服务器 Gind.cn
  1. 服务器 Gind.cn
  3. kubectl:与服务器XXX.XXX.XXXXXX的连接被拒绝
Intereting Posts
有没有办法在命令行中执行“run as”? WinXP – 将networking位置映射到本地文件夹 从Exchange 2003中的“所有收件人”通讯组中排除OU ssh forcecommand连接到xxxclosures Windows事件收集器负载平衡到多个收集器 mod_evasive与Apache / 2.2.16 dosn't工作时,我使用curl 从DNSlogging中redirectwww 我应该放在我的大机器上? Magento数据库的Magentonetworking服务器? 备份应由root拥有:备份? 一台服务器上的多个域IP地址 从较大的HDD复制/克隆数据到较小的一个 Apache2设置转储中configuration文件末尾的数字的含义 在远程全局Apache上运行LogstalgialoginWHM系统 Mac上的邮件configuration在哪里? 转发到https保持URL完整/完整

kubectl:与服务器XXX.XXX.XXXXXX的连接被拒绝

我正尝试连接到Google Cloud Engine中的kubernetes主(群集)。

kubectl尝试访问kubernetes主机时,总是得到的错误是:

与服务器XXX.XXX.XXX.XXX的连接被拒绝 – 您是否指定了正确的主机或端口?

例如: 

$ kubectl version Client Version: version.Info{Major:"1", Minor:"5", GitVersion:"v1.5.2", GitCommit:"08e099554f3c31f6e6f07b448ab3ed78d0520507", GitTreeState:"clean", BuildDate:"2017-01-12T04:57:25Z", GoVersion:"go1.7.4", Compiler:"gc", Platform:"linux/amd64"} The connection to the server XXX.XXX.XXX.XXX was refused - did you specify the right host or port?

至于我检查客户端是使用相同的版本,该服务器(版本1.5.2)。 但是出于一些奇怪的原因,它拒绝连接。 

 $ gcloud beta container get-server-config Fetching server config for europe-west1-c defaultClusterVersion: 1.5.2 defaultImageType: GCI validImageTypes: - CONTAINER_VM - GCI validMasterVersions: - 1.5.2 - 1.4.8 validNodeVersions: - 1.5.2 - 1.5.1 - 1.4.8 - 1.4.7 - 1.4.6 - 1.3.10 - 1.2.7

在kubernetes主群集(服务器版本)中出现以下错误: 

 # kubectl version Client Version: version.Info{Major:"1", Minor:"5", GitVersion:"v1.5.2", GitCommit:"08e099554f3c31f6e6f07b448ab3ed78d0520507", GitTreeState:"clean", BuildDate:"2017-01-12T04:57:25Z", GoVersion:"go1.7.4", Compiler:"gc", Platform:"linux/amd64"} The connection to the server localhost:8080 was refused - did you specify the right host or port?

我按照以下步骤进行kubernetes集群主创build: 

 export APP_NAME=brand-project export GOOGLE_CONTAINER_NAME=b.gcr.io/brand/project gcloud container clusters create $APP_NAME --zone europe-west1-c --machine-type g1-small --num-nodes 1

我得到,我完全设置凭据: 

 gcloud config set container/cluster $APP_NAME gcloud container clusters get-credentials $APP_NAME gcloud auth application-default login

描述是好的: 

 gcloud container clusters describe $APP_NAME

googleconfiguration也是: 

 gcloud config list

上下文似乎也是合法的: 

 kubectl config get-contexts

即使我可以ssh到kubernetes主集群,但只有SSH,没有HTTP或HTTPS或例如正常运行kubectl。

我也读过Kubernetes文档 :

Google Container Engine使用SSH隧道来保护主 – >群集通信path。 在此configuration中,apiserver会启动到群集中每个节点(连接到侦听端口22的ssh服务器)的SSH隧道,并通过隧道传递指向kubelet,node,pod或服务的所有stream量。 此通道确保通信不会暴露在运行群集的专用GCEnetworking之外。

所以我不知道如何打开Kubernetes集群mastter中的8000端口来允许连接(并且打开Goog​​le Cloud Engine中的防火墙中的所有端口似乎都不起作用)。

我出来的想法,我主要search所有谷歌相关条目。 所以我不知道如何解决与服务器连接或我在做什么错误的过程中。 任何帮助非常感谢!

编辑:

在检查“ 容器registry废弃声明 ”后,容器位置更新为eu.gcr.io,而不是b.gcr.io根据:

2017年2月28日,使用“自带存储桶”registry(如b.gcr.io和bucket.gcr.io)被视为弃用。 在此之后,Container Registry将不再提供您在这些桶中的任何容器映像。

但问题仍然存在。

解决我自己的答案。 似乎真正的问题是通过DNS访问并连接到accounts.google.com。 在检查我有ping之后: 

 $ ping accounts.google.com PING accounts.google.com (216.58.201.141) 56(84) bytes of data. 64 bytes from mad06s25-in-f13.1e100.net (216.58.201.141): icmp_seq=1 ttl=56 time=21.9 ms 64 bytes from mad06s25-in-f13.1e100.net (216.58.201.141): icmp_seq=2 ttl=56 time=19.0 ms 64 bytes from mad06s25-in-f13.1e100.net (216.58.201.141): icmp_seq=3 ttl=56 time=20.4 ms ^C --- accounts.google.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 19.070/20.468/21.914/1.173 ms

在命令执行过程中,将所有打开的文件进行批处理: 

 $ strace -eopenat kubectl version openat(AT_FDCWD, "/proc/sys/net/core/somaxconn", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/proc/stat", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/proc/sys/kernel/hostname", O_RDONLY|O_CLOEXEC) = 3 Client Version: version.Info{Major:"1", Minor:"5", GitVersion:"v1.5.2", GitCommit:"08e099554f3c31f6e6f07b448ab3ed78d0520507", GitTreeState:"clean", BuildDate:"2017-01-12T04:57:25Z", GoVersion:"go1.7.4", Compiler:"gc", Platform:"linux/amd64"} openat(AT_FDCWD, "/home/shakaran/.kube/config", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/home/shakaran/.config/gcloud/application_default_credentials.json", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/proc/sys/kernel/hostname", O_RDONLY|O_CLOEXEC) = 4 openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 3 The connection to the server 104.155.120.114 was refused - did you specify the right host or port? +++ exited with 1 +++

我试图找出打开的连接: 

 $ systemd-resolve --status | cat Global DNS Servers: 127.0.1.1 8.8.8.8 8.8.4.4 DNSSEC NTA: 10.in-addr.arpa 16.172.in-addr.arpa 168.192.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa corp dfip6.arpa home internal intranet lan local private test Link 10 (vboxnet3) Current Scopes: LLMNR/IPv4 LLMNR/IPv6 LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: allow-downgrade DNSSEC supported: yes Link 9 (vboxnet2) Current Scopes: none LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: allow-downgrade DNSSEC supported: yes Link 8 (vboxnet1) Current Scopes: none LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: allow-downgrade DNSSEC supported: yes Link 7 (vboxnet0) Current Scopes: none LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: allow-downgrade DNSSEC supported: yes Link 6 (docker0) Current Scopes: none LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: allow-downgrade DNSSEC supported: yes Link 5 (tun0) Current Scopes: none LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: allow-downgrade DNSSEC supported: yes Link 3 (wlan0) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: allow-downgrade DNSSEC supported: no DNS Servers: 8.8.8.8 8.8.4.4 Link 2 (eth0) Current Scopes: none LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: allow-downgrade DNSSEC supported: yes

我只是发现,我已经启用了tun0的openvpn(阻止与accounts.google.com的连接),在运行禁用界面之后: 

 sudo ifconfig tun0 down

我很完美: 

 $ kubectl version Client Version: version.Info{Major:"1", Minor:"5", GitVersion:"v1.5.2", GitCommit:"08e099554f3c31f6e6f07b448ab3ed78d0520507", GitTreeState:"clean", BuildDate:"2017-01-12T04:57:25Z", GoVersion:"go1.7.4", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"5", GitVersion:"v1.5.2", GitCommit:"08e099554f3c31f6e6f07b448ab3ed78d0520507", GitTreeState:"clean", BuildDate:"2017-01-12T04:52:34Z", GoVersion:"go1.7.4", Compiler:"gc", Platform:"linux/amd64"} So sorry for all the noise. But probably it is a good idea add this in FAQ's or so for warning the users about VPNs

所以这个问题大多是被拒绝的连接。 在kubernetes项目中使用-v = 4进行debugging的问题#41975可能是有用的,如: 

 $ kubectl version -v=4 Client Version: version.Info{Major:"1", Minor:"5", GitVersion:"v1.5.2", GitCommit:"08e099554f3c31f6e6f07b448ab3ed78d0520507", GitTreeState:"clean", BuildDate:"2017-01-12T04:57:25Z", GoVersion:"go1.7.4", Compiler:"gc", Platform:"linux/amd64"} I0224 11:32:36.914299 30751 helpers.go:221] Connection error: Get https://XXX.XXX.XXX.XXX/api: Post https://accounts.google.com/o/oauth2/token: dial tcp: lookup accounts.google.com on 127.0.1.1:53: read udp 127.0.0.1:46403->127.0.1.1:53: read: connection refused F0224 11:32:36.914378 30751 helpers.go:116] The connection to the server XXX.XXX.XXX.XXX was refused - did you specify the right host or port?