无法查看 haproxy 状态页面，只有一个节点能ping通VIP

DanielchenN commented 5 years ago

flannel网络正常：--- 并且三台虚拟机上互ping 可以联通

192.168.100.14 inet 172.30.9.0/32 scope global flannel.1 192.168.100.12 inet 172.30.100.0/32 scope global flannel.1 192.168.100.13 inet 172.30.38.0/32 scope global flannel.1
三台虚拟机haproxy正常运行，并都监听了8443端口

192.168.100.14 tcp 0 0 0.0.0.0:8443 0.0.0.0: LISTEN 14575/haproxy
tcp 0 0 0.0.0.0:10080 0.0.0.0: LISTEN 14575/haproxy
192.168.100.12 tcp 0 0 0.0.0.0:8443 0.0.0.0: LISTEN 16176/haproxy
tcp 0 0 0.0.0.0:10080 0.0.0.0: LISTEN 16176/haproxy
192.168.100.13 tcp 0 0 0.0.0.0:8443 0.0.0.0: LISTEN 4982/haproxy
tcp 0 0 0.0.0.0:10080 0.0.0.0: LISTEN 4982/haproxy
[root@kube-node1 ~]# for node_ip in ${NODE_IPS[@]}; do echo ">>> ${node_ip}"; ssh root@${node_ip} "netstat -lnpt|grep haproxy"; done 192.168.100.14 tcp 0 0 0.0.0.0:8443 0.0.0.0: LISTEN 14575/haproxy
tcp 0 0 0.0.0.0:10080 0.0.0.0: LISTEN 14575/haproxy
192.168.100.12 tcp 0 0 0.0.0.0:8443 0.0.0.0: LISTEN 16176/haproxy
tcp 0 0 0.0.0.0:10080 0.0.0.0: LISTEN 16176/haproxy
192.168.100.13 tcp 0 0 0.0.0.0:8443 0.0.0.0: LISTEN 4982/haproxy
tcp 0 0 0.0.0.0:10080 0.0.0.0: LISTEN 4982/haproxy
keepalived的服务正常运行 [root@kube-node1 ~]# for node_ip in ${NODE_IPS[@]}

do echo ">>> ${node_ip}" ssh root@${node_ip} "systemctl status keepalived|grep Active" done

192.168.100.14 Active: active (running) since 日 2019-04-14 10:26:32 CST; 14min ago 192.168.100.12 Active: active (running) since 日 2019-04-14 10:26:32 CST; 14min ago 192.168.100.13 Active: active (running) since 日 2019-04-14 10:26:31 CST; 14min ago
但是VIP 所在的节点，无法 ping 通 VIP：（只有一个节点可以，其他两个无法连接）

192.168.100.14 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:92:97:f8 brd ff:ff:ff:ff:ff:ff inet 192.168.100.14/24 brd 192.168.100.255 scope global noprefixroute enp0s8 valid_lft forever preferred_lft forever inet 172.27.129.253/32 scope global enp0s8 valid_lft forever preferred_lft forever PING 172.27.129.253 (172.27.129.253) 56(84) bytes of data. 64 bytes from 172.27.129.253: icmp_seq=1 ttl=64 time=0.015 ms

--- 172.27.129.253 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.015/0.015/0.015/0.000 ms

192.168.100.12 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:96:68:b0 brd ff:ff:ff:ff:ff:ff inet 192.168.100.12/24 brd 192.168.100.255 scope global noprefixroute enp0s8 valid_lft forever preferred_lft forever PING 172.27.129.253 (172.27.129.253) 56(84) bytes of data.

--- 172.27.129.253 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms

192.168.100.13 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:e3:78:10 brd ff:ff:ff:ff:ff:ff inet 192.168.100.13/24 brd 192.168.100.255 scope global noprefixroute enp0s8 valid_lft forever preferred_lft forever PING 172.27.129.253 (172.27.129.253) 56(84) bytes of data.

--- 172.27.129.253 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms

DanielchenN commented 5 years ago

换成同一网段192.168.100.16 作为VIP ，各个节点均能ping通 [root@kube-node1 ~]# for node_ip in ${NODE_IPS[@]}

do echo ">>> ${node_ip}" ssh ${node_ip} "/usr/sbin/ip addr show ${VIP_IF}" ssh ${node_ip} "ping -c 1 ${MASTER_VIP}" done

192.168.100.14 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:92:97:f8 brd ff:ff:ff:ff:ff:ff inet 192.168.100.14/24 brd 192.168.100.255 scope global noprefixroute enp0s8 valid_lft forever preferred_lft forever inet 192.168.100.16/32 scope global enp0s8 valid_lft forever preferred_lft forever PING 192.168.100.16 (192.168.100.16) 56(84) bytes of data. 64 bytes from 192.168.100.16: icmp_seq=1 ttl=64 time=0.020 ms

--- 192.168.100.16 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.020/0.020/0.020/0.000 ms

192.168.100.12 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:96:68:b0 brd ff:ff:ff:ff:ff:ff inet 192.168.100.12/24 brd 192.168.100.255 scope global noprefixroute enp0s8 valid_lft forever preferred_lft forever PING 192.168.100.16 (192.168.100.16) 56(84) bytes of data. 64 bytes from 192.168.100.16: icmp_seq=1 ttl=64 time=0.614 ms

--- 192.168.100.16 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.614/0.614/0.614/0.000 ms

192.168.100.13 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:e3:78:10 brd ff:ff:ff:ff:ff:ff inet 192.168.100.13/24 brd 192.168.100.255 scope global noprefixroute enp0s8 valid_lft forever preferred_lft forever PING 192.168.100.16 (192.168.100.16) 56(84) bytes of data. 64 bytes from 192.168.100.16: icmp_seq=1 ttl=64 time=0.579 ms

--- 192.168.100.16 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.579/0.579/0.579/0.000 ms

但是此时浏览器仍然无法访问http://192.168.100.16:10080/status 。。

luole1060 commented 5 years ago

vip 是通过keepalived 实现的，三台主机应该对应的是同一个vip。不知道是不是你的配置问题
haproxy 的访问你可以通过主机ip加端口的方式测试下单独访问有没有问题的。

DanielchenN commented 5 years ago

非常感谢楼主答疑解惑

第一个问题是各节点通信问题，删除etcd缓存，确认网卡无误后，可以调试成功。
haproxy 我也测了一下，虽然浏览器一直无法访问，但是curl :10080/status [root@kube-node1 kubernetes]# curl 192.168.100.16:10080/status 可以返回需要账号密码理论上是联通的，加了 -u user:pass，可以返回完整HTML，但是我好像无法通过浏览器访问。。
我一个前端，突然就去搞K8s集群了，真心头大...

luole1060 / install_k8s_v1.13

无法查看 haproxy 状态页面，只有一个节点能ping通VIP #2