K
Q

Can not access kubernetes master apis via https dial tcp 10.200.0.1:443: i/o timeout

12/8/2015

I edit the example of ingress controller. The code as follow controller.go:

package main
import (
    "log"
    "os"
    "os/exec"
    "reflect"
    "text/template"
    "k8s.io/kubernetes/pkg/api"
    "k8s.io/kubernetes/pkg/apis/extensions"
    client "k8s.io/kubernetes/pkg/client/unversioned"
    "k8s.io/kubernetes/pkg/fields"
    "k8s.io/kubernetes/pkg/labels"
    "k8s.io/kubernetes/pkg/util"
    "k8s.io/kubernetes/pkg/api/unversioned"
)
const (
    nginxConf = `
events {
  worker_connections 1024;
}
http {
{{range $ing := .Items}}
{{range $rule := $ing.Spec.Rules}}
  server {
    listen 80;
    server_name {{$rule.Host}};
    resolver 127.0.0.1;
{{ range $path := $rule.HTTP.Paths }}
    {{if eq $path.Path "" }}
    location / {
    {{else}}
    location {{$path.Path}} {
    {{end}}
      proxy_pass http://{{$path.Backend.ServiceName}}:{{$path.Backend.ServicePort}}/;
      proxy_set_header Host $host;
    }{{end}}
  }{{end}}{{end}}
}`
func shellOut(cmd string) {
    out, err := exec.Command("sh", "-c", cmd).CombinedOutput()
    log.Println(" cmd ", cmd, string(out))
    if err != nil {
        log.Fatalf("Failed to execute %v: %v, err: %v", cmd, string(out), err)
    }
}
func main() {
    log.SetFlags(log.Flags()|log.Lshortfile)
    var ingClient client.IngressInterface
    if kubeClient, err := client.NewInCluster(); err != nil {
        log.Fatalf("Failed to create client: %v.", err)
    } else {
        ingClient = kubeClient.Extensions().Ingress(api.NamespaceAll)
    }
    tmpl, _ := template.New("nginx").Parse(nginxConf)
    rateLimiter := util.NewTokenBucketRateLimiter(0.1, 1)
    known := &extensions.IngressList{}
    log.Println("Start nginx...")
    // Controller loop
    go shellOut("nginx -g 'daemon on;'")
    log.Println("Nginx start success")
    for {
        rateLimiter.Accept()
        options := unversioned.ListOptions{
            LabelSelector: unversioned.LabelSelector{labels.Everything()},
            FieldSelector: unversioned.FieldSelector{fields.Everything()},
        }
        ingresses, err := ingClient.List(options)
        log.Println("err :", err.Error())
        if err != nil || reflect.DeepEqual(ingresses.Items, known.Items) {
            continue
        }
        known = ingresses
        if w, err := os.Create("/etc/nginx/nginx.conf"); err != nil {
            log.Fatalf("Failed to open %v: %v", nginxConf, err)
        } else if err := tmpl.Execute(w, ingresses); err != nil {
            log.Fatalf("Failed to write template %v", err)
        }

        log.Println("Reload nginx")
        shellOut("nginx -s reload")
    }
}

I build this as images base with the nginx`s images, and run as rc in kubernetes rc-ingress-controller.yaml:

apiVersion: v1
kind: ReplicationController
metadata:
  name: nginx-ingress
  labels:
    app: nginx-ingress
spec:
  replicas: 1
  selector:
    app: nginx-ingress
  template:
    metadata:
      labels:
        app: nginx-ingress
    spec:
      nodeSelector:
        kubernetes.io/hostname: host3
      containers:
      #- image: dhub.yunpro.cn/google_containers/nginx-ingress:0.1
      - image: dhub.yunpro.cn/shenshouer/ingress-nginx:1.8-test07
      #- image: dhub.yunpro.cn/shenshouer/nginx
        imagePullPolicy: Always
        name: nginx
        ports:
        - containerPort: 80
          hostPort: 80
        volumeMounts:
        - name: timezone
          mountPath: /etc/localtime
          readOnly: true
      volumes:
      - name: timezone
        hostPath:
          path: /etc/localtime

But I got the timeout error for request master apis via https:

[root@host3 vagrant]# docker logs -f cccd1104824b
2015/12/08 11:20:43 controller.go:110: Start nginx...
2015/12/08 11:20:43 controller.go:113: Nginx start success
2015/12/08 11:21:13 controller.go:123: err : Get https://10.200.0.1:443/apis/extensions/v1beta1/ingresses: dial tcp 10.200.0.1:443: i/o timeout
2015/12/08 11:21:43 controller.go:123: err : Get https://10.200.0.1:443/apis/extensions/v1beta1/ingresses: dial tcp 10.200.0.1:443: i/o timeout
2015/12/08 11:22:13 controller.go:123: err : Get https://10.200.0.1:443/apis/extensions/v1beta1/ingresses: dial tcp 10.200.0.1:443: i/o timeout

The secrets in this po has mounted:

[root@host3 vagrant]# docker exec -it cccd1104824b /bin/bash
root@nginx-ingress-dqima:/# ls /var/run/secrets/kubernetes.io/serviceaccount/
ca.crt  token
root@nginx-ingress-dqima:/# ls -alh /var/run/secrets/kubernetes.io/serviceaccount/
total 12K
drwxrwxrwt. 2 root root   80 Dec  8 11:20 .
drwxr-xr-x. 3 root root 4.0K Dec  8 11:20 ..
-r--r--r--. 1 root root 1.2K Dec  8 11:20 ca.crt
-r--r--r--. 1 root root  846 Dec  8 11:20 token

The DNS service in my cluster is ok:

[root@host1 ingress]# kubectl exec busybox -- nslookup kubernetes
Server:    10.200.0.10
Address 1: 10.200.0.10
Name:      kubernetes
Address 1: 10.200.0.1

The service in default namespace:

[root@host1 ingress]# kubectl get svc
NAME             CLUSTER_IP      EXTERNAL_IP   PORT(S)     SELECTOR             AGE
kubernetes       10.200.0.1      <none>        443/TCP     <none>               5d
simple-request   10.200.43.243   <none>        30001/TCP   app=simple-request   5d

I don`t know how to fix this, Anyone who can help me?

-- sope
kubernetes

Similar Questions

How to install Wordpress updates on Google Container Engine?
Kernel logging to Cloud Logging for Container Engine nodes?
sysctl values for Google Container Engine instances
Unresponsive socket after x time (puma - ruby)

1 Answer

12/8/2015

in your RC you seem to bind to port 80, why do you expect that 443 would be open?

change the port in rc-ingress-controller.yaml to 443 and it should work

        name: nginx
        ports:
        - containerPort: 443
          hostPort: 443
-- MrE
Source: StackOverflow