gpt4 book ai didi

kubernetes - 在 AWS ec2 中从 master 创建的 3 节点集群上的 Pod 无法访问(超时)

转载 作者:行者123 更新时间:2023-12-04 19:40:02 25 4
gpt4 key购买 nike

我在 AWS ec2(Centos 8 ami)中有 3 个节点集群。
当我尝试从 master 访问在工作节点上安排的 pod 时:

kubectl exec -it kube-flannel-ds-amd64-lfzpd -n kube-system /bin/bash
Error from server: error dialing backend: dial tcp 10.41.12.53:10250: i/o timeout
kubectl get pods --all-namespaces -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system coredns-54ff9cd656-8mpbx 1/1 Running 2 7d21h 10.244.0.7 master <none> <none>
kube-system coredns-54ff9cd656-xcxvs 1/1 Running 2 7d21h 10.244.0.6 master <none> <none>
kube-system etcd-master 1/1 Running 2 7d21h 10.41.14.198 master <none> <none>
kube-system kube-apiserver-master 1/1 Running 2 7d21h 10.41.14.198 master <none> <none>
kube-system kube-controller-manager-master 1/1 Running 2 7d21h 10.41.14.198 master <none> <none>
kube-system kube-flannel-ds-amd64-8zgpw 1/1 Running 2 7d21h 10.41.14.198 master <none> <none>
kube-system kube-flannel-ds-amd64-lfzpd 1/1 Running 2 7d21h 10.41.12.53 worker1 <none> <none>
kube-system kube-flannel-ds-amd64-nhw5j 1/1 Running 2 7d21h 10.41.15.9 worker3 <none> <none>
kube-system kube-flannel-ds-amd64-s6nms 1/1 Running 2 7d21h 10.41.15.188 worker2 <none> <none>
kube-system kube-proxy-47s8k 1/1 Running 2 7d21h 10.41.15.9 worker3 <none> <none>
kube-system kube-proxy-6lbvq 1/1 Running 2 7d21h 10.41.15.188 worker2 <none> <none>
kube-system kube-proxy-vhmfp 1/1 Running 2 7d21h 10.41.14.198 master <none> <none>
kube-system kube-proxy-xwsnk 1/1 Running 2 7d21h 10.41.12.53 worker1 <none> <none>
kube-system kube-scheduler-master 1/1 Running 2 7d21h 10.41.14.198 master <none> <none>
kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 7d21h v1.13.10
worker1 Ready <none> 7d21h v1.13.10
worker2 Ready <none> 7d21h v1.13.10
worker3 Ready <none> 7d21h v1.13.10
我在所有节点中尝试了以下步骤,但到目前为止没有运气:
  • iptables -w -P FORWARD ACCEPT在所有节点上
  • 开启伪装
  • 开启端口 10250/tcp
  • 打开端口 8472/udp
  • 启动 kubelet

  • 任何指针都会有所帮助。

    最佳答案

    Flannel 不支持 NFT,并且由于您使用的是 CentOS 8,因此您不能回退到 iptables。
    在这种情况下,您最好的选择是切换到 Calico .
    您必须使用以下命令更新 Calico DaemonSet:

    ....
    Environment:
    FELIX_IPTABLESBACKEND: NFT
    ....
    或使用版本 3.12或更新,因为它添加
    iptables 后端的自动检测

    Previous versions of Calico required you to specify the host’s iptables backend (one of NFT or Legacy). With this release, Calico can now autodetect the iptables variant on the host by setting the Felix configuration parameter IptablesBackend to Auto. This is useful in scenarios where you don’t know what the iptables backend might be such as in mixed deployments. For more information, see the documentation for iptables dataplane configuration


    或者切换到 Ubuntu 20.04。 Ubuntu 还没有使用 nftables。

    关于kubernetes - 在 AWS ec2 中从 master 创建的 3 节点集群上的 Pod 无法访问(超时),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/67483020/

    25 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com