无法通过https拨号tcp 10.200.0.1:443访问kubernetes master apis:i / o timeout

时间:2015-12-08 03:37:23

标签: kubernetes

我编辑入口控制器的示例。代码如下controller.go

package main
import (
    "log"
    "os"
    "os/exec"
    "reflect"
    "text/template"
    "k8s.io/kubernetes/pkg/api"
    "k8s.io/kubernetes/pkg/apis/extensions"
    client "k8s.io/kubernetes/pkg/client/unversioned"
    "k8s.io/kubernetes/pkg/fields"
    "k8s.io/kubernetes/pkg/labels"
    "k8s.io/kubernetes/pkg/util"
    "k8s.io/kubernetes/pkg/api/unversioned"
)
const (
    nginxConf = `
events {
  worker_connections 1024;
}
http {
{{range $ing := .Items}}
{{range $rule := $ing.Spec.Rules}}
  server {
    listen 80;
    server_name {{$rule.Host}};
    resolver 127.0.0.1;
{{ range $path := $rule.HTTP.Paths }}
    {{if eq $path.Path "" }}
    location / {
    {{else}}
    location {{$path.Path}} {
    {{end}}
      proxy_pass http://{{$path.Backend.ServiceName}}:{{$path.Backend.ServicePort}}/;
      proxy_set_header Host $host;
    }{{end}}
  }{{end}}{{end}}
}`
func shellOut(cmd string) {
    out, err := exec.Command("sh", "-c", cmd).CombinedOutput()
    log.Println(" cmd ", cmd, string(out))
    if err != nil {
        log.Fatalf("Failed to execute %v: %v, err: %v", cmd, string(out), err)
    }
}
func main() {
    log.SetFlags(log.Flags()|log.Lshortfile)
    var ingClient client.IngressInterface
    if kubeClient, err := client.NewInCluster(); err != nil {
        log.Fatalf("Failed to create client: %v.", err)
    } else {
        ingClient = kubeClient.Extensions().Ingress(api.NamespaceAll)
    }
    tmpl, _ := template.New("nginx").Parse(nginxConf)
    rateLimiter := util.NewTokenBucketRateLimiter(0.1, 1)
    known := &extensions.IngressList{}
    log.Println("Start nginx...")
    // Controller loop
    go shellOut("nginx -g 'daemon on;'")
    log.Println("Nginx start success")
    for {
        rateLimiter.Accept()
        options := unversioned.ListOptions{
            LabelSelector: unversioned.LabelSelector{labels.Everything()},
            FieldSelector: unversioned.FieldSelector{fields.Everything()},
        }
        ingresses, err := ingClient.List(options)
        log.Println("err :", err.Error())
        if err != nil || reflect.DeepEqual(ingresses.Items, known.Items) {
            continue
        }
        known = ingresses
        if w, err := os.Create("/etc/nginx/nginx.conf"); err != nil {
            log.Fatalf("Failed to open %v: %v", nginxConf, err)
        } else if err := tmpl.Execute(w, ingresses); err != nil {
            log.Fatalf("Failed to write template %v", err)
        }

        log.Println("Reload nginx")
        shellOut("nginx -s reload")
    }
}

我使用nginx的图像将其构建为图像库,并在kubernetes rc-ingress-controller.yaml中以rc运行:

apiVersion: v1
kind: ReplicationController
metadata:
  name: nginx-ingress
  labels:
    app: nginx-ingress
spec:
  replicas: 1
  selector:
    app: nginx-ingress
  template:
    metadata:
      labels:
        app: nginx-ingress
    spec:
      nodeSelector:
        kubernetes.io/hostname: host3
      containers:
      #- image: dhub.yunpro.cn/google_containers/nginx-ingress:0.1
      - image: dhub.yunpro.cn/shenshouer/ingress-nginx:1.8-test07
      #- image: dhub.yunpro.cn/shenshouer/nginx
        imagePullPolicy: Always
        name: nginx
        ports:
        - containerPort: 80
          hostPort: 80
        volumeMounts:
        - name: timezone
          mountPath: /etc/localtime
          readOnly: true
      volumes:
      - name: timezone
        hostPath:
          path: /etc/localtime

但是我通过https:

获得了请求主api的超时错误
[root@host3 vagrant]# docker logs -f cccd1104824b
2015/12/08 11:20:43 controller.go:110: Start nginx...
2015/12/08 11:20:43 controller.go:113: Nginx start success
2015/12/08 11:21:13 controller.go:123: err : Get https://10.200.0.1:443/apis/extensions/v1beta1/ingresses: dial tcp 10.200.0.1:443: i/o timeout
2015/12/08 11:21:43 controller.go:123: err : Get https://10.200.0.1:443/apis/extensions/v1beta1/ingresses: dial tcp 10.200.0.1:443: i/o timeout
2015/12/08 11:22:13 controller.go:123: err : Get https://10.200.0.1:443/apis/extensions/v1beta1/ingresses: dial tcp 10.200.0.1:443: i/o timeout

这个秘密的秘密已经发布:

[root@host3 vagrant]# docker exec -it cccd1104824b /bin/bash
root@nginx-ingress-dqima:/# ls /var/run/secrets/kubernetes.io/serviceaccount/
ca.crt  token
root@nginx-ingress-dqima:/# ls -alh /var/run/secrets/kubernetes.io/serviceaccount/
total 12K
drwxrwxrwt. 2 root root   80 Dec  8 11:20 .
drwxr-xr-x. 3 root root 4.0K Dec  8 11:20 ..
-r--r--r--. 1 root root 1.2K Dec  8 11:20 ca.crt
-r--r--r--. 1 root root  846 Dec  8 11:20 token

我的群集中的DNS服务没问题:

[root@host1 ingress]# kubectl exec busybox -- nslookup kubernetes
Server:    10.200.0.10
Address 1: 10.200.0.10
Name:      kubernetes
Address 1: 10.200.0.1

默认命名空间中的服务:

[root@host1 ingress]# kubectl get svc
NAME             CLUSTER_IP      EXTERNAL_IP   PORT(S)     SELECTOR             AGE
kubernetes       10.200.0.1      <none>        443/TCP     <none>               5d
simple-request   10.200.43.243   <none>        30001/TCP   app=simple-request   5d

我不知道如何解决这个问题,有谁可以帮助我?

1 个答案:

答案 0 :(得分:0)

在您的RC中,您似乎绑定到端口80,为什么您认为443会打开?

更改rc-ingress-controller.yaml中的端口 到443,它应该工作

        name: nginx
        ports:
        - containerPort: 443
          hostPort: 443