根据 this article 完成.
我安装了 Kubernetes。然后安装了 etcd 集群,该集群通过 HTTPS 工作并仅监听 localhost 接口(interface)(可从任何 Docker 容器内部访问)。
现在我需要持久卷来安装数据库集群。选择波特沃克斯。它生成了守护进程 YAML-config。以下是已安装守护程序集的说明:
# kubectl describe daemonset portworx --namespace=kube-system
Name: portworx
Selector: name=portworx
Node-Selector: <none>
Labels: name=portworx
Annotations: kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"extensions/v1beta1","kind":"DaemonSet","metadata":{"annotations":{"portworx.com/install-source":"http://install.portworx.com/?c=bp_clust...
portworx.com/install-source=http://install.portworx.com/?c=bp_cluster&k=etcd:https://127.0.0.1:2379&kbver=1.11.0&s=/dev/xvda1&d=ens3&m=ens3&stork=false&ca=/etc/kubernetes/pki/etcd/ca.crt%%20&cert=/etc...
Desired Number of Nodes Scheduled: 2
Current Number of Nodes Scheduled: 2
Number of Nodes Scheduled with Up-to-date Pods: 2
Number of Nodes Scheduled with Available Pods: 0
Number of Nodes Misscheduled: 0
Pods Status: 2 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
Labels: name=portworx
Service Account: px-account
Containers:
portworx:
Image: portworx/oci-monitor:1.3.4
Port: <none>
Host Port: <none>
Args:
-k
etcd:https://127.0.0.1:2379
-c
bp_cluster
-d
ens3
-m
ens3
-s
/dev/xvda1
-ca
/etc/kubernetes/pki/etcd/ca.crt
-cert
/etc/kubernetes/pki/etcd/server.crt
-key
/etc/kubernetes/pki/etcd/server.key
-x
kubernetes
Liveness: http-get http://127.0.0.1:9001/status delay=840s timeout=1s period=30s #success=1 #failure=3
Readiness: http-get http://127.0.0.1:9015/health delay=0s timeout=1s period=10s #success=1 #failure=3
Environment:
PX_TEMPLATE_VERSION: v3
Mounts:
/etc/pwx from etcpwx (rw)
/etc/systemd/system from sysdmount (rw)
/host_proc/1/ns from proc1nsmount (rw)
/opt/pwx from optpwx (rw)
/var/run/dbus from dbusmount (rw)
/var/run/docker.sock from dockersock (rw)
Volumes:
dockersock:
Type: HostPath (bare host directory volume)
Path: /var/run/docker.sock
HostPathType:
etcpwx:
Type: HostPath (bare host directory volume)
Path: /etc/pwx
HostPathType:
optpwx:
Type: HostPath (bare host directory volume)
Path: /opt/pwx
HostPathType:
proc1nsmount:
Type: HostPath (bare host directory volume)
Path: /proc/1/ns
HostPathType:
sysdmount:
Type: HostPath (bare host directory volume)
Path: /etc/systemd/system
HostPathType:
dbusmount:
Type: HostPath (bare host directory volume)
Path: /var/run/dbus
HostPathType:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal SuccessfulCreate 22m daemonset-controller Created pod: portworx-67w7m
Normal SuccessfulCreate 22m daemonset-controller Created pod: portworx-mxtr8
但是在 portworx 的日志中,我看到它正在尝试通过纯 HTTP 连接到 etcd,并且由于无法解释包装到 SSL 的响应而明显出错:
# kubectl logs -f pod/portworx-67w7m --namespace=kube-system
<some logs are erased du to lack of relevance>
Jul 02 13:19:25 ip-172-31-18-91 px-runc[25417]: time="2018-07-02T13:19:25Z" level=error msg="Could not load config file /etc/pwx/config.json due to: Error in obtaining etcd version: Get http://127.0.0.1:2379/version: net/http: HTTP/1.x transport connection broken: malformed HTTP response \"\\x15\\x03\\x01\\x00\\x02\\x02\". Please visit http://docs.portworx.com for more information."
Jul 02 13:19:25 ip-172-31-18-91 px-runc[25417]: PXPROCS: px daemon exited with code: 1
Jul 02 13:19:25 ip-172-31-18-91 px-runc[25417]: 2107
Jul 02 13:19:25 ip-172-31-18-91 px-runc[25417]: 2018-07-02 13:19:25,474 INFO exited: pxdaemon (exit status 1; not expected)
我做错了什么?
最佳答案
我不知道他们为什么没有显示“无法读取 -cert 文件”错误,但您指定了 /etc/kubernetes/pki/etcd/server.crt在选项中但没有卷安装/etc/kubernetes/pki进入容器。由于显而易见的原因,kubernetes 不会自动卷挂载它的 pki 目录,因此,您必须指定它。
如果是 DaemonSet是为您生成的(根据注释显示),然后发生的事情是它们是 expecting the certs to live in /etc/pwx/etcdcerts (它也在他们的 manual provisioning docs 中),所以当您提供非 /etc路径,两个世界相撞。
关于kubernetes - Portworx 到 ETCD 的连接不起作用(http 与 https),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51137562/