Kubernetes-Net/http:提取日志时的TLS握手超时(BareMetal) [英] Kubernetes - net/http: TLS handshake timeout when fetching logs (BareMetal)
问题描述
我已经检查了Google和Stackoverflow上有关问题原因的任何提示,但没有任何方法可以帮助解决该问题.
I have checked all over Google and Stackoverflow for any kind of hint as to the cause of the issue, yet nothing that will help resolve it.
背景:
1个硕士
6个节点
Background:
1 Master
6 Nodes
主节点和4个节点在收集日志时工作正常. 2个全新的节点,相同的操作系统,相同的证书,相同的网络,相同的配置,日志不起作用.
Master and 4 Nodes working fine when collecting logs. 2 Brand new nodes, same os, same certs, same network, same configs, logs do not work.
问题: kubectl记录pod-5c474fdf8-fk5zm -n部署 服务器错误:获取 https://ip-addr:10250/containerLogs /deployment/pod-5c474fdf8-fk5zm/pod :net/http:TLS握手超时
Issue: kubectl logs pod-5c474fdf8-fk5zm -n deployment Error from server: Get https://ip-addr:10250/containerLogs/deployment/pod-5c474fdf8-fk5zm/pod: net/http: TLS handshake timeout
每次从主节点和其他4个节点返回日志.我以前遇到过这个问题,它奇迹般地消失了.这次没有喜悦.
From the master and 4 other nodes, Logs return every time. I have had the issue before and it miraculously disappears. This time no joy.
我尝试过的事情:
- opened the ports on the firewall
- main certs installed and trusted
- added hostnames and IP's to hosts file
- deleted re-added the nodes
- updated the system certs
- telnet from the other nodes to the offending nodes on port 10250
- openssl s_client -connect offendingnodes.com:10250 and compared to openssl s_client -connect workingnodes.com:10250
- googled the error
- read the K8s documentation, again.
我真的很茫然,因此我们将不胜感激.
I am truly at a loss, so any help will be greatly appreciated.
推荐答案
我运行了curl -v8命令,该命令告诉我这不是tls/cert问题(确实是错误的错误消息.)
I ran the command curl -v8 which showed me it wasn't a tls/cert issue (really bad error message.)
这使我看到了其他问题,例如API服务器/网关,节点等.事实证明,在我的集群上的错误是由API的不匹配引起的.这是由于我添加了一个新节点.进行一些挖掘之后,我找到了一条命令,该命令可以让我查看集群正在运行的API版本,然后将其引导至更新的版本.
This lead me to look at other issues, such as the API server/gateway, nodes and so forth. It turns out that the the error --on my cluster-- was caused by mismatch API's. This was due to my adding a new node. After doing some digging I found a command that would allow me to see what API version/s my cluster was running and then guide me to an updated version.
我使用"kubeadm升级计划"更新了群集.该命令建议我可以将群集更新到版本10.1.5或10.1.11,但是我需要先更新Kubeadm.我更新了Kubeadm,然后在所有其他节点上更新了我的kube组件.更新节点后,我使用kubeadm init join命令将所有节点添加到新的集群集中. NB在这一点上,我想说的是,我的PODS都没有丢失.
I updated my cluster using 'kubeadm upgrade plan'. The command advised I could update the cluster to version 10.1.5 or 10.1.11, however I would need to updated Kubeadm first. I updated Kubeadm and then updated my kube components on all the other nodes. Once the nodes had been updates, I used the kubeadm init join command to add all the nodes to the new cluster set. NB at this point I would like to say that none of my PODS dropped.
一切都重新加入了集群,现在,我可以通过所有PODS浏览集群中的日志.
Everything had rejoined the cluster and now, I can browse the logs across the cluster through all PODS.
我希望这对正在寻找答案的人有所帮助.
I hope this helps anyone who's looking for an answer.
这篇关于Kubernetes-Net/http:提取日志时的TLS握手超时(BareMetal)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
