 有一个代理传播到 k8s 清单。
kubeadm.yaml 配置非常无辜,看起来像这样
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
apiServer:
extraArgs:
cloud-provider: aws
clusterName: cdspidr
controlPlaneEndpoint: ip-10-83-62-10.ec2.internal
controllerManager:
extraArgs:
cloud-provider: aws
configure-cloud-routes: "false"
kubernetesVersion: stable
networking:
dnsDomain: cluster.local
podSubnet: 10.83.62.0/24
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
nodeRegistration:
name: ip-10-83-62-10.ec2.internal
kubeletExtraArgs:
cloud-provider: was
我正在寻求帮助以解决以下问题:
为什么 kubeadm 使用此地址 ( https://ec2.us-east-1.amazonaws.com ) 来检索可用区? 它看起来不正确。 IMO,它应该类似于http://169.254.169.254/latest/dynamic/instance-identity/document
为什么会失败? 使用相同的代理设置,来自终端的 curl 请求返回 web 页面。
要解决此问题,我如何在 kubeadm.yaml 中或通过类似 kubeadm 的命令自行指定可用区?
我将不胜感激任何帮助或想法。
您可以创建一个用于访问 Ec2 的 VPC 端点(服务名称 - com.amazonaws.us-east-1.ec2),这将允许 kubelet 在没有互联网的情况下与 Ec2 对话并获取所需的信息。
创建 VPC 端点时,请确保启用私有 DNS 分辨率选项。
同样从错误来看,kubelet 正在尝试获取实例而不仅仅是可用区。 (“aws”:错误查找实例 i-03e00e9192370ca0d:“错误列出 AWS 实例)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.