主页 / unix / 问题

问题[kubernetes](unix)

Martin Hope
Emad Khavaninzadeh
Asked: 2024-12-28 20:33:36 +0800 CST
  • 5

当我运行下面的命令时,我收到错误,退出代码为 1。有人能告诉我为什么会收到此错误以及如何修复它吗?谢谢

kubectl exec etcd-master -- etcdctl member list
{"level":"warn","ts":"2024-12-28T12:28:32.978637Z","logger":"etcd-client","caller":"[email protected]/retry_interceptor.go:63","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc000370000/127.0.0.1:2379","attempt":0,"error":"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \"error reading server preface: EOF\""}
Error: context deadline exceeded
command terminated with exit code 1

我的 etcd 日志也是这样的。我的防火墙已关闭,selinux 也是允许的。我的操作系统是 rocky linux 9.3。

{"level":"warn","ts":"2024-12-28T12:42:13.018454Z","caller":"embed/config_logging.go:170","msg":"rejected connection on client endpoint","remote-addr":"127.0.0.1:52198","server-name":"","error":"tls: first record does not look like a TLS handshake"}
{"level":"warn","ts":"2024-12-28T12:42:14.022364Z","caller":"embed/config_logging.go:170","msg":"rejected connection on client endpoint","remote-addr":"127.0.0.1:52214","server-name":"","error":"tls: first record does not look like a TLS handshake"}
{"level":"warn","ts":"2024-12-28T12:42:15.330400Z","caller":"embed/config_logging.go:170","msg":"rejected connection on client endpoint","remote-addr":"127.0.0.1:52222","server-name":"","error":"tls: first record does not look like a TLS handshake"}
{"level":"warn","ts":"2024-12-28T12:44:21.880909Z","caller":"embed/config_logging.go:170","msg":"rejected connection on client endpoint","remote-addr":"192.168.56.101:42196","server-name":"","error":"tls: first record does not look like a TLS handshake"}
{"level":"warn","ts":"2024-12-28T12:44:22.883450Z","caller":"embed/config_logging.go:170","msg":"rejected connection on client endpoint","remote-addr":"192.168.56.101:42210","server-name":"","error":"tls: first record does not look like a TLS handshake"}
{"level":"warn","ts":"2024-12-28T12:44:24.622810Z","caller":"embed/config_logging.go:170","msg":"rejected connection on client endpoint","remote-addr":"192.168.56.101:42220","server-name":"","error":"tls: first record does not look like a TLS handshake"}
{"level":"warn","ts":"2024-12-28T12:44:26.821834Z","caller":"embed/config_logging.go:170","msg":"rejected connection on client endpoint","remote-addr":"192.168.56.101:42222","server-name":"","error":"tls: first record does not look like a TLS handshake"}
{"level":"info","ts":"2024-12-28T12:46:45.062979Z","caller":"mvcc/index.go:214","msg":"compact tree index","revision":228269}
{"level":"info","ts":"2024-12-28T12:46:45.079467Z","caller":"mvcc/kvstore_compaction.go:69","msg":"finished scheduled compaction","compact-revision":228269,"took":"10.947531ms","hash":4017906930,"current-db-size-bytes":3809280,"current-db-size":"3.8 MB","current-db-size-in-use-bytes":1859584,"current-db-size-in-use":"1.9 MB"}
{"level":"info","ts":"2024-12-28T12:46:45.079800Z","caller":"mvcc/hash.go:137","msg":"storing new hash","hash":4017906930,"revision":228269,"compact-revision":227809}
kubernetes
Martin Hope
Dolphin
Asked: 2024-07-04 23:24:35 +0800 CST
  • 5

在 kubernetes 1.29.x 集群中。首先确保命名空间包含 configmap:

➜  migration kubectl get configmaps -n reddwarf-cache

NAME                           DATA   AGE
cruise-redis-configuration     3      2y334d
cruise-redis-health            6      2y334d
cruise-redis-scripts           2      2y334d
kube-root-ca.crt               1      2y334d
reddwarf-redis-configuration   3      451d
reddwarf-redis-health          6      451d
reddwarf-redis-scripts         2      451d

当我尝试使用此命令获取 kubernets configmap 时:

➜  migration kubectl get configmaps -o yaml -n reddwarf-cache- > reddwarf-cache-configmap.yaml

➜  migration cat reddwarf-cache-configmap.yaml
apiVersion: v1
items: []
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

configmap 为空,我确定我可以访问 configmap,为什么无法从 kubernetes 集群获取 configmap yaml 配置?我也尝试过:

kubectl get cm -o yaml -n reddwarf-cache- > reddwarf-cache-configmap.yaml
kubernetes
Martin Hope
user3553913
Asked: 2020-01-02 22:55:13 +0800 CST
  • 0

我有一个容器化的 unimrcp 服务器,它作为 kubernetes pod 运行。当我进入容器并做ps -ef它的输出是这样的:

[root@unimrcp-0 fd]# ps -ef
UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0 99 13:13 ?        01:07:38 ./unimrcpserver
root        75     1  0 13:13 ?        00:00:00 [arping] <defunct>
root        76     1  0 13:13 ?        00:00:00 [arping] <defunct>
root       154     0  0 13:14 pts/0    00:00:00 /bin/bash
root       209   154  0 14:21 pts/0    00:00:00 ps -ef

另外,如果我这样做cat /proc/[pid]/fd/1,我会看到一些损坏的输出,如下所示:

未知指令:▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒

为什么进程没有附加控制终端。我已禁用 Unimrcp 记录到标准输出。CPU 利用率也为 99%。有人可以帮忙解决这个问题吗?

这是容器的入口点

#!/bin/sh
source /ip-conf.sh; set_control_media_network "UNIMRCP"
CONTROL_IP=$(get_control_ipv4)
MEDIA_IP=$(get_media_ipv4)
LOG_LEVEL=$(echo $LOG_LEVEL | tr -s " " | xargs)
LOG_OUTPUT=$(echo $LOG_OUTPUT | tr -s " " | xargs)
LOG_HEADERS=$(echo $LOG_HEADERS | tr -s " " | xargs)
sed -i 's+<priority>.*</priority>+''<priority>'$LOG_LEVEL'</priority>+g' 
/usr/local/unimrcp/conf/logger.xml
sed -i 's+<output>.*</output>+''<output>'$LOG_OUTPUT'</output>+g' 
/usr/local/unimrcp/conf/logger.xml
sed -i 's+<headers>.*</headers>+''<headers>'$LOG_HEADERS'</headers>+g' 
/usr/local/unimrcp/conf/logger.xml
sed -i 's+<!-- <ip>.*</ip> -->+''<ip>'$CONTROL_IP'</ip>+g' 
/usr/local/unimrcp/conf/unimrcpserver.xml
sed -i 's+<!-- <rtp-ip>.*</rtp-ip> -->+''<rtp-ip>'$MEDIA_IP'</rtp-ip>+g' 
/usr/local/unimrcp/conf/unimrcpserver.xml 
cd /usr/local/unimrcp/bin/
exec ./unimrcpserver

这是 unimrcp 容器内 /proc/1/fd/ 处 ls -l 的输出

total 0
lrwx------ 1 root root 64 Jan  2 12:04 0 -> /dev/null
l-wx------ 1 root root 64 Jan  2 12:04 1 -> pipe:[17601930]
l-wx------ 1 root root 64 Jan  2 12:04 10 -> pipe:[17605635]
lrwx------ 1 root root 64 Jan  2 12:04 11 -> socket:[17605636]
lrwx------ 1 root root 64 Jan  2 12:04 12 -> anon_inode:[eventpoll]
lrwx------ 1 root root 64 Jan  2 12:04 13 -> anon_inode:[eventfd]
lrwx------ 1 root root 64 Jan  2 12:04 14 -> anon_inode:[eventpoll]
lrwx------ 1 root root 64 Jan  2 12:04 15 -> anon_inode:[eventfd]
lrwx------ 1 root root 64 Jan  2 12:04 16 -> anon_inode:[eventpoll]
lrwx------ 1 root root 64 Jan  2 12:04 17 -> socket:[17602110]
lrwx------ 1 root root 64 Jan  2 12:04 18 -> socket:[17602111]
lrwx------ 1 root root 64 Jan  2 12:04 19 -> anon_inode:[eventpoll]
l-wx------ 1 root root 64 Jan  2 12:04 2 -> pipe:[17601931]
lrwx------ 1 root root 64 Jan  2 12:04 20 -> socket:[17603083]
lrwx------ 1 root root 64 Jan  2 12:04 21 -> socket:[17603084]
lr-x------ 1 root root 64 Jan  2 12:04 22 -> /dev/urandom
lrwx------ 1 root root 64 Jan  2 12:04 23 -> socket:[17603087]
lrwx------ 1 root root 64 Jan  2 12:04 24 -> socket:[17603088]
l-wx------ 1 root root 64 Jan  2 12:04 3 -> 
/usr/local/unimrcp/log/unimrcpserver_2020.01.02_12.04.08.988860.log
lrwx------ 1 root root 64 Jan  2 12:04 4 -> anon_inode:[eventpoll]
lr-x------ 1 root root 64 Jan  2 12:04 5 -> pipe:[17605633]
l-wx------ 1 root root 64 Jan  2 12:04 6 -> pipe:[17605633]
lrwx------ 1 root root 64 Jan  2 12:04 7 -> socket:[17605634]
lrwx------ 1 root root 64 Jan  2 12:04 8 -> anon_inode:[eventpoll]
lr-x------ 1 root root 64 Jan  2 12:04 9 -> pipe:[17605635]
linux kubernetes
Martin Hope
PersianGulf
Asked: 2019-12-08 09:54:33 +0800 CST
  • 0

我有以下yaml文件:

---
apiVersion: v1
kind: pod
metadata:
    name: Tesing_for_Image_pull -----------> 1
    spec:
        containers:
        - name: mysql ------------------------> 2
          image: mysql ----------> 3
          imagePullPolicy: Always ------------->4
          command: ["echo", "SUCCESS"]  -------------------> 5

运行后kubectl create -f my_yaml.yaml出现以下错误:

error: error converting YAML to JSON: yaml: line 10: did not find expected key

更新yamllint我收到以下错误:

root@debian:~# yamllint my_yaml.yaml
my_yaml.yaml
  8:9       error    wrong indentation: expected 12 but found 8  (indentation)
  11:41     error    syntax error: expected <block end>, but found '<scalar>'

我的问题在哪里,我该如何解决?

kubernetes yaml
Martin Hope
elp
Asked: 2019-01-08 11:23:16 +0800 CST
  • 0

部署所有 kubernetes 资源port 443,我想打开. 我将它添加到我的白名单表中,但它仍然关闭。我的 80 端口也发生了同样的事情。在刷新所有表后,删除所有 kubernetes 资源并从头开始设置防火墙(包括白名单port 80,然后再次部署 kubernetesport 80终于打开了。

现在我更愿意理解为什么我不能打开port 443而不是再做一遍。我发现有一个表KUBE-FIREWALL(见下文),默认情况下会阻止所有内容。

这是我的主要问题:

KUBE-FIREWALL 的规则优先级是否比我的表 TCP 高?如果,我怎样才能改变优先级?

输入

Chain INPUT (policy DROP)
target     prot opt source               destination         
cali-INPUT  all  --  anywhere             anywhere             /* cali:Cz_u1IQiXIMmKD4c */
f2b-sshd   tcp  --  anywhere             anywhere             multiport dports ssh
KUBE-EXTERNAL-SERVICES  all  --  anywhere             anywhere             ctstate NEW /* kubernetes externally-visible service portals */
KUBE-FIREWALL  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere             ctstate INVALID
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request ctstate NEW
UDP        udp  --  anywhere             anywhere             ctstate NEW
TCP        tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW
REJECT     udp  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere             reject-with tcp-reset
REJECT     all  --  anywhere             anywhere             reject-with icmp-proto-unreachable

校准输入

Chain cali-INPUT (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             /* cali:msRIDfJRWnYwzW4g */ mark match 0x10000/0x10000
cali-wl-to-host  all  --  anywhere             anywhere            [goto]  /* cali:y4fKWmWkTnYGshVX */
MARK       all  --  anywhere             anywhere             /* cali:JnMb-hdLugWL4jEZ */ MARK and 0xfff0ffff
cali-from-host-endpoint  all  --  anywhere             anywhere             /* cali:NPKZwKxJ-5imzORj */
ACCEPT     all  --  anywhere             anywhere             /* cali:aes7S4xZI-7Jyw63 */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000

KUBE-防火墙

Chain cali-INPUT (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             /* cali:msRIDfJRWnYwzW4g */ mark match 0x10000/0x10000
cali-wl-to-host  all  --  anywhere             anywhere            [goto]  /* cali:y4fKWmWkTnYGshVX */
MARK       all  --  anywhere             anywhere             /* cali:JnMb-hdLugWL4jEZ */ MARK and 0xfff0ffff
cali-from-host-endpoint  all  --  anywhere             anywhere             /* cali:NPKZwKxJ-5imzORj */
ACCEPT     all  --  anywhere             anywhere             /* cali:aes7S4xZI-7Jyw63 */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000
claus@vmd33301:~$ sudo iptables -L KUBE-FIREWALL
Chain KUBE-FIREWALL (2 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000

TCP

Chain TCP (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
iptables kubernetes
Martin Hope
Volker Raschek
Asked: 2018-03-07 02:35:12 +0800 CST
  • 1

我想将所有节点上的服务绑定到端口 80 和 443,这样我将通过 DNS 名称(kubernetes)重定向到通过 HTTP/S 将我直接重定向到服务的任何节点,然后再到部署(nginx )。但是,我不知道这是如何工作的,因为 NodePorts 的范围仅从 30000 到 32xxx。

这是我的设置

DNS-Name      IPv4
k8s-master    172.25.35.47
k8s-node-01   172.25.36.47
k8s-node-02   172.25.36.8
kubernetes    172.25.36.47
kubernetes    172.25.36.8

我的 yaml 文件

apiVersion: v1
kind: Service
metadata:
  name: proxy
spec:
  ports:
  - name: http
    nodePort: 80     
    port: 80            
    protocol: TCP      
    targetPort: 80     
  - name: https
    nodePort: 443     
    port: 443           
    protocol: TCP       
    targetPort: 443     
  selector:
    name: proxy
  type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: proxy
  labels:
    name: proxy
spec:
  selector:
    matchLabels:
      name: proxy
  replicas: 1
  template:
    metadata:
     labels:
       name: proxy
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - name: http
          containerPort: 80
          protocol: TCP
        - name: https
          containerPort: 443
          protocol: TCP

哪种类型的服务为我提供了公开此端口的功能,或者我如何实现我的心理设置?

沃尔克

port-forwarding kubernetes
Martin Hope
Mohammed Ali
Asked: 2017-12-24 06:21:23 +0800 CST
  • 2

我已经在 docker 中设置了一个私有注册表,可以通过域“makdom.ddns.net”访问,我可以在本地登录推送和拉取图像,即使是从 kubes 节点我也可以做到这一点,

但是当我编写一个 kubes 部署文件时,它无法从私有注册表中提取图像并且失败。

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: ssh-deployment
spec:
  template:
    metadata:
      labels:
        app: helloworld
    spec:
      containers:
      - name: ssh-demo
        image: makdom.ddns.net/my-ubuntu
        imagePullPolicy: IfNotPresent
        ports:
        - name: nodejs-port
          containerPort: 22
      imagePullSecrets:
      - name: myregistrykey

秘密:

DOCKER_REGISTRY_SERVER="https://makdom.ddns.net/v1/"
DOCKER_USER="user"
DOCKER_PASSWORD="password"
DOCKER_EMAIL="[email protected]" 

kubectl create secret docker-registry myregistrykey \
  --docker-server=$DOCKER_REGISTRY_SERVER \
  --docker-username=$DOCKER_USER \
  --docker-password=$DOCKER_PASSWORD \
  --docker-email=$DOCKER_EMAIL

错误:

Events:
  Type     Reason                 Age               From                  Message
  ----     ------                 ----              ----                  -------
  Normal   Scheduled              1m                default-scheduler     Successfully assigned ssh-deployment-7b7c7bf977-m6stk to kubes-slave
  Normal   SuccessfulMountVolume  1m                kubelet, kubes-slave  MountVolume.SetUp succeeded for volume "default-token-mx7qq"
  Normal   Pulled                 1m (x3 over 1m)   kubelet, kubes-slave  Container image "makdom.ddns.net/my-ubuntu" already present on machine
  Normal   Created                1m (x3 over 1m)   kubelet, kubes-slave  Created container
  Normal   Started                1m (x3 over 1m)   kubelet, kubes-slave  Started container
  Normal   Pulling                34s (x2 over 1m)  kubelet, kubes-slave  pulling image "makdom.ddns.net/my-ubuntu"
  Warning  Failed                 34s (x2 over 1m)  kubelet, kubes-slave  Failed to pull image "makdom.ddns.net/my-ubuntu": rpc error: code = Unknown desc = Error: image my-ubuntu:latest not found
  Warning  Failed                 34s (x2 over 1m)  kubelet, kubes-slave  Error: ErrImagePull
  Warning  BackOff                19s (x6 over 1m)  kubelet, kubes-slave  Back-off restarting failed container
docker kubernetes