报错信息
使用kubectl get pods -A查看集群,出现错误:
kubernetes-dashboard kubernetes-dashboard-xxxxxxxxxx6-2qrst 0/1 CrashLoopBackOff 6 15m
查看日志后,发现原因:
panic: Get "https://10.6.10.1:443/api/v1/namespaces/kubernetes-dashboard/secrets/kubernetes-dashboard-csrf": dial tcp 10.96.0.1:443: i/o timeout
goroutine 1 [running]:
github.com/kubernetes/dashboard/src/app/backend/client/csrf.(*csrfTokenManager).init(0xc00041ca20)/home/runner/work/dashboard/dashboard/src/app/backend/client/csrf/manager.go:41 +0x413
github.com/kubernetes/dashboard/src/app/backend/client/csrf.NewCsrfTokenManager(...)/home/runner/work/dashboard/dashboard/src/app/backend/client/csrf/manager.go:66
github.com/kubernetes/dashboard/src/app/backend/client.(*clientManager).initCSRFKey(0xc0004a0e00)/home/runner/work/dashboard/dashboard/src/app/backend/client/manager.go:502 +0xc6
github.com/kubernetes/dashboard/src/app/backend/client.(*clientManager).init(0xc0004a0e00)/home/runner/work/dashboard/dashboard/src/app/backend/client/manager.go:470 +0x47
github.com/kubernetes/dashboard/src/app/backend/client.NewClientManager(...)/home/runner/work/dashboard/dashboard/src/app/backend/client/manager.go:551
原因
dashboard的数据包直接被REJECT(拒绝)
解决方案
方案一:
原理:修改防火墙规则
方案弊端:虚拟机环境下创建的k8s可视化面板好像没有效果
操作如下:
- 保存现有的防火墙规则
iptables-save > iptables.rules
- 修改规则策略为ACCEPT
iptables -P INPUT ACCEPTiptables -P FORWARD ACCEPTiptables -P OUTPUT ACCEPT
- 执行下命令:
iptables -F
方案二
原因:同样是网络问题,具体而言是在初始化k8s集群时,--pod-network-cidr=192.168.0.0/16
网段与虚拟机IP网段冲突
操作:重装k8s集群,具体参考:Ubuntu重装kubernetes集群-CSDN博客
(下面步骤和参考链接有所不同,也是解决这个问题的关键)
-
将原来
--pod-network-cidr=192.168.0.0/16
修改为与虚拟机IP不同的网段,比如--pod-network-cidr=192.170.0.0/16
-
修改网络插件配置calico.yaml,修改IP
参考
https://zhuanlan.zhihu.com/p/368578555
安装kubernetes-dashboard时显示为CrashLoopBackOff或Error状态的可能原因 - 岁月已走远 - 博客园