Rcvisual 2020-04-30
不是ingress-nginx不成功出现错误提示
kubectl describe pod nginx-ingress-controller-6ffc8fdf96-xtg6n -n ingress-nginx
Normal Scheduled <unknown> default-scheduler Successfully assigned ingress-nginx/nginx-ingress-controller-6ffc8fdf96-xtg6n to 192.168.1.12 Normal Pulled 21s kubelet, 192.168.1.12 Container image "quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0" already present on machine Normal Created 21s kubelet, 192.168.1.12 Created container nginx-ingress-controller Normal Started 20s kubelet, 192.168.1.12 Started container nginx-ingress-controller Warning Unhealthy 5s (x2 over 15s) kubelet, 192.168.1.12 Readiness probe failed: Get http://192.168.1.12:10254/healthz: dial tcp 192.168.1.12:10254: connect: connection refused Warning Unhealthy 2s kubelet, 192.168.1.12 Liveness probe failed: Get http://192.168.1.12:10254/healthz: dial tcp 192.168.1.12:10254: connect: connection refused
对应node的kubelet日志
systemctl status kube-proxy -l
报错如下
kuberuntime_container.go:490] preStop hook for container "nginx-ingress-controller" failed: command ‘/wait-shutdown‘ exited with 137:
查看pod日志
# kubectl logs nginx-ingress-controller-6ffc8fdf96-xtg6n -n ingress-nginx ------------------------------------------------------------------------------- NGINX Ingress controller Release: 0.30.0 Build: git-7e65b90c4 Repository: https://github.com/kubernetes/ingress-nginx nginx version: nginx/1.17.8 ------------------------------------------------------------------------------- W0430 09:48:42.198239 6 flags.go:260] SSL certificate chain completion is disabled (--enable-ssl-chain-completion=false) W0430 09:48:42.198310 6 client_config.go:543] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. I0430 09:48:42.198533 6 main.go:193] Creating API client for https://10.0.0.1:443
判断是10.0.0.443有问题
node上telnet失败
# telnet 10.0.0.1 443 Trying 10.0.0.1...
解决方法,修改kube-proxy配置把流量转发该成ipvs模式
cat /opt/kubernetes/cfg/kube-proxy
# cat /opt/kubernetes/cfg/kube-proxy KUBE_PROXY_OPTS="--logtostderr=false --log-dir=/opt/kubernetes/logs/kube-proxy --v=4 --hostname-override=192.168.1.12 --cluster-cidr=10.0.0.0/24 --proxy-mode=ipvs --masquerade-all=true --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"
增加的内容
重启kube-proxy
重新不是ingress-nginx即可
###host字段指定授权使用该证书的etcd节点IP或子网列表,需要将etcd集群的3个节点都添加其中。cp etcd-v3.3.13-linux-amd64/etcd* /opt/k8s/bin/