我使用二进制数据包部署了kubernetes控制器管理器,成功启动了kube-controller-manager服务,但是HTTP探测失败,状态码:400,当kubectl获得了控制器管理器状态时
环境描述
提供商:VMware Workstation(Centos7.2.1511)
docker版本:18.09.6
内核版本:4.4.184
kubernetes版本:1.14.2
1:这是kubernetens控制器管理器状态
[root@node1 conf]# /opt/kube/bin/kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Unhealthy HTTP probe failed with statuscode: 400
scheduler Healthy ok
etcd-0 Healthy {"health":"true"}
etcd-1 Healthy {"health":"true"}
etcd-2 Healthy {"health":"true"}
2:这是kubernetens控制器管理器系统单元文件
[root@node1 conf]# cat /etc/systemd/system/kube-controller-manager.service
...
[Service]
WorkingDirectory=/opt/kube/data/kube-manager
ExecStart=/opt/kube/bin/kube-controller-manager \
--port=0 \
--secure-port=10252 \
--bind-address=127.0.0.1 \
--kubeconfig=/opt/kube/conf/kube-controller-manager.kubeconfig \
--authentication-kubeconfig=/opt/kube/conf/kube-controller-manager.kubeconfig \
--authorization-kubeconfig=/opt/kube/conf/kube-controller-manager.kubeconfig \
--service-cluster-ip-range=10.99.0.0/16 \
--cluster-name=kubernetes \
--cluster-signing-cert-file=/opt/kube/ssl/ca.pem \
--cluster-signing-key-file=/opt/kube/ssl/ca-key.pem \
--experimental-cluster-signing-duration=8760h \
--root-ca-file=/opt/kube/ssl/ca.pem \
--service-account-private-key-file=/opt/kube/ssl/ca-key.pem \
--leader-elect=true \
--controllers=*,bootstrapsigner,tokencleaner \
--tls-cert-file=/opt/kube/ssl/kube-controller-manager.pem \
--tls-private-key-file=/opt/kube/ssl/kube-controller-manager-key.pem \
--use-service-account-credentials=true \
--experimental-cluster-signing-duration=876000h \
--horizontal-pod-autoscaler-sync-period=10s \
--concurrent-deployment-syncs=10 \
--concurrent-gc-syncs=30 \
--node-cidr-mask-size=24 \
--kube-api-qps=1000 \
--kube-api-burst=2000 \
--logtostderr=true \
--v=2
...
有什么好的解决方法吗?谢谢
答案 0 :(得分:0)
从1.13开始,kube-controller-manager和kube-scheduler将 10259,10257 作为安全端口公开
不安全的端口 10251,10252 已被弃用。 -#1327
您应该使用安全端口作为默认的livenessProbes。
--secure-port=10257