CoreDNS 从未在我的 RPi Kubernetes 集群上启动
CoreDNS never starts on my RPi Kubernetes cluster
我一直在尝试在 old guide. I did this once before, successfully. But after a move and some other changes, I decided to recreate the cluster with fresh installs of Raspberry Pi OS and the latest version of kubeadm (1.19), etc. The one exception is that I'm using Weave 2.6.5 instead of latest per this comment 之后为 运行 Kubernetes 设置一个 4 Raspberry Pi 4s 的集群,因为最新版本的 Weave 似乎不起作用在 Pis 上 - 我自己证实了这一点。
不幸的是,在 b运行d 次全新安装所有内容之后,CoreDNS pods 似乎永远不会出现。 Weave.net 上线成功。但是 CoreDNS 永远不会。这是我的列表 运行ning pods:
$ k get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-f9fd979d6-6jlq7 0/1 Running 0 6m4s
coredns-f9fd979d6-qqnzw 0/1 Running 0 6m5s
etcd-k8s-master-1 1/1 Running 0 24m
kube-apiserver-k8s-master-1 1/1 Running 0 24m
kube-controller-manager-k8s-master-1 1/1 Running 2 24m
kube-proxy-dq62m 1/1 Running 0 24m
kube-scheduler-k8s-master-1 1/1 Running 2 24m
weave-net-qb7t7 2/2 Running 0 17m
kube-controller-manager 和 kube-scheduler 定期重启也有点奇怪,但我想知道这是否与 DNS 从未出现的事实无关?无论如何,以下是 DNS 容器的 pod 日志示例:
$ k logs -n kube-system pod/coredns-f9fd979d6-6jlq7
.:53
[INFO] plugin/reload: Running configuration MD5 = db32ca3650231d74073ff4cf814959a7
CoreDNS-1.7.0
linux/arm, go1.14.4, f59c03d
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
I1027 17:22:37.977315 1 trace.go:116] Trace[1427131847]: "Reflector ListAndWatch" name:pkg/mod/k8s.io/client-go@v0.18.3/tools/cache/reflector.go:125 (started: 2020-10-27 17:22:07.975379387 +0000 UTC m=+0.092116055) (total time: 30.00156301s):
Trace[1427131847]: [30.00156301s] [30.00156301s] END
I1027 17:22:37.977301 1 trace.go:116] Trace[2019727887]: "Reflector ListAndWatch" name:pkg/mod/k8s.io/client-go@v0.18.3/tools/cache/reflector.go:125 (started: 2020-10-27 17:22:07.976078211 +0000 UTC m=+0.092814546) (total time: 30.000710725s):
Trace[2019727887]: [30.000710725s] [30.000710725s] END
E1027 17:22:37.977433 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.3/tools/cache/reflector.go:125: Failed to list *v1.Namespace: Get "https://10.96.0.1:443/api/v1/namespaces?limit=500&resourceVersion=0": dial tcp 10.96.0.1:443: i/o timeout
E1027 17:22:37.977471 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.3/tools/cache/reflector.go:125: Failed to list *v1.Service: Get "https://10.96.0.1:443/api/v1/services?limit=500&resourceVersion=0": dial tcp 10.96.0.1:443: i/o timeout
I1027 17:22:37.978491 1 trace.go:116] Trace[911902081]: "Reflector ListAndWatch" name:pkg/mod/k8s.io/client-go@v0.18.3/tools/cache/reflector.go:125 (started: 2020-10-27 17:22:07.97561805 +0000 UTC m=+0.092354423) (total time: 30.002742659s):
Trace[911902081]: [30.002742659s] [30.002742659s] END
E1027 17:22:37.978535 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.3/tools/cache/reflector.go:125: Failed to list *v1.Endpoints: Get "https://10.96.0.1:443/api/v1/endpoints?limit=500&resourceVersion=0": dial tcp 10.96.0.1:443: i/o timeout
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
作为应用程序开发人员,我使用过 Kubernetes 并且非常喜欢它。但我必须承认,当我进入它正在做的事情的坚韧起落架时(阅读:当它不起作用时),我发现自己迷路了。我的 Pi 的本地 IP 是 192.168.1.194。实际上所有本地IP都在192.168.x.x 运行ge中。那么为什么它看起来像是在尝试访问 10.96.0.1,然后出现 I/O 超时?那是正常的吗?这只是 Docker 网络内部结构的一部分,比如映射到 Docker 系统的假 IP 之类的吗?
更重要的是,我需要做什么才能使 DNS 正常工作?当然,我可以从控制台 curl 一切正常,所以 DNS 在 Pi 上工作。在设置的早些时候,我还 运行 以下命令:
sudo iptables -P FORWARD ACCEPT
sudo ufw allow 8080
sudo ufw allow 16443
sudo ufw allow ssh
sudo ufw default allow routed
sudo ufw enable
根据我的经验,这几个命令是“取消阻止”DNS 工作所需的全部,但不幸的是,这一次似乎还不够,因为 CoreDNS 容器从未完全准备好.
我很乐意提供任何可能有用的额外日志消息。
我想通了...我是个傻瓜。我已经允许端口 16443 通过防火墙 (ufw),但我应该允许 6443。打开该端口可以解决所有问题。
我一直在尝试在 old guide. I did this once before, successfully. But after a move and some other changes, I decided to recreate the cluster with fresh installs of Raspberry Pi OS and the latest version of kubeadm (1.19), etc. The one exception is that I'm using Weave 2.6.5 instead of latest per this comment 之后为 运行 Kubernetes 设置一个 4 Raspberry Pi 4s 的集群,因为最新版本的 Weave 似乎不起作用在 Pis 上 - 我自己证实了这一点。
不幸的是,在 b运行d 次全新安装所有内容之后,CoreDNS pods 似乎永远不会出现。 Weave.net 上线成功。但是 CoreDNS 永远不会。这是我的列表 运行ning pods:
$ k get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-f9fd979d6-6jlq7 0/1 Running 0 6m4s
coredns-f9fd979d6-qqnzw 0/1 Running 0 6m5s
etcd-k8s-master-1 1/1 Running 0 24m
kube-apiserver-k8s-master-1 1/1 Running 0 24m
kube-controller-manager-k8s-master-1 1/1 Running 2 24m
kube-proxy-dq62m 1/1 Running 0 24m
kube-scheduler-k8s-master-1 1/1 Running 2 24m
weave-net-qb7t7 2/2 Running 0 17m
kube-controller-manager 和 kube-scheduler 定期重启也有点奇怪,但我想知道这是否与 DNS 从未出现的事实无关?无论如何,以下是 DNS 容器的 pod 日志示例:
$ k logs -n kube-system pod/coredns-f9fd979d6-6jlq7
.:53
[INFO] plugin/reload: Running configuration MD5 = db32ca3650231d74073ff4cf814959a7
CoreDNS-1.7.0
linux/arm, go1.14.4, f59c03d
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
I1027 17:22:37.977315 1 trace.go:116] Trace[1427131847]: "Reflector ListAndWatch" name:pkg/mod/k8s.io/client-go@v0.18.3/tools/cache/reflector.go:125 (started: 2020-10-27 17:22:07.975379387 +0000 UTC m=+0.092116055) (total time: 30.00156301s):
Trace[1427131847]: [30.00156301s] [30.00156301s] END
I1027 17:22:37.977301 1 trace.go:116] Trace[2019727887]: "Reflector ListAndWatch" name:pkg/mod/k8s.io/client-go@v0.18.3/tools/cache/reflector.go:125 (started: 2020-10-27 17:22:07.976078211 +0000 UTC m=+0.092814546) (total time: 30.000710725s):
Trace[2019727887]: [30.000710725s] [30.000710725s] END
E1027 17:22:37.977433 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.3/tools/cache/reflector.go:125: Failed to list *v1.Namespace: Get "https://10.96.0.1:443/api/v1/namespaces?limit=500&resourceVersion=0": dial tcp 10.96.0.1:443: i/o timeout
E1027 17:22:37.977471 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.3/tools/cache/reflector.go:125: Failed to list *v1.Service: Get "https://10.96.0.1:443/api/v1/services?limit=500&resourceVersion=0": dial tcp 10.96.0.1:443: i/o timeout
I1027 17:22:37.978491 1 trace.go:116] Trace[911902081]: "Reflector ListAndWatch" name:pkg/mod/k8s.io/client-go@v0.18.3/tools/cache/reflector.go:125 (started: 2020-10-27 17:22:07.97561805 +0000 UTC m=+0.092354423) (total time: 30.002742659s):
Trace[911902081]: [30.002742659s] [30.002742659s] END
E1027 17:22:37.978535 1 reflector.go:178] pkg/mod/k8s.io/client-go@v0.18.3/tools/cache/reflector.go:125: Failed to list *v1.Endpoints: Get "https://10.96.0.1:443/api/v1/endpoints?limit=500&resourceVersion=0": dial tcp 10.96.0.1:443: i/o timeout
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
作为应用程序开发人员,我使用过 Kubernetes 并且非常喜欢它。但我必须承认,当我进入它正在做的事情的坚韧起落架时(阅读:当它不起作用时),我发现自己迷路了。我的 Pi 的本地 IP 是 192.168.1.194。实际上所有本地IP都在192.168.x.x 运行ge中。那么为什么它看起来像是在尝试访问 10.96.0.1,然后出现 I/O 超时?那是正常的吗?这只是 Docker 网络内部结构的一部分,比如映射到 Docker 系统的假 IP 之类的吗?
更重要的是,我需要做什么才能使 DNS 正常工作?当然,我可以从控制台 curl 一切正常,所以 DNS 在 Pi 上工作。在设置的早些时候,我还 运行 以下命令:
sudo iptables -P FORWARD ACCEPT
sudo ufw allow 8080
sudo ufw allow 16443
sudo ufw allow ssh
sudo ufw default allow routed
sudo ufw enable
根据我的经验,这几个命令是“取消阻止”DNS 工作所需的全部,但不幸的是,这一次似乎还不够,因为 CoreDNS 容器从未完全准备好.
我很乐意提供任何可能有用的额外日志消息。
我想通了...我是个傻瓜。我已经允许端口 16443 通过防火墙 (ufw),但我应该允许 6443。打开该端口可以解决所有问题。