博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
Traefik访问master节点不通的问题定位
阅读量:5068 次
发布时间:2019-06-12

本文共 18812 字,大约阅读时间需要 62 分钟。

  • 问题

部署traefik到客户节点的对外访问节点后,发现日志里面报错

类似于

E0122 06:56:04.774977 1 reflector.go:199] k8s.io/dns/vendor/k8s.io/client-go/tools/cache/reflector.go:94: Failed to list *v1.Endpoints: Get https://172.254.0.1:6443/api/v1/endpoints?resourceVersion=0: dial tcp 172.254.0.1:6443: i/o timeout I0122 06:56:04.775358 1 dns.go:174] Waiting for services and endpoints to be ...

172.254.0.1是指向Kubernetes master的地址,跑到出错节点上运行

curl https://172.254.0.1:6443/api/v1/endpoints?resourceVersion=0

发现确实是连接超时,排除证书或者rbac的权限问题后。

 

  • tcpdump分析

发现之前,启动master节点apiserver, advertiese-address都是指到自己的地址,而非vip,修改成vip后重新启动问题依旧

登录节点,通过tcpdump进行分析

tcpdump -i eth0 -nn host master-viptcpdump -i eth0 -nn host master1tcpdump -i eth0 -nn host master2tcpdump -i eth0 -nn host master3

发现不断有请求往master1上发报文,而没有返回,确定是这个问题导致。

查看iptables的报文转发规则,果然发现有些规则

iptables -S -t nat | grep master1-ip

清空iptable也又重新加回去了

  • etcd数据

登录etcd server,

export ETCDCTL_API=3etcdctl --cert=/etc/etcd/ssl/etcd.pem --cacert=/etc/etcd/ssl/ca.pem --key=/etc/etcd/ssl/etcd-key.pem get /registry/services/endpoints/default/kubernetes

终于发现里面写了三条master和vip的记录

del删除后,apiserver立刻只把advertise-address也就是vip重新写入。

traefik应用恢复正常。

 

查看etcd内容指南

https://yq.aliyun.com/articles/561888

使用环境变量定义api版本
export ETCDCTL_API=3
etcd有目录结构类似linux文件系统,获取所有key看一看:
etcdctl get / --prefix --keys-only

一看就可以大概理解kubenetes的数据结构了,查询命名空间下所有部署的数据:
etcdctl get /registry/deployments/default --prefix --keys-only

把想删除的删掉,列如:
etcdctl del /registry/deployments/default/elevated-dragonfly-spinn-front50
删除deployments,pods这可以了,稍微减少一些资源,让kube-apiserver可以正常工作即可,其它资源还可以使用kubectl工具删除
删掉些资源后退出etcd把kube-apiserver的编排文件放回/etc/kubernetes/manifests目录,服务会再次启动,然后再清理重新部署。

 

k8s 1.9.3放在etcd里的根数据结构如下:
 

etcdctl get / --prefix --keys-only

/registry/apiregistration.k8s.io/apiservices/v1.

/registry/apiregistration.k8s.io/apiservices/v1.apps

/registry/apiregistration.k8s.io/apiservices/v1.authentication.k8s.io

/registry/apiregistration.k8s.io/apiservices/v1.authorization.k8s.io

/registry/apiregistration.k8s.io/apiservices/v1.autoscaling

/registry/apiregistration.k8s.io/apiservices/v1.batch

/registry/apiregistration.k8s.io/apiservices/v1.networking.k8s.io

/registry/apiregistration.k8s.io/apiservices/v1.rbac.authorization.k8s.io

/registry/apiregistration.k8s.io/apiservices/v1.storage.k8s.io

/registry/apiregistration.k8s.io/apiservices/v1beta1.admissionregistration.k8s.io

/registry/apiregistration.k8s.io/apiservices/v1beta1.apiextensions.k8s.io

/registry/apiregistration.k8s.io/apiservices/v1beta1.apps

/registry/apiregistration.k8s.io/apiservices/v1beta1.authentication.k8s.io

/registry/apiregistration.k8s.io/apiservices/v1beta1.authorization.k8s.io

/registry/apiregistration.k8s.io/apiservices/v1beta1.batch

/registry/apiregistration.k8s.io/apiservices/v1beta1.certificates.k8s.io

/registry/apiregistration.k8s.io/apiservices/v1beta1.events.k8s.io

/registry/apiregistration.k8s.io/apiservices/v1beta1.extensions

/registry/apiregistration.k8s.io/apiservices/v1beta1.policy

/registry/apiregistration.k8s.io/apiservices/v1beta1.rbac.authorization.k8s.io

/registry/apiregistration.k8s.io/apiservices/v1beta1.storage.k8s.io

/registry/apiregistration.k8s.io/apiservices/v1beta2.apps

/registry/apiregistration.k8s.io/apiservices/v2beta1.autoscaling

/registry/certificatesigningrequests/node-csr-NMpLG7rhBYiuAyRD739h79x2qhbhWn-UtLPFwJWJU1Y

/registry/certificatesigningrequests/node-csr-v96LRHUfeRD3iAZgHdUYxDaT1kkHvIilDnLZy2GPSew

/registry/clusterrolebindings/cluster-admin

/registry/clusterrolebindings/flannel

/registry/clusterrolebindings/heapster

/registry/clusterrolebindings/kubeadm:kubelet-bootstrap

/registry/clusterrolebindings/kubeadm:node-autoapprove-bootstrap

/registry/clusterrolebindings/kubeadm:node-autoapprove-certificate-rotation

/registry/clusterrolebindings/kubeadm:node-proxier

/registry/clusterrolebindings/kubernetes-dashboard

/registry/clusterrolebindings/system:aws-cloud-provider

/registry/clusterrolebindings/system:basic-user

/registry/clusterrolebindings/system:controller:attachdetach-controller

/registry/clusterrolebindings/system:controller:certificate-controller

/registry/clusterrolebindings/system:controller:clusterrole-aggregation-controller

/registry/clusterrolebindings/system:controller:cronjob-controller

/registry/clusterrolebindings/system:controller:daemon-set-controller

/registry/clusterrolebindings/system:controller:deployment-controller

/registry/clusterrolebindings/system:controller:disruption-controller

/registry/clusterrolebindings/system:controller:endpoint-controller

/registry/clusterrolebindings/system:controller:generic-garbage-collector

/registry/clusterrolebindings/system:controller:horizontal-pod-autoscaler

/registry/clusterrolebindings/system:controller:job-controller

/registry/clusterrolebindings/system:controller:namespace-controller

/registry/clusterrolebindings/system:controller:node-controller

/registry/clusterrolebindings/system:controller:persistent-volume-binder

/registry/clusterrolebindings/system:controller:pod-garbage-collector

/registry/clusterrolebindings/system:controller:replicaset-controller

/registry/clusterrolebindings/system:controller:replication-controller

/registry/clusterrolebindings/system:controller:resourcequota-controller

/registry/clusterrolebindings/system:controller:route-controller

/registry/clusterrolebindings/system:controller:service-account-controller

/registry/clusterrolebindings/system:controller:service-controller

/registry/clusterrolebindings/system:controller:statefulset-controller

/registry/clusterrolebindings/system:controller:ttl-controller

/registry/clusterrolebindings/system:coredns

/registry/clusterrolebindings/system:discovery

/registry/clusterrolebindings/system:kube-controller-manager

/registry/clusterrolebindings/system:kube-dns

/registry/clusterrolebindings/system:kube-scheduler

/registry/clusterrolebindings/system:node

/registry/clusterrolebindings/system:node-proxier

/registry/clusterroles/admin

/registry/clusterroles/cluster-admin

/registry/clusterroles/edit

/registry/clusterroles/flannel

/registry/clusterroles/system:aggregate-to-admin

/registry/clusterroles/system:aggregate-to-edit

/registry/clusterroles/system:aggregate-to-view

/registry/clusterroles/system:auth-delegator

/registry/clusterroles/system:aws-cloud-provider

/registry/clusterroles/system:basic-user

/registry/clusterroles/system:certificates.k8s.io:certificatesigningrequests:nodeclient

/registry/clusterroles/system:certificates.k8s.io:certificatesigningrequests:selfnodeclient

/registry/clusterroles/system:controller:attachdetach-controller

/registry/clusterroles/system:controller:certificate-controller

/registry/clusterroles/system:controller:clusterrole-aggregation-controller

/registry/clusterroles/system:controller:cronjob-controller

/registry/clusterroles/system:controller:daemon-set-controller

/registry/clusterroles/system:controller:deployment-controller

/registry/clusterroles/system:controller:disruption-controller

/registry/clusterroles/system:controller:endpoint-controller

/registry/clusterroles/system:controller:generic-garbage-collector

/registry/clusterroles/system:controller:horizontal-pod-autoscaler

/registry/clusterroles/system:controller:job-controller

/registry/clusterroles/system:controller:namespace-controller

/registry/clusterroles/system:controller:node-controller

/registry/clusterroles/system:controller:persistent-volume-binder

/registry/clusterroles/system:controller:pod-garbage-collector

/registry/clusterroles/system:controller:replicaset-controller

/registry/clusterroles/system:controller:replication-controller

/registry/clusterroles/system:controller:resourcequota-controller

/registry/clusterroles/system:controller:route-controller

/registry/clusterroles/system:controller:service-account-controller

/registry/clusterroles/system:controller:service-controller

/registry/clusterroles/system:controller:statefulset-controller

/registry/clusterroles/system:controller:ttl-controller

/registry/clusterroles/system:coredns

/registry/clusterroles/system:discovery

/registry/clusterroles/system:heapster

/registry/clusterroles/system:kube-aggregator

/registry/clusterroles/system:kube-controller-manager

/registry/clusterroles/system:kube-dns

/registry/clusterroles/system:kube-scheduler

/registry/clusterroles/system:node

/registry/clusterroles/system:node-bootstrapper

/registry/clusterroles/system:node-problem-detector

/registry/clusterroles/system:node-proxier

/registry/clusterroles/system:persistent-volume-provisioner

/registry/clusterroles/view

/registry/configmaps/kube-public/cluster-info

/registry/configmaps/kube-system/coredns

/registry/configmaps/kube-system/extension-apiserver-authentication

/registry/configmaps/kube-system/kube-flannel-cfg

/registry/configmaps/kube-system/kube-proxy

/registry/configmaps/kube-system/kubeadm-config

/registry/configmaps/kube-system/kubernetes-dashboard-settings

/registry/controllerrevisions/kube-system/kube-flannel-ds-dd8484577

/registry/controllerrevisions/kube-system/kube-proxy-95cfb667c

/registry/cronjobs/default/hello

/registry/daemonsets/kube-system/kube-flannel-ds

/registry/daemonsets/kube-system/kube-proxy

/registry/deployments/default/flower

/registry/deployments/default/pc-saveapi

/registry/deployments/default/pxxxm-django

/registry/deployments/default/pxxxm-redis

/registry/deployments/default/pxxxm-tengine-proxy

/registry/deployments/default/pxxxm-tengine-static

/registry/deployments/default/pxxxmlogapi-nj

/registry/deployments/kube-system/coredns

/registry/deployments/kube-system/heapster

/registry/deployments/kube-system/kubernetes-dashboard

/registry/deployments/kube-system/monitoring-grafana

/registry/deployments/kube-system/monitoring-influxdb

/registry/events/default/flower-554b58b968-n48sj.151de36ccc190d41

/registry/events/default/flower-554b58b968-n48sj.151de36e0d128ca9

/registry/events/default/hello.151e1bcd521ee391

/registry/jobs/default/hello-1521622920

/registry/jobs/default/hello-1521622980

/registry/jobs/default/hello-1521623040

/registry/minions/cnsz131381

/registry/minions/cnsz131382

/registry/minions/cnsz131383

/registry/namespaces/default

/registry/namespaces/kube-public

/registry/namespaces/kube-system

/registry/pods/default/flower-554b58b968-n48sj

/registry/pods/default/hello-1521622920-5z4bl

/registry/pods/default/hello-1521622980-4qcrd

/registry/pods/default/hello-1521623040-szf4f

/registry/pods/default/pc-saveapi-58cf87b4f5-5x2d8

/registry/pods/default/pxxxm-django-8466f46d84-4mjtf

/registry/pods/default/pxxxm-django-8466f46d84-pnqzp

/registry/pods/default/pxxxm-django-8466f46d84-x5d8z

/registry/pods/default/pxxxm-redis-767c5d5966-l88qj

/registry/pods/default/pxxxm-tengine-proxy-75d874d898-8275h

/registry/pods/default/pxxxm-tengine-static-7d7bb5d5b6-7568z

/registry/pods/default/pxxxmlogapi-nj-687cc89b96-ps4np

/registry/pods/kube-system/coredns-65dcdb4cf-hgmdv

/registry/pods/kube-system/etcd-cnsz131383

/registry/pods/kube-system/heapster-5996df699d-d8798

/registry/pods/kube-system/kube-apiserver-cnsz131383

/registry/pods/kube-system/kube-controller-manager-cnsz131383

/registry/pods/kube-system/kube-flannel-ds-gr8jp

/registry/pods/kube-system/kube-flannel-ds-p4tpq

/registry/pods/kube-system/kube-flannel-ds-z7s96

/registry/pods/kube-system/kube-proxy-cgjhk

/registry/pods/kube-system/kube-proxy-f7snz

/registry/pods/kube-system/kube-proxy-l98gl

/registry/pods/kube-system/kube-scheduler-cnsz131383

/registry/pods/kube-system/kubernetes-dashboard-5bd6f767c7-vr6sg

/registry/pods/kube-system/monitoring-grafana-6bf544559d-cd6d4

/registry/pods/kube-system/monitoring-influxdb-865d95895b-n9sls

/registry/ranges/serviceips

/registry/ranges/servicenodeports

/registry/replicasets/default/flower-554b58b968

/registry/replicasets/default/pc-saveapi-58cf87b4f5

/registry/replicasets/default/pxxxm-django-8466f46d84

/registry/replicasets/default/pxxxm-redis-767c5d5966

/registry/replicasets/default/pxxxm-tengine-proxy-75d874d898

/registry/replicasets/default/pxxxm-tengine-static-7d7bb5d5b6

/registry/replicasets/default/pxxxmlogapi-nj-687cc89b96

/registry/replicasets/kube-system/coredns-65dcdb4cf

/registry/replicasets/kube-system/heapster-5996df699d

/registry/replicasets/kube-system/kubernetes-dashboard-5bd6f767c7

/registry/replicasets/kube-system/monitoring-grafana-6bf544559d

/registry/replicasets/kube-system/monitoring-influxdb-865d95895b

/registry/rolebindings/kube-public/kubeadm:bootstrap-signer-clusterinfo

/registry/rolebindings/kube-public/system:controller:bootstrap-signer

/registry/rolebindings/kube-system/kubernetes-dashboard-minimal

/registry/rolebindings/kube-system/system::leader-locking-kube-controller-manager

/registry/rolebindings/kube-system/system::leader-locking-kube-scheduler

/registry/rolebindings/kube-system/system:controller:bootstrap-signer

/registry/rolebindings/kube-system/system:controller:cloud-provider

/registry/rolebindings/kube-system/system:controller:token-cleaner

/registry/roles/kube-public/kubeadm:bootstrap-signer-clusterinfo

/registry/roles/kube-public/system:controller:bootstrap-signer

/registry/roles/kube-system/extension-apiserver-authentication-reader

/registry/roles/kube-system/kubernetes-dashboard-minimal

/registry/roles/kube-system/system::leader-locking-kube-controller-manager

/registry/roles/kube-system/system::leader-locking-kube-scheduler

/registry/roles/kube-system/system:controller:bootstrap-signer

/registry/roles/kube-system/system:controller:cloud-provider

/registry/roles/kube-system/system:controller:token-cleaner

/registry/secrets/default/default-token-hfj82

/registry/secrets/kube-public/default-token-wpbfs

/registry/secrets/kube-system/attachdetach-controller-token-7jsks

/registry/secrets/kube-system/bootstrap-signer-token-xs87g

/registry/secrets/kube-system/certificate-controller-token-x4swr

/registry/secrets/kube-system/clusterrole-aggregation-controller-token-z7w85

/registry/secrets/kube-system/coredns-token-tbbbw

/registry/secrets/kube-system/cronjob-controller-token-p44bn

/registry/secrets/kube-system/daemon-set-controller-token-4klc2

/registry/secrets/kube-system/default-token-g9lcp

/registry/secrets/kube-system/deployment-controller-token-gfcdt

/registry/secrets/kube-system/disruption-controller-token-vs4dz

/registry/secrets/kube-system/endpoint-controller-token-92kn2

/registry/secrets/kube-system/flannel-token-wvgjq

/registry/secrets/kube-system/generic-garbage-collector-token-pcpnq

/registry/secrets/kube-system/heapster-token-6szhz

/registry/secrets/kube-system/horizontal-pod-autoscaler-token-xqcl5

/registry/secrets/kube-system/job-controller-token-422zr

/registry/secrets/kube-system/kube-proxy-token-k5rfq

/registry/secrets/kube-system/kubernetes-dashboard-certs

/registry/secrets/kube-system/kubernetes-dashboard-key-holder

/registry/secrets/kube-system/kubernetes-dashboard-token-kpkw7

/registry/secrets/kube-system/namespace-controller-token-r57ss

/registry/secrets/kube-system/node-controller-token-5f7sm

/registry/secrets/kube-system/persistent-volume-binder-token-7rnt2

/registry/secrets/kube-system/pod-garbage-collector-token-2txwf

/registry/secrets/kube-system/replicaset-controller-token-zh9xq

/registry/secrets/kube-system/replication-controller-token-q69jz

/registry/secrets/kube-system/resourcequota-controller-token-92hn4

/registry/secrets/kube-system/service-account-controller-token-vvw5d

/registry/secrets/kube-system/service-controller-token-lslnf

/registry/secrets/kube-system/statefulset-controller-token-wdqjt

/registry/secrets/kube-system/token-cleaner-token-9zzpv

/registry/secrets/kube-system/ttl-controller-token-tc7pl

/registry/serviceaccounts/default/default

/registry/serviceaccounts/kube-public/default

/registry/serviceaccounts/kube-system/attachdetach-controller

/registry/serviceaccounts/kube-system/bootstrap-signer

/registry/serviceaccounts/kube-system/certificate-controller

/registry/serviceaccounts/kube-system/clusterrole-aggregation-controller

/registry/serviceaccounts/kube-system/coredns

/registry/serviceaccounts/kube-system/cronjob-controller

/registry/serviceaccounts/kube-system/daemon-set-controller

/registry/serviceaccounts/kube-system/default

/registry/serviceaccounts/kube-system/deployment-controller

/registry/serviceaccounts/kube-system/disruption-controller

/registry/serviceaccounts/kube-system/endpoint-controller

/registry/serviceaccounts/kube-system/flannel

/registry/serviceaccounts/kube-system/generic-garbage-collector

/registry/serviceaccounts/kube-system/heapster

/registry/serviceaccounts/kube-system/horizontal-pod-autoscaler

/registry/serviceaccounts/kube-system/job-controller

/registry/serviceaccounts/kube-system/kube-proxy

/registry/serviceaccounts/kube-system/kubernetes-dashboard

/registry/serviceaccounts/kube-system/namespace-controller

/registry/serviceaccounts/kube-system/node-controller

/registry/serviceaccounts/kube-system/persistent-volume-binder

/registry/serviceaccounts/kube-system/pod-garbage-collector

/registry/serviceaccounts/kube-system/replicaset-controller

/registry/serviceaccounts/kube-system/replication-controller

/registry/serviceaccounts/kube-system/resourcequota-controller

/registry/serviceaccounts/kube-system/service-account-controller

/registry/serviceaccounts/kube-system/service-controller

/registry/serviceaccounts/kube-system/statefulset-controller

/registry/serviceaccounts/kube-system/token-cleaner

/registry/serviceaccounts/kube-system/ttl-controller

/registry/services/endpoints/default/flower

/registry/services/endpoints/default/kubernetes

/registry/services/endpoints/default/pc-saveapi

/registry/services/endpoints/default/pxxxm-django

/registry/services/endpoints/default/pxxxm-redis

/registry/services/endpoints/default/pxxxm-tengine-proxy

/registry/services/endpoints/default/pxxxm-tengine-static

/registry/services/endpoints/default/pxxxmlogapi-nj

/registry/services/endpoints/kube-system/heapster

/registry/services/endpoints/kube-system/kube-controller-manager

/registry/services/endpoints/kube-system/kube-dns

/registry/services/endpoints/kube-system/kube-scheduler

/registry/services/endpoints/kube-system/kubernetes-dashboard

/registry/services/endpoints/kube-system/monitoring-grafana

/registry/services/endpoints/kube-system/monitoring-influxdb

/registry/services/specs/default/flower

/registry/services/specs/default/kubernetes

/registry/services/specs/default/pc-saveapi

/registry/services/specs/default/pxxxm-django

/registry/services/specs/default/pxxxm-redis

/registry/services/specs/default/pxxxm-tengine-proxy

/registry/services/specs/default/pxxxm-tengine-static

/registry/services/specs/default/pxxxmlogapi-nj

/registry/services/specs/kube-system/heapster

/registry/services/specs/kube-system/kube-dns

/registry/services/specs/kube-system/kubernetes-dashboard

/registry/services/specs/kube-system/monitoring-grafana

/registry/services/specs/kube-system/monitoring-influxdb

 

转载于:https://www.cnblogs.com/ericnie/p/8778082.html

你可能感兴趣的文章
Python内置函数(29)——help
查看>>
oracle导出/导入 expdp/impdp
查看>>
Objective - C基础: 第四天 - 10.SEL类型的基本认识
查看>>
Android TextView加上阴影效果
查看>>
《梦断代码》读书笔记(三)
查看>>
Java8 Lambda表达应用 -- 单线程游戏server+异步数据库操作
查看>>
[Unity3D]Unity3D游戏开发MatchTarget的作用攀登效果实现
查看>>
AngularJS学习篇(一)
查看>>
关于Xshell无法连接centos6.4的问题
查看>>
css3动画——基本准则
查看>>
输入月份和日期,得出是今年第几天
查看>>
pig自定义UDF
查看>>
spring security 11种过滤器介绍
查看>>
代码实现导航栏分割线
查看>>
大数据学习系列(8)-- WordCount+Block+Split+Shuffle+Map+Reduce技术详解
查看>>
【AS3代码】播放FLV视频流的三步骤!
查看>>
枚举的使用
查看>>
luogu4849 寻找宝藏 (cdq分治+dp)
查看>>
日志框架--(一)基础篇
查看>>
关于源程序到可运行程序的过程
查看>>