Closed sealandsigh closed 4 years ago
@sealandsigh 一般etcd的admin client证书只会在master上面存在
# nodeSelector:
# node-role.kubernetes.io/master: ''
# tolerations:
# - key: node-role.kubernetes.io/master
# operator: Exists
这段代码的作用是容忍taint,然后部署在master上。
env:
@sealandsigh 另外etcd-leader-ip在Pod中是可以解析的吗,这个麻烦验证下?另外我也捕获下这个panic,更好的提示报错。
@ringtail 登录进pod ping了一下etcd-leader-ip,是可以ping通的,并且这里其实就是ip地址哈
@sealandsigh 如果按照报错的位置来看,应该就是从etcd获取key的时候没回来,重点检查下证书在Pod中是否存在,以及下发的Yaml是否存在格式问题,导致某些字段没有被解析
@sealandsigh 这段代码有问题导致了panic:
func createTlsConf(ca, key, cert string) (*tls.Config, error) {
cfgtls := &transport.TLSInfo{}
cfgtls.CAFile = ca
cfgtls.KeyFile = key
cfgtls.CertFile = cert
clientTLS, err := cfgtls.ClientConfig()
//add default InsecureSkipVerify
clientTLS.InsecureSkipVerify = true
if err != nil {
return nil, err
}
return clientTLS, nil
}
应该先判断错误,在进行 true的赋值:
func createTlsConf(ca, key, cert string) (*tls.Config, error) {
cfgtls := &transport.TLSInfo{}
cfgtls.CAFile = ca
cfgtls.KeyFile = key
cfgtls.CertFile = cert
clientTLS, err := cfgtls.ClientConfig()
if err != nil {
return nil, err
}
//add default InsecureSkipVerify
clientTLS.InsecureSkipVerify = true
return clientTLS, nil
}
这样就能避免panic的出现.
@sealandsigh 这段代码有问题导致了panic:
func createTlsConf(ca, key, cert string) (*tls.Config, error) { cfgtls := &transport.TLSInfo{} cfgtls.CAFile = ca cfgtls.KeyFile = key cfgtls.CertFile = cert clientTLS, err := cfgtls.ClientConfig() //add default InsecureSkipVerify clientTLS.InsecureSkipVerify = true if err != nil { return nil, err } return clientTLS, nil }
应该先判断错误,在进行 true的赋值:
func createTlsConf(ca, key, cert string) (*tls.Config, error) { cfgtls := &transport.TLSInfo{} cfgtls.CAFile = ca cfgtls.KeyFile = key cfgtls.CertFile = cert clientTLS, err := cfgtls.ClientConfig() if err != nil { return nil, err } //add default InsecureSkipVerify clientTLS.InsecureSkipVerify = true return clientTLS, nil }
这样就能避免panic的出现.
@huangjiasingle 我只是简单使用了下哈,这个得owner @ringtail 看看了,之前有事最后也没再查了,理论上能创建yaml格式肯定没问题,也挂载了证书额。
麻烦提交一个PR,我尽快合并
@ringtail 好的.
大佬好:
环境版本: kubernetes: 1.11.5 docker: 17.03-ce linux: centos 4.18.16
通过k8s yaml文件创建有如下问题,但是docker创建就没有问题 通过k8s yaml创建问题如下: 2018/12/13 04:48:17 http: panic serving 172.16.0.128:53642: runtime error: invalid memory address or nil pointer dereference goroutine 18 [running]: net/http.(conn).serve.func1(0xc420152000) /usr/local/go/src/net/http/server.go:1721 +0xd0 panic(0x91d960, 0xca5f80) /usr/local/go/src/runtime/panic.go:489 +0x2cf github.com/ringtail/lucas/backend/services.createTlsConf(0xc420014008, 0x1f, 0xc420014069, 0x25, 0xc42001403a, 0x21, 0xc420032a98, 0x66c7aa, 0xc420032a38) /src/github.com/ringtail/lucas/backend/services/store.go:58 +0xe6 github.com/ringtail/lucas/backend/services.New(0xc42001409a, 0x1b, 0xc420014008, 0x1f, 0xc420014069, 0x25, 0xc42001403a, 0x21, 0xc420123260, 0x14, ...) /src/github.com/ringtail/lucas/backend/services/store.go:34 +0xf1 github.com/ringtail/lucas/backend/handlers.StoreHandler(0xc6d3a0, 0xc4201242a0, 0xc42000ac00) /src/github.com/ringtail/lucas/backend/handlers/storeHandler.go:24 +0x8c3 net/http.HandlerFunc.ServeHTTP(0x9e6818, 0xc6d3a0, 0xc4201242a0, 0xc42000ac00) /usr/local/go/src/net/http/server.go:1942 +0x44 net/http.(ServeMux).ServeHTTP(0xc420127260, 0xc6d3a0, 0xc4201242a0, 0xc42000ac00) /usr/local/go/src/net/http/server.go:2238 +0x130 github.com/ringtail/lucas/backend.(LucasServer).Middleware.func1(0xc6d3a0, 0xc4201242a0, 0xc42015e000) /src/github.com/ringtail/lucas/backend/backend.go:28 +0x17e net/http.HandlerFunc.ServeHTTP(0xc4201230e0, 0xc6d3a0, 0xc4201242a0, 0xc42015e000) /usr/local/go/src/net/http/server.go:1942 +0x44 net/http.serverHandler.ServeHTTP(0xc420093ef0, 0xc6d3a0, 0xc4201242a0, 0xc42015e000) /usr/local/go/src/net/http/server.go:2568 +0x92 net/http.(conn).serve(0xc420152000, 0xc6dbe0, 0xc42014a0c0) /usr/local/go/src/net/http/server.go:1825 +0x612 created by net/http.(*Server).Serve /usr/local/go/src/net/http/server.go:2668 +0x2ce
我的yaml文件如下:
apiVersion: v1 kind: Service metadata: annotations: derrick.service.type: nodeport derrick.version: 0.0.14 labels: derrick.service: lucas name: lucas namespace: se spec: ports:
name: "8080" port: 8080 targetPort: 8080 nodePort: 30003 selector: derrick.service: lucas type: NodePort
apiVersion: extensions/v1beta1
apiVersion: apps/v1
kind: Deployment metadata: annotations: derrick.version: 0.0.14 labels: derrick.service: lucas name: lucas namespace: se spec: replicas: 1 template: metadata: labels: derrick.service: lucas spec:
nodeSelector:
node-role.kubernetes.io/master: ''
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
containers:
通过docker创建就可以使用,用的相同的配置,docker执行如下:
docker run -d -p 30003:8080 -v /opt/etcd-v3.3.10-linux-amd64/:/etc/kubernetes/pki/etcd/ -e CA_FILE=/etc/kubernetes/pki/etcd/ca.pem -e CERT_FILE=/etc/kubernetes/pki/etcd/etcd.pem -e KEY_FILE=/etc/kubernetes/pki/etcd/etcd-key.pem -e ENDPOINTS="https://etcd-leader-ip:2379" registry.cn-hangzhou.aliyuncs.com/ringtail/lucas:0.0.1