昨天晚上在一个2C4G的ECS上玩kubernetes,想测试一下抗不抗揍,结果直接玩脱了,服务器跑了5个多小时,才跑完,但是也跑废了
早晨连接进服务器一看,docker蹦了,kubernetes蹦了,然是试着重启了下docker,10秒之后,CPU和内存都蹦了,然后尝试各种方法,最后用了一招:kubeadm reset 定胜负
既然这样,那就重装吧,幸亏有整理文档的习惯,按照文档安装,10分钟搞定,测试连接首页,正常;测试连接dashboard,正常;测试反代dashboard,失败,报错 504 time out
检查安全组,正常;检查防火墙,正常;俗话说日志是最好的胖友,那就查一下吧,就一句话神来之笔:upstream timed out (110: Connection timed out) while SSL handshaking to upstream
就这句话,各种查询之后发现:统统没个卵用,那就继续翻找日志,最后又找到依据,在启动容器的时候才会报错一次
no resolver defined to resolve ocsp.digicert.com while requesting certificate status, responder: ocsp.digicert.com, certificate
证书的锅?但是证书是昨天刚刚搞的,而且昨天还跑着一切正常,怎么会呢?于是又是一番排错,查看证书的详情,查看nginx的网络连通性、能否ping通各种域名,curl各种页面,最后得出的结论是:除了这个反代的dashboard之外,别的一切正常
既然这样,思考了下今天之前的环境和今天的环境有什么不同,最终发现一点:之前的flannel是v0.11.0,5天前flannel的镜像更新成了v0.12.0了,官网的https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml里面也全部是v0.12.0了,对比了下官网的flannel.yml文件,发现除了镜像的版本号之外一切正常
既然这样,那就修改flannel.yml文件,指回v0.11.0版本,然后重新部署一次
最后,见证奇迹的时候到了,反代恢复正常了
服了服了···不佩服不行,服了,非常服气,下一步研究flannel v0.12.0 到底有啥了不起折腾我溜溜大半天
What’s up Dear, are you really visiting this web page daily, if so afterward you will definitely take good know-how.
Hi, I do think this is an excellent website. I stumbledupon it 😉 I will come back
once again since I bookmarked it. Money and freedom is the greatest way to change, may you be rich and continue to help others.
If some one desires expert view concerning blogging after that i propose him/her to visit this blog, Keep up the
good work.
We are a group of volunteers and opening a new scheme in our community.
Your website offered us with valuable info to work on. You have done an impressive job and our whole community will be grateful to you.
I every time used to study post in news papers but now as I am a user of web therefore from
now I am using net for articles, thanks to
web.
Everything is very open with a really clear clarification of the issues.
It was definitely informative. Your website is very helpful.
Thank you for sharing!