k8s flannel 網路問題 dial tcp 10.0.0.1:443: i/o timeout
k8s一路安裝到flannel網路時卡主了我不少時間,檢視大量資料無法解決問題,始終報錯,flanel容器不斷重啟,CrashLoopBackoff,截圖如下:
容器截圖如下:
Failed to create SubnetManager: error retrieving pod spec for 'kube-system/kube-flannel-ds-amd64-jlc9f': Get https://10.0.0.1:443/api/v1/namespaces/kube-system/pods/kube-flannel-ds-amd64-jlc9f: dial tcp 10.0.0.1:443: i/o timeout
解決辦法:
ETCD檢視已經建立的網路資源:
#/opt/apps/etcd/etcdctl ls /coreos.com/network/subnets/
/coreos.com/network/subnets/172.7.76.0-24
# /opt/apps/etcd/etcdctl get /coreos.com/network/config
{"Network": "172.7.0.0/16", "Backend": {"Type": "host-gw"}}
# /opt/apps/etcd/etcdctl get /coreos.com/network/subnets/172.7.76.0-24
{"PublicIP":"192.168.91.76","BackendType":"host-gw"}
這是在etcd已經註冊建立好的網路資源,比如我的是172.7.76.0/24網段,這裡要符合2大條件,才能進行容器之間宿主機的pod 容器通訊
1. 檢視自己docker容器的IP網段:
#ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.7.76.1 netmask 255.255.255.0 broadcast 172.7.76.255
這裡設定的網路必須設定與宿主機前面檢視的已經建立的網路資源 172.7.76.0/24 在同一網段,然後請新增設定:"bip": "172.7.76.1/24"
# vim /etc/docker/daemon.json
{
"graph": "/data/docker",
"storage-driver": "overlay2",
"insecure-registries": ["harbor.vv.com"],
"registry-mirrors": ["https://registry.docker-cn.com"],
"bip": "172.7.76.1/24",
"exec-opts": ["native.cgroupdriver=systemd"],
"live-restore": true
}
2. 檢視k8s cluster-cidr是否是上面查出來的172.7.0.016,大多數是10.244.0.0/16,通常在kube-contrellor-manger配置檔案中有寫
cat opt/kubernetes/cfg/kube-controller-manager.conf KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \ --v=2 \ --log-dir=/opt/kubernetes/logs \ --leader-elect=true \ --master=127.0.0.1:8080 \ --bind-address=127.0.0.1 \ --allocate-node-cidrs=true \ --cluster-cidr=172.7.0.0/16 \ --service-cluster-ip-range=192.168.0.0/24 \ --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \ --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \ --root-ca-file=/opt/kubernetes/ssl/ca.pem \ --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \ --experimental-cluster-signing-duration=87600h0m0s"
踩了好多天坑,今天終於解決了,特此記錄