-
k8s安装遇到过的一些问题
无法获取recomended.yaml文件
[root@k8master1 ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml --2023-09-14 11:38:12-- https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 0.0.0.0, :: Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|0.0.0.0|:443... failed: Connection refused. Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|::|:443... failed: Connection refused.- 1
- 2
- 3
- 4
- 5
解决方法:
修改host文件,并添加如下地址解析# GitHub Start 52.74.223.119 github.com 192.30.253.119 gist.github.com 54.169.195.247 api.github.com 185.199.111.153 assets-cdn.github.com 151.101.76.133 raw.githubusercontent.com 151.101.108.133 user-images.githubusercontent.com 151.101.76.133 gist.githubusercontent.com 151.101.76.133 cloud.githubusercontent.com 151.101.76.133 camo.githubusercontent.com 151.101.76.133 avatars0.githubusercontent.com 151.101.76.133 avatars1.githubusercontent.com 151.101.76.133 avatars2.githubusercontent.com 151.101.76.133 avatars3.githubusercontent.com 151.101.76.133 avatars4.githubusercontent.com 151.101.76.133 avatars5.githubusercontent.com 151.101.76.133 avatars6.githubusercontent.com 151.101.76.133 avatars7.githubusercontent.com 151.101.76.133 avatars8.githubusercontent.com # GitHub End- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
master无法curl运行在node节点上的pod
curl pod ip 无响应
[root@k8master1 ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES demoapp-7c58cd6bb-7qlrd 1/1 Running 1 (10m ago) 22d 10.244.1.15 k8node1.meng.com <none> <none> demoapp-7c58cd6bb-f84kp 1/1 Running 0 22d 10.244.3.2 k8node3.meng.com <none> <none> demoapp-7c58cd6bb-ldrzf 1/1 Running 1 (2m55s ago) 22d 10.244.2.13 k8node2.meng.com <none> <none> mypod 1/1 Running 1 (2m55s ago) 21d 10.244.2.12 k8node2.meng.com <none> <none> nginx-deploy-pvc-64b6b6bb47-csrnr 1/1 Running 0 14m 10.244.3.10 k8node3.meng.com <none> <none> nginx-deploy-pvc-64b6b6bb47-wcsbc 1/1 Running 1 (10m ago) 14m 10.244.1.16 k8node1.meng.com <none> <none> [root@k8master1 ~]# curl 10.244.1.16 ^C- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
查看node节点的iptables,可以看到“Chain FORWARD (policy DROP)” 数据包转发被禁止了
[root@k8node1 /]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination KUBE-PROXY-FIREWALL all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes load balancer firewall */ KUBE-NODEPORTS all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes health check service ports */ KUBE-EXTERNAL-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes externally-visible service portals */ KUBE-FIREWALL all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP) target prot opt source destination FLANNEL-FWD all -- 0.0.0.0/0 0.0.0.0/0 /* flanneld forward */ KUBE-PROXY-FIREWALL all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes load balancer firewall */ KUBE-FORWARD all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules */ KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes service portals */ KUBE-EXTERNAL-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes externally-visible service portals */ DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0 DOCKER-ISOLATION-STAGE-1 all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination KUBE-PROXY-FIREWALL all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes load balancer firewall */ KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes service portals */ KUBE-FIREWALL all -- 0.0.0.0/0 0.0.0.0/0 Chain DOCKER (1 references) target prot opt source destination Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination DOCKER-ISOLATION-STAGE-2 all -- 0.0.0.0/0 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-ISOLATION-STAGE-2 (1 references) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-USER (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain FLANNEL-FWD (1 references) target prot opt source destination ACCEPT all -- 10.244.0.0/16 0.0.0.0/0 /* flanneld forward */ ACCEPT all -- 0.0.0.0/0 10.244.0.0/16 /* flanneld forward */ Chain KUBE-EXTERNAL-SERVICES (2 references) target prot opt source destination Chain KUBE-FIREWALL (2 references) target prot opt source destination DROP all -- !127.0.0.0/8 127.0.0.0/8 /* block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT Chain KUBE-FORWARD (1 references) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules */ mark match 0x4000/0x4000 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding conntrack rule */ ctstate RELATED,ESTABLISHED Chain KUBE-KUBELET-CANARY (0 references) target prot opt source destination Chain KUBE-NODEPORTS (1 references) target prot opt source destination Chain KUBE-PROXY-CANARY (0 references) target prot opt source destination Chain KUBE-PROXY-FIREWALL (3 references) target prot opt source destination Chain KUBE-SERVICES (2 references) target prot opt source destination- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
添加IPV4的转发规则,重启node节点之后才能生效
[root@k8node1 /]# echo "net.ipv4.ip_forward = 1" >> /usr/lib/sysctl.d/50-default.conf [root@k8node1 /]# sysctl -p [root@k8node1 /]# reboot- 1
- 2
- 3
重启后可以再次查看iptables规则
[root@k8node1 ~]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination KUBE-PROXY-FIREWALL all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes load balancer firewall */ KUBE-NODEPORTS all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes health check service ports */ KUBE-EXTERNAL-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes externally-visible service portals */ KUBE-FIREWALL all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT) target prot opt source destination KUBE-PROXY-FIREWALL all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes load balancer firewall */ KUBE-FORWARD all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules */ KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes service portals */ KUBE-EXTERNAL-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes externally-visible service portals */ DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0 DOCKER-ISOLATION-STAGE-1 all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination KUBE-PROXY-FIREWALL all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes load balancer firewall */ KUBE-SERVICES all -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes service portals */ KUBE-FIREWALL all -- 0.0.0.0/0 0.0.0.0/0 Chain DOCKER (1 references) target prot opt source destination Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination DOCKER-ISOLATION-STAGE-2 all -- 0.0.0.0/0 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-ISOLATION-STAGE-2 (1 references) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-USER (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain KUBE-EXTERNAL-SERVICES (2 references) target prot opt source destination REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/nginx-pvc has no endpoints */ ADDRTYPE match dst-type LOCAL tcp dpt:30004 reject-with icmp-port-unreachable Chain KUBE-FIREWALL (2 references) target prot opt source destination DROP all -- !127.0.0.0/8 127.0.0.0/8 /* block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT Chain KUBE-FORWARD (1 references) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules */ mark match 0x4000/0x4000 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding conntrack rule */ ctstate RELATED,ESTABLISHED Chain KUBE-KUBELET-CANARY (0 references) target prot opt source destination Chain KUBE-NODEPORTS (1 references) target prot opt source destination Chain KUBE-PROXY-CANARY (0 references) target prot opt source destination Chain KUBE-PROXY-FIREWALL (3 references) target prot opt source destination Chain KUBE-SERVICES (2 references) target prot opt source destination REJECT tcp -- 0.0.0.0/0 10.106.93.8 /* default/nginx-pvc has no endpoints */ tcp dpt:80 reject-with icmp-port-unreachable- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
node 节点无法运行kubectl命令
[root@k8node1 ~]# kubectl get nodes E0828 20:58:36.825336 30012 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/ap i?timeout=32s": dial tcp [::1]:8080: connect: connection refused- 1
- 2
解决方法:
[root@k8master1 ~]#scp -r $HOME/.kube k8node1:$HOME [root@k8node1 ~]#cp /etc/kubernetes/kubelet.conf .kube/config- 1
- 2
-
相关阅读:
C#自定义控件:提示未将对象引用设置到对象实例
如何用c++制作人生模拟器
海盗分金博弈
【Python第三方包】解析和生成二维码(pyqrcode包)
安装配置Kafka
Docker 常用命令
Android 引入库报错 Null extracted folder for artifact 解决方案
1.5-39:与7无关的数
js基础知识整理之 —— 求最大值 最小值 平均数的几种方法
一文学会linux vim操作
- 原文地址:https://blog.csdn.net/mandarin_meng/article/details/132981365
