Failed to ensure that filter chain KUBE-SERVICES exists: error creating chain"KUBE-EXTERNAL-SERVICES":exitstatus4: Another app is currently holding the xtables lock. Stopped waiting after 5s. 问题原因 1.iptables 相关命令(如 iptables-restore)在向内核写入 iptables 规则时,为了避免多个实例并发写入,会...
6月 19 09:57:07 node1 kube-proxy[17770]: E0619 09:57:07.022125 17770 proxier.go:1319] Failed to delete stale service IP 10.254.0.2 connections, error: error deleting connection tracking stateforUDP service IP: 10.254.0.2, error: error lookingforpath of conntrack:exec:"conntrack": executable...
debug log: syscall.Errno(-error) err: no such file or directory IMO this is a legit bug. Kube-proxy enters a state where is can't recover and stays there. The reaction should be to terminate, i.e. crash-and-restart. As mentioned in#121042 (comment): When restarting the proxy, it ...
1.kube-proxy出现无法代理的情况 proxier.go:1369] Failed to delete stale service IP 10.254.0.2 connections, error: error deleting connection tracking state for UDP service IP: 10.254.0.2, error: conntrack command returned: "", error message: fork/exec /usr/sbin/conntrack: exec format error 2....
If proxier.nodePortAddresses.GetNodeIPs's return is error, then the slice nodeIPs will be empty. As the comments mentioned,because the len(nodeIPs) is 0, syncProxyRules will skip nodePort configuration. There are options that controls how long it takes for kube-proxy to retryhttps://kubernet...
Dec 22 11:10:24 node-2 kubelet[9045]: E1222 11:10:24.476894 9045 kubelet.go:2163] Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:Network plugin returns error: cni plugin not initialized Dec 22 11:10:24 node-2 kubelet[9045]: I1222 11:10:24.927...
1. conntrack Failed to delete stale service IP 169.169.0.100 connections, error: error deleting connection tracking state for UDP service IP: 169.169.0.100, error: error looking for path of conntrack: exec: "conntrack": executable file not found in $PATH ...
klog.Errorf("Failed to get node ip address matching nodeport cidr: %v", err) } else { nodeAddresses = nodeAddrSet.List() for _, address := range nodeAddresses { // ipGetter.NodeIPs() 获取本地 ip,该方法通过本地路由表获取 ip。
之前kube-proxy服务都是用admin集群证书,造成权限过大不安全,后续该问题,将在文档中修复 请关注 https://github.com/cby-chen/Kubernetes 创建生成证书配置文件 详细见:https://github.com/cby-chen/Kubernetes#23%E5%88%9B%E5%BB%BA%E8%AF%81%E4%B9%A6%E7%9B%B8%E5%85%B3%E6%96%87%E4%BB%B6 ...
Errorf("Unable to read IPTablesMasqueradeBit from config") } //调用pkg/proxy/iptables/proxier.go:222中的iptables.NewProxier来创建proxier,赋值给前面定义的proxier和endpointsHandler,表示由该proxier同时负责service和endpoint的event处理。 proxierIPTables, err := iptables.NewProxier(iptInterface, utilsysctl....