当请求到来时,nginx-ingress豆荚不断崩溃-AKS

时间:2019-12-13 15:36:10

标签: nginx nginx-ingress azure-aks

当请求到来时,我们的nginx-controller pod不断崩溃。从日志看,它似乎已超时连接到API服务器,是否知道如何启用更详细的日志?

enter image description here 

I1213 14:55:35.038444       7 round_trippers.go:438] GET https://11.2.9.1:443/version?timeout=32s  in 46 milliseconds
I1213 14:55:35.038543       7 round_trippers.go:444] Response Headers:
I1213 14:55:35.038650       7 request.go:784] Got a Retry-After 1s response for attempt 9 to https://11.2.9.1:443/version?timeout=32s
I1213 14:55:36.038955       7 round_trippers.go:419] curl -k -v -XGET  -H "Accept: application/json, */*" -H "User-Agent: nginx-ingress-controller/v0.0.0 (linux/amd64) kubernetes/$Format" -H "Authorization: Bearer XXXXXXXXXXRiWDII8dG8v-KJ90Av6HgE" 'https://11.2.9.1:443/version?timeout=32s'
I1213 14:55:36.088346       7 round_trippers.go:438] GET https://11.2.9.1:443/version?timeout=32s  in 49 milliseconds
I1213 14:55:36.088382       7 round_trippers.go:444] Response Headers:
I1213 14:55:36.088598       7 request.go:947] Response Body:
I1213 14:55:36.088730       7 main.go:212] Unexpected error discovering Kubernetes version (attempt 9): an error on the server ("") has prevented the request from succeeding
F1213 14:55:36.088826       7 main.go:235] Error while initiating a connection to the Kubernetes API server. This could mean the cluster is misconfigured (e.g. it has invalid API server certificates or Service Accounts configuration). Reason: an error on the server ("") has prevented the request from succeeding
Refer to the troubleshooting guide for more information: https://kubernetes.github.io/ingress-nginx/troubleshooting/

当kubectl进入入口容器时,这是日志

C:\Users\XXXXX>kubectl exec -it nginx-ingress-controller-85d79fd99d-tlzrz -- /bin/bash
www-data@nginx-ingress-controller-85d79fd99d-tlzrz:/etc/nginx$ curl -k -v -XGET https://11.2.9.1:443/version?timeout=32s
Note: Unnecessary use of -X or --request, GET is already inferred.
* Expire in 0 ms for 6 (transfer 0x56450f95cdd0)
*   Trying 11.2.9.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x56450f95cdd0)
* Connected to 11.2.9.1 (11.2.9.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 11.2.9.1:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 11.2.9.1:443
www-data@nginx-ingress-controller-85d79fd99d-tlzrz:/etc/nginx$

1 个答案:

答案 0 :(得分:0)

这是由于实施了网络安全策略所致,该策略不允许入口节点通过内部IP来ping API服务器。将env变量添加到入口控制器部署文件以强制其使用FQDN解决了该问题。API服务器的KUBERNETES_SERVICE_HOST = FQDN

相关问题
最新问题