search

ringtail / lucas

etcd v3 api browser especially for learning kubernetes
Apache License 2.0
112 stars 28 forks source link

http: panic serving 172.16.0.128:53660: runtime error: invalid memory address or nil pointer dereference #4

Closed sealandsigh closed 4 years ago

sealandsigh commented 5 years ago

大佬好:

环境版本: kubernetes: 1.11.5 docker: 17.03-ce linux: centos 4.18.16

通过k8s yaml文件创建有如下问题,但是docker创建就没有问题 通过k8s yaml创建问题如下: 2018/12/13 04:48:17 http: panic serving 172.16.0.128:53642: runtime error: invalid memory address or nil pointer dereference goroutine 18 [running]: net/http.(conn).serve.func1(0xc420152000) /usr/local/go/src/net/http/server.go:1721 +0xd0 panic(0x91d960, 0xca5f80) /usr/local/go/src/runtime/panic.go:489 +0x2cf github.com/ringtail/lucas/backend/services.createTlsConf(0xc420014008, 0x1f, 0xc420014069, 0x25, 0xc42001403a, 0x21, 0xc420032a98, 0x66c7aa, 0xc420032a38) /src/github.com/ringtail/lucas/backend/services/store.go:58 +0xe6 github.com/ringtail/lucas/backend/services.New(0xc42001409a, 0x1b, 0xc420014008, 0x1f, 0xc420014069, 0x25, 0xc42001403a, 0x21, 0xc420123260, 0x14, ...) /src/github.com/ringtail/lucas/backend/services/store.go:34 +0xf1 github.com/ringtail/lucas/backend/handlers.StoreHandler(0xc6d3a0, 0xc4201242a0, 0xc42000ac00) /src/github.com/ringtail/lucas/backend/handlers/storeHandler.go:24 +0x8c3 net/http.HandlerFunc.ServeHTTP(0x9e6818, 0xc6d3a0, 0xc4201242a0, 0xc42000ac00) /usr/local/go/src/net/http/server.go:1942 +0x44 net/http.(ServeMux).ServeHTTP(0xc420127260, 0xc6d3a0, 0xc4201242a0, 0xc42000ac00) /usr/local/go/src/net/http/server.go:2238 +0x130 github.com/ringtail/lucas/backend.(LucasServer).Middleware.func1(0xc6d3a0, 0xc4201242a0, 0xc42015e000) /src/github.com/ringtail/lucas/backend/backend.go:28 +0x17e net/http.HandlerFunc.ServeHTTP(0xc4201230e0, 0xc6d3a0, 0xc4201242a0, 0xc42015e000) /usr/local/go/src/net/http/server.go:1942 +0x44 net/http.serverHandler.ServeHTTP(0xc420093ef0, 0xc6d3a0, 0xc4201242a0, 0xc42015e000) /usr/local/go/src/net/http/server.go:2568 +0x92 net/http.(conn).serve(0xc420152000, 0xc6dbe0, 0xc42014a0c0) /usr/local/go/src/net/http/server.go:1825 +0x612 created by net/http.(*Server).Serve /usr/local/go/src/net/http/server.go:2668 +0x2ce

我的yaml文件如下:

apiVersion: v1 kind: Service metadata: annotations: derrick.service.type: nodeport derrick.version: 0.0.14 labels: derrick.service: lucas name: lucas namespace: se spec: ports:

通过docker创建就可以使用,用的相同的配置,docker执行如下:

docker run -d -p 30003:8080 -v /opt/etcd-v3.3.10-linux-amd64/:/etc/kubernetes/pki/etcd/ -e CA_FILE=/etc/kubernetes/pki/etcd/ca.pem -e CERT_FILE=/etc/kubernetes/pki/etcd/etcd.pem -e KEY_FILE=/etc/kubernetes/pki/etcd/etcd-key.pem -e ENDPOINTS="https://etcd-leader-ip:2379" registry.cn-hangzhou.aliyuncs.com/ringtail/lucas:0.0.1

ringtail commented 5 years ago

@sealandsigh 一般etcd的admin client证书只会在master上面存在

# nodeSelector:
# node-role.kubernetes.io/master: ''
# tolerations:
# - key: node-role.kubernetes.io/master
# operator: Exists

这段代码的作用是容忍taint,然后部署在master上。

sealandsigh commented 5 years ago

env:

ringtail commented 5 years ago

@sealandsigh 另外etcd-leader-ip在Pod中是可以解析的吗,这个麻烦验证下?另外我也捕获下这个panic,更好的提示报错。

sealandsigh commented 5 years ago

@ringtail 登录进pod ping了一下etcd-leader-ip,是可以ping通的,并且这里其实就是ip地址哈

ringtail commented 5 years ago

@sealandsigh 如果按照报错的位置来看,应该就是从etcd获取key的时候没回来,重点检查下证书在Pod中是否存在,以及下发的Yaml是否存在格式问题,导致某些字段没有被解析

huangjiasingle commented 5 years ago

@sealandsigh 这段代码有问题导致了panic: 

func createTlsConf(ca, key, cert string) (*tls.Config, error) {
    cfgtls := &transport.TLSInfo{}
    cfgtls.CAFile = ca
    cfgtls.KeyFile = key
    cfgtls.CertFile = cert
    clientTLS, err := cfgtls.ClientConfig()
    //add default InsecureSkipVerify
    clientTLS.InsecureSkipVerify = true
    if err != nil {
        return nil, err
    }
    return clientTLS, nil
}

应该先判断错误,在进行 true的赋值:

func createTlsConf(ca, key, cert string) (*tls.Config, error) {
    cfgtls := &transport.TLSInfo{}
    cfgtls.CAFile = ca
    cfgtls.KeyFile = key
    cfgtls.CertFile = cert
    clientTLS, err := cfgtls.ClientConfig()
    if err != nil {
        return nil, err
    }
    //add default InsecureSkipVerify
        clientTLS.InsecureSkipVerify = true
    return clientTLS, nil
}

这样就能避免panic的出现.

sealandsigh commented 5 years ago

@sealandsigh 这段代码有问题导致了panic:

func createTlsConf(ca, key, cert string) (*tls.Config, error) {
  cfgtls := &transport.TLSInfo{}
  cfgtls.CAFile = ca
  cfgtls.KeyFile = key
  cfgtls.CertFile = cert
  clientTLS, err := cfgtls.ClientConfig()
  //add default InsecureSkipVerify
  clientTLS.InsecureSkipVerify = true
  if err != nil {
      return nil, err
  }
  return clientTLS, nil
}

应该先判断错误,在进行 true的赋值:

func createTlsConf(ca, key, cert string) (*tls.Config, error) {
  cfgtls := &transport.TLSInfo{}
  cfgtls.CAFile = ca
  cfgtls.KeyFile = key
  cfgtls.CertFile = cert
  clientTLS, err := cfgtls.ClientConfig()
  if err != nil {
      return nil, err
  }
  //add default InsecureSkipVerify
        clientTLS.InsecureSkipVerify = true
  return clientTLS, nil
}

这样就能避免panic的出现.

@huangjiasingle 我只是简单使用了下哈,这个得owner @ringtail 看看了,之前有事最后也没再查了,理论上能创建yaml格式肯定没问题,也挂载了证书额。

ringtail commented 5 years ago

麻烦提交一个PR,我尽快合并

huangjiasingle commented 5 years ago

@ringtail 好的.