头盔错误:拨打tcp *:10250:I / O超时

时间:2019-02-11 19:22:49

标签: kubernetes vagrant virtualbox kubernetes-helm

使用 Vagrant + Ansible + VirtualBox 创建了本地群集。手动部署可以正常工作,但是使用头盔时:

:~$helm install stable/nginx-ingress --name nginx-ingress-controller --set rbac.create=true
Error: forwarding ports: error upgrading connection: error dialing backend: dial tcp 10.0.52.15:10250: i/o timeout

Kubernetes集群信息:

:~$kubectl get nodes,po,deploy,svc,ingress --all-namespaces -o wide
NAME                        STATUS   ROLES    AGE   VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION      CONTAINER-RUNTIME
node/ubuntu18-kube-master   Ready    master   32m   v1.13.3   10.0.51.15    <none>        Ubuntu 18.04.1 LTS   4.15.0-43-generic   docker://18.6.1
node/ubuntu18-kube-node-1   Ready    <none>   31m   v1.13.3   10.0.52.15    <none>        Ubuntu 18.04.1 LTS   4.15.0-43-generic   docker://18.6.1

NAMESPACE     NAME                                               READY   STATUS    RESTARTS   AGE     IP           NODE                   NOMINATED NODE   READINESS GATES
default       pod/nginx-server                                   1/1     Running   0          40s     10.244.1.5   ubuntu18-kube-node-1   <none>           <none>
default       pod/nginx-server-b8d78876d-cgbjt                   1/1     Running   0          4m25s   10.244.1.4   ubuntu18-kube-node-1   <none>           <none>
kube-system   pod/coredns-86c58d9df4-5rsw2                       1/1     Running   0          31m     10.244.0.2   ubuntu18-kube-master   <none>           <none>
kube-system   pod/coredns-86c58d9df4-lfbvd                       1/1     Running   0          31m     10.244.0.3   ubuntu18-kube-master   <none>           <none>
kube-system   pod/etcd-ubuntu18-kube-master                      1/1     Running   0          31m     10.0.51.15   ubuntu18-kube-master   <none>           <none>
kube-system   pod/kube-apiserver-ubuntu18-kube-master            1/1     Running   0          30m     10.0.51.15   ubuntu18-kube-master   <none>           <none>
kube-system   pod/kube-controller-manager-ubuntu18-kube-master   1/1     Running   0          30m     10.0.51.15   ubuntu18-kube-master   <none>           <none>
kube-system   pod/kube-flannel-ds-amd64-jffqn                    1/1     Running   0          31m     10.0.51.15   ubuntu18-kube-master   <none>           <none>
kube-system   pod/kube-flannel-ds-amd64-vc6p2                    1/1     Running   0          31m     10.0.52.15   ubuntu18-kube-node-1   <none>           <none>
kube-system   pod/kube-proxy-fbgmf                               1/1     Running   0          31m     10.0.52.15   ubuntu18-kube-node-1   <none>           <none>
kube-system   pod/kube-proxy-jhs6b                               1/1     Running   0          31m     10.0.51.15   ubuntu18-kube-master   <none>           <none>
kube-system   pod/kube-scheduler-ubuntu18-kube-master            1/1     Running   0          31m     10.0.51.15   ubuntu18-kube-master   <none>           <none>
kube-system   pod/tiller-deploy-69ffbf64bc-x8lkc                 1/1     Running   0          24m     10.244.1.2   ubuntu18-kube-node-1   <none>           <none>

NAMESPACE     NAME                                  READY   UP-TO-DATE   AVAILABLE   AGE     CONTAINERS     IMAGES                                  SELECTOR
default       deployment.extensions/nginx-server    1/1     1            1           4m25s   nginx-server   nginx                                   run=nginx-server
kube-system   deployment.extensions/coredns         2/2     2            2           32m     coredns        k8s.gcr.io/coredns:1.2.6                k8s-app=kube-dns
kube-system   deployment.extensions/tiller-deploy   1/1     1            1           24m     tiller         gcr.io/kubernetes-helm/tiller:v2.12.3   app=helm,name=tiller

NAMESPACE     NAME                    TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE   SELECTOR
default       service/kubernetes      ClusterIP   10.96.0.1      <none>        443/TCP         32m   <none>
default       service/nginx-server    NodePort    10.99.84.201   <none>        80:31811/TCP    12s   run=nginx-server
kube-system   service/kube-dns        ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP   32m   k8s-app=kube-dns
kube-system   service/tiller-deploy   ClusterIP   10.99.4.74     <none>        44134/TCP       24m   app=helm,name=tiller

Vagrantfile:

...

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| 
  $hosts.each_with_index do |(hostname, parameters), index|
    ip_address = "#{$subnet}.#{$ip_offset + index}"

    config.vm.define vm_name = hostname do |vm_config|
      vm_config.vm.hostname = hostname
      vm_config.vm.box = box
      vm_config.vm.network "private_network", ip: ip_address

      vm_config.vm.provider :virtualbox do |vb|        
        vb.gui = false
        vb.name = hostname
        vb.memory = parameters[:memory]
        vb.cpus = parameters[:cpus]
        vb.customize ['modifyvm', :id, '--macaddress1', "08002700005#{index}"]
        vb.customize ['modifyvm', :id, '--natnet1', "10.0.5#{index}.0/24"]
      end
    end
  end
end

VirtualBox 问题的解决方法:设置差异 macaddress internal_ip

找到一个可以放置在配置文件之一中的解决方案很有趣:流浪汉,无用角色。关于这个问题有什么想法吗?

2 个答案:

答案 0 :(得分:1)

  

Error: forwarding ports: error upgrading connection: error dialing backend: dial tcp 10.0.52.15:10250: i/o timeout

您被一个非常常见的kubernetes-on-Vagrant错误咬伤:kubelet认为其IP地址为eth0,这是Vagrant中的 NAT 接口,而不是使用( Vagrantfile中的the :private_address network。因此,由于所有kubelet交互都是直接发生(而不是通过API服务器),因此kubectl execkubectl logs之类的操作将完全以您看到的方式失败。

解决方案是强制将kubelet绑定到专用网络接口,或者,我猜您可以将Vagrantfile切换为使用bridge network,如果可以的话,只要该接口不是NAT。

答案 1 :(得分:0)

问题是关于如何在群集中管理TLS证书,请确保端口10250可访问。 这是当我尝试运行exec在节点中运行的Pod(在我的情况下为实例aws)时如何解决此问题的示例,

resource "aws_security_group" "My_VPC_Security_Group" {
...
 ingress {
   description = "TLS from VPC"
   from_port   = 10250
   to_port     = 10250
   protocol    = "tcp"
   cidr_blocks = ["0.0.0.0/0"]
 }
}

有关更多详细信息,您可以访问[1]:http://carnal0wnage.attackresearch.com/2019/01/kubernetes-unauth-kublet-api-10250.html

相关问题
最新问题