Kubernetes日志命令TLS握手超时 [英] Kubernetes logs command TLS handshake timeout

问题描述

我正在运行开源kube版本1.9，在运行kubectl logs命令时收到TLS握手超时错误，其他kubectl命令运行正常.

I am running the open source kube version 1.9, getting TLS handshake timeout error while running the kubectl logs command, other kubectl commands are working fine.

#:/etc/kubernetes/pki> kubectl get pods
NAME                          READY     STATUS    RESTARTS   AGE
app1-9         1/1       Running   0          2d

#:/etc/kubernetes/pki> kubectl logs counter
Error from server: Get https://XX.XX.XX.XXXX:10250/containerLogs/default/counter/count: net/http: TLS handshake timeout

kubectl版本是:

kubectl version is:

Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.0", GitCommit:"925c127ec6b946659ad0fd596fa959be43f0cc05", GitTreeState:"clean", BuildDate:"2017-12-15T21:07:38Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.0", GitCommit:"925c127ec6b946659ad0fd596fa959be43f0cc05", GitTreeState:"clean", BuildDate:"2017-12-15T20:55:30Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}

我看到apiserver在10250上运行.如何使kubectl通过SSL连接到apiserver?

I see the apiserver is running on 10250. How to make kubectl connect to apiserver over the SSL?

推荐答案

我在群集上遇到了同样的问题，并且在过去的几个月里一直困扰着我.我运行了命令curl -v8，表明它不是tls/cert问题(真的是错误消息).

I had the same issue on my cluster and it has been plagiung me for the past few months. I ran the command curl -v8 showed my it wasn't a tls/cert issue (really bad error message.)

这使我看到了其他问题，例如API服务器/网关，节点等.事实证明，错误-在我的群集上-是由 mismatch API的引起的.这是由于我添加了一个新节点.进行一些挖掘之后，我找到了一条命令，该命令可以让我查看集群正在运行的API版本，然后将其引导至更新的版本.

This lead me to look at other issues, such as the API server/gateway, nodes and so forth. It turns out that the the error --on my cluster-- was caused by mismatch API's. This was due to my adding a new node. After doing some digging I found a command that would allow me to see what API version/s my cluster was running and then guide me to an updated version.

我使用" kubeadm升级计划"更新了集群.该命令建议我可以将群集更新到版本10.1.5或10.1.11，但是我需要先更新 Kubeadm .我更新了Kubeadm，然后在所有其他节点上更新了我的kube组件.更新节点后，我使用了 kubeadm init join命令将所有节点添加到新的集群集中. NB 此时，我要说的是，我的PODS均未丢失.

I updated my cluster using 'kubeadm upgrade plan'. The command advised I could update the cluster to version 10.1.5 or 10.1.11, however I would need to updated Kubeadm first. I updated Kubeadm and then updated my kube components on all the other nodes. Once the nodes had been updates, I used the kubeadm init join command to add all the nodes to the new cluster set. NB at this point I would like to say that none of my PODS dropped.

一切都重新加入了集群，现在，我可以通过所有PODS浏览集群中的日志.

Everything had rejoined the cluster and now, I can browse the logs across the cluster through all PODS.

我希望这对正在寻找答案的人有所帮助.

I hope this helps anyone who's looking for an answer.

这篇关于Kubernetes日志命令TLS握手超时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！