当前没有打开的SSH隧道.目标是否能够接受ssh键供使用 [英] No SSH tunnels currently open. Were the targets able to accept an ssh-key for use

问题描述

我在GCP上创建了一个kubernetes集群，其中的vm实例具有ubuntu映像.我已经部署了一个postgres有状态集，但是当我尝试查看pod的日志时，最终看到以下内容.

I created a kubernetes cluster on GCP with the vm instance having ubuntu images. I have deployed a postgres stateful set but when I try to check the logs of the pod I end up seeing the following.

kubectl logs pgset-1
Error from server: Get https://10.140.0.5:10250/containerLogs/default/pgset-1/pgset: No SSH tunnels currently open. Were the targets able to accept an ssh-key for user "gke-2bdc75f7d50bd7720226"?


kubectl get pods
NAME                                                             READY     STATUS    RESTARTS   AGE
maya-apiserver-5b48756968-95887                                  1/1       Running   0          1h
openebs-provisioner-7b59878f76-9w5z8                             1/1       Running   0          1h
pgset-0                                                          1/1       Running   0          12m
pgset-1                                                          1/1       Running   0          10m
pvc-8174e1f6-332f-11e8-85cd-42010af001b0-ctrl-fb5767469-jmjb2    2/2       Running   0          12m
pvc-8174e1f6-332f-11e8-85cd-42010af001b0-rep-8fd886589-tkvdq     1/1       Running   0          12m
pvc-8174e1f6-332f-11e8-85cd-42010af001b0-rep-8fd886589-wzr25     1/1       Running   0          12m
pvc-8174e1f6-332f-11e8-85cd-42010af001b0-rep-8fd886589-xvvfk     1/1       Running   0          12m
pvc-c34d6531-332f-11e8-85cd-42010af001b0-ctrl-6dd8948cbd-lz7dj   2/2       Running   0          10m
pvc-c34d6531-332f-11e8-85cd-42010af001b0-rep-64bdd45fc7-7fpnv    1/1       Running   0          10m
pvc-c34d6531-332f-11e8-85cd-42010af001b0-rep-64bdd45fc7-cf6w9    1/1       Running   0          10m
pvc-c34d6531-332f-11e8-85cd-42010af001b0-rep-64bdd45fc7-pg7bz    1/1       Running   0          10m



kubectl exec -it pgset-0 bash
Error from server: error dialing backend: No SSH tunnels currently open. Were the targets able to accept an ssh-key for user "gke-2bdc75f7d50bd7720226"?

这里可能是什么问题.我在做什么错了.

What could possibly be the issue here. What am I doing wrong.

推荐答案

这可能是因为您的项目中没有防火墙规则，允许从主节点到节点的ssh通信.还是错的.这就是我要做的:

It could be because there is no firewall rule in your project to allow ssh traffic from the master to the nodes. Or it is wrong. This is what I would do:

1. 运行kubectl cluster-info并记下主IP地址.
2. 检查您的防火墙规则，是否存在规则gke-YOUR_CLUSTER_NAME-NUMBER-ssh.
3. 如果存在，请检查规则是否合理(匹配您的主IP等) 如果不存在或不匹配，则创建具有以下特征的一个:
   • 目标标签:复制并粘贴节点网络标签".应该类似于gke-YOUR_CLUSTER_NAME-NUMBER节点.
   • 类型:入口
   • 源IP范围:MASTER_IP/32
   • 优先级:1000
   • 协议和端口:tcp:22

1. run kubectl cluster-info and take note of the master IP address.
2. Check in your firewall rules, if there is a rule gke-YOUR_CLUSTER_NAME-NUMBER-ssh.
3. If there is, check if the rule makes sense (matches your Master IP, etc.) If it there is not, or it doesn't match, create one with following characteristics:
   • Target tags: copy and paste your nodes "Network Tag". Should be something similar to gke-YOUR_CLUSTER_NAME-NUMBER-node.
   • Type: Ingress
   • Source IP ranges: MASTER_IP/32
   • Priority: 1000
   • Protocols and ports: tcp:22

希望它能起作用

这篇关于当前没有打开的SSH隧道.目标是否能够接受ssh键供使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！