堆棧內存溢出
  簡體   English   中英

當請求到來時,nginx-ingress pod 不斷崩潰 - AKS

[英]nginx-ingress pods keep crashing when request comes - AKS

 原文  2019-12-13 15:36:10       nginx/ nginx-ingress/ azure-aks

問題描述

當請求到來時,我們的 nginx 控制器 pod 不斷崩潰。 從日志來看,連接到 API 服務器似乎超時了,知道如何啟用更詳細的日志嗎?

在此處輸入圖片說明

I1213 14:55:35.038444       7 round_trippers.go:438] GET https://11.2.9.1:443/version?timeout=32s  in 46 milliseconds
I1213 14:55:35.038543       7 round_trippers.go:444] Response Headers:
I1213 14:55:35.038650       7 request.go:784] Got a Retry-After 1s response for attempt 9 to https://11.2.9.1:443/version?timeout=32s
I1213 14:55:36.038955       7 round_trippers.go:419] curl -k -v -XGET  -H "Accept: application/json, */*" -H "User-Agent: nginx-ingress-controller/v0.0.0 (linux/amd64) kubernetes/$Format" -H "Authorization: Bearer XXXXXXXXXXRiWDII8dG8v-KJ90Av6HgE" 'https://11.2.9.1:443/version?timeout=32s'
I1213 14:55:36.088346       7 round_trippers.go:438] GET https://11.2.9.1:443/version?timeout=32s  in 49 milliseconds
I1213 14:55:36.088382       7 round_trippers.go:444] Response Headers:
I1213 14:55:36.088598       7 request.go:947] Response Body:
I1213 14:55:36.088730       7 main.go:212] Unexpected error discovering Kubernetes version (attempt 9): an error on the server ("") has prevented the request from succeeding
F1213 14:55:36.088826       7 main.go:235] Error while initiating a connection to the Kubernetes API server. This could mean the cluster is misconfigured (e.g. it has invalid API server certificates or Service Accounts configuration). Reason: an error on the server ("") has prevented the request from succeeding
Refer to the troubleshooting guide for more information: https://kubernetes.github.io/ingress-nginx/troubleshooting/

當 kubectl 進入 ingress pod 時,這是日志

C:\Users\XXXXX>kubectl exec -it nginx-ingress-controller-85d79fd99d-tlzrz -- /bin/bash
www-data@nginx-ingress-controller-85d79fd99d-tlzrz:/etc/nginx$ curl -k -v -XGET https://11.2.9.1:443/version?timeout=32s
Note: Unnecessary use of -X or --request, GET is already inferred.
* Expire in 0 ms for 6 (transfer 0x56450f95cdd0)
*   Trying 11.2.9.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x56450f95cdd0)
* Connected to 11.2.9.1 (11.2.9.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 11.2.9.1:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 11.2.9.1:443
www-data@nginx-ingress-controller-85d79fd99d-tlzrz:/etc/nginx$

1 個解決方案

解決方案1
 0  2019-12-20 14:26:48

這是由於強制執行的網絡安全策略不允許入口節點通過內部 IP ping API 服務器。 將 env 變量添加到入口控制器部署文件以強制其使用 FQDN 解決了​​該問題。 API 服務器的 KUBERNETES_SERVICE_HOST=FQDN

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 在沒有rbac問題的情況下在aks中部署nginx-ingress 用 nginx-ingress controller 重寫 Nginx-Ingress控制器后面的Nginx服務器 如何將Nginx配置轉換為Nginx-ingress? Kubernetes NGINX-ingress 返回 404 在路徑級別應用 nginx-ingress 注釋 Nginx-ingress 工作進程不斷重啟 Nginx-Ingress 有時無法重寫路徑 使用 ConfigMap 為 nginx-ingress 禁用 HSTS Kubernetes nginx-ingress TLS問題
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM