kubectl命令超时,没有详细信息

时间:2018-01-03 15:19:49

标签: amazon-web-services kubernetes kube-aws

我正在运行Kubernetes集群,该集群已经运行了好几个月。现在,今天,当我即将部署一些更新时,我会从服务器获得超时。

运行$ kubectl get nodes会产生

Error from server (Timeout): the server was unable to return a response in the time allotted, but may still be processing the request (get nodes)

运行$ kubectl get pods --all-namespaces会产生

Error from server (Timeout): the server was unable to return a response in the time allotted, but may still be processing the request (get pods)

运行$ kubectl get deployments会产生

Error from server (Timeout): the server was unable to return a response in the time allotted, but may still be processing the request (get deployments.extensions)

运行$ kubectl get svc会产生

Error from server (Timeout): the server was unable to return a response in the time allotted, but may still be processing the request (get services)

运行$ kubectl cluster-info会产生(注意主控后没有输出)

Kubernetes master is running at https://cluster.mysite.com

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

当我为每个命令获得这些超时时,无法进行故障排除。

如何从这里继续访问我的服务器?我正在使用kube-aws和AWS CloudFormation VPC。

感谢您的时间。

修改

根据请求,我运行$ kubectl get pods -v 7并在一堆缓存返回后得到了这个:

I0103 16:51:32.196859 25644 round_trippers.go:414] GET cluster.mysite.com/api/v1/nodes
I0103 16:51:32.196888 25644 round_trippers.go:421] Request Headers: 
I0103 16:51:32.196894 25644 round_trippers.go:424]     Accept: application/json
I0103 16:51:32.196899 25644 round_trippers.go:424]     User-Agent: kubectl/v1.8.3 (darwin/amd64) kubernetes/f0efb3c
I0103 16:52:32.239841 25644 round_trippers.go:439]     Response Status: 504 Gateway Timeout in 60044 milliseconds

我也跑了$ kubectl cluster-info dump -v 7并得到了:

I0103 16:51:32.196888   25644 round_trippers.go:421] Request Headers:
I0103 16:51:32.196894   25644 round_trippers.go:424]     Accept: application/json
I0103 16:51:32.196899   25644 round_trippers.go:424]     User-Agent: kubectl/v1.8.3 (darwin/amd64) kubernetes/f0efb3c
I0103 16:52:32.239841   25644 round_trippers.go:439] Response Status: 504 Gateway Timeout in 60044 milliseconds
I0103 16:52:32.242362   25644 helpers.go:207] server response object: [{
  "metadata": {},
  "status": "Failure",
  "message": "the server was unable to return a response in the time allotted, but may still be processing the request (get nodes)",
  "reason": "Timeout",
  "details": {
    "kind": "nodes",
    "causes": [
      {
        "reason": "UnexpectedServerResponse",
        "message": "{\"metadata\":{},\"status\":\"Failure\",\"message\":\"The list operation against nodes could not be completed at this time, please try again.\",\"reason\":\"ServerTimeout\",\"details\":{\"name\":\"list\",\"kind\":\"nodes\"},\"code\":500}"
      }
    ]
  },
  "code": 504
}]

编辑2: 好的,现在我只是在每个请求上得到Unable to connect to the server: EOF,我开始害怕了。这是一个生产群集,我甚至无法访问它以尝试进行故障排除。有人提示如何继续吗?

编辑3: 我已经意识到etcd集群工作不正常,2/3节点不同步。重新启动一个节点使其再次正确加入群集,但第二个节点无法启动服务。无法启动的服务是:

  • etcdadm-check.service
  • etcdadm-save.service
  • etcdadm更新-status.service
  • user@0.service

前三个都提供错误etcdadm-check.service: Control process exited, code=exited status=3,最后一个提供user@0.service: Start request repeated too quickly.

有关如何处理此问题的任何提示?

此外,在恢复第二个etcd后,我在运行任何Unable to connect to the server: x509: certificate signed by unknown authority命令时得到kubectl。这是否意味着数据丢失?我的证书有效期超过半年,我对它们没有任何改变。

编辑4 : 我仍然有etd问题,但是在此时按照camil的回答中的说明,将更新结果。但是,我通过使用到中间根CA的正确路径重新运行$ kube-aws render credentials来解决证书无效的问题,以便解决问题。

2 个答案:

答案 0 :(得分:3)

为避免超时,您可以传递此标记--request-timeout='1s'。这将允许进一​​步调试。

我看到你正在运行kube-aws,因此终止主实例是安全的(如果你运行多个主服务器,至少有一个实例)。 ASG将自动更换它们。您也可以使用ETCD节点执行此操作。

如果问题仍然存在,那么您必须ssh into master并通过运行以下命令检查日志和服务:

journalctl -xe
systemctl status -l kubelet.service
systemctl status -l flanneld.service
systemctl status -l docker.service
rkt list

您也可以使用此功能从主人内部使用kubectl进行调试:

kubectl() {
/usr/bin/docker run --rm --net=host \
  -v /etc/resolv.conf:/etc/resolv.conf \
  -v /srv/kube-aws/plugins:/srv/kube-aws/plugins \
  quay.io/coreos/hyperkube:v1.9.0_coreos.0 /hyperkube kubectl "$@"
}

然后尝试以下命令:

kubectl get componentstatus
kubectl cluster-info
kubectl get pods -n kube-system
kubectl get events -n kube-system

检查来自母版的ETCD连接

export $(cat /etc/etcd-environment | tr -d "'")

/usr/bin/etcdctl \
--ca-file=/etc/kubernetes/ssl/etcd-trusted-ca.pem \
--cert-file=/etc/kubernetes/ssl/etcd-client.pem \
--key-file=/etc/kubernetes/ssl/etcd-client-key.pem \
--endpoints="${ETCD_ENDPOINTS}" \
cluster-health

答案 1 :(得分:0)

rm -r ~/.kube/cache/discovery 为我工作。

不过,我的超时消息看起来与您的不同:

E0528 20:32:29.191243    1730 request.go:975] Unexpected error when reading response body: net/http: request canceled (Client.Timeout exceeded while reading body)
相关问题
最新问题