问k8s api服务器的haproxy返回PR_END_OF_FILE_ERROR
EN

Server Fault用户

提问于 2019-05-21 11:07:42

回答 1查看 2.8K关注 0票数 0

我正在为k8s api服务器设置haproxy。haproxy的配置是：

frontend k8s-https
    log /dev/log local0 debug
    option tcplog
    bind 0.0.0.0:8443
    mode tcp
    default_backend k8s-https

backend k8s-https
    mode tcp
    balance roundrobin
    server master-1 192.168.59.101:6443 check
    server master-2 192.168.59.102:6443 check
    server master-3 192.168.59.103:6443 check

当我使用curl端口6443时，api服务器响应：

$ curl -1 -vvv -k https://192.168.59.101:6443/
* About to connect() to 192.168.59.101 port 6443 (#0)
*   Trying 192.168.59.101...
* Connected to 192.168.59.101 (192.168.59.101) port 6443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*   subject: CN=kube-apiserver,OU=Admin,O=Kubernetes,L=Beijing,ST=Bejing,C=CN
*   start date: May 21 05:01:00 2019 GMT
*   expire date: Apr 27 05:01:00 2119 GMT
*   common name: kube-apiserver
*   issuer: CN=Kubernetes,OU=CA,O=Kubernetes,L=Beijing,ST=Bejing,C=CN
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.59.101:6443
> Accept: */*
> 
< HTTP/1.1 403 Forbidden
< Content-Type: application/json
< X-Content-Type-Options: nosniff
< Date: Tue, 21 May 2019 11:05:54 GMT
< Content-Length: 233
< 
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
  "reason": "Forbidden",
  "details": {

  },
  "code": 403
* Connection #0 to host 192.168.59.101 left intact
}

但是，如果我通过端口8443 ( haproxy正在监听的端口)访问api，则会导致文件错误的结束。

$ curl -1 -vvv -k https://192.168.59.101:8443/
* About to connect() to 192.168.59.101 port 8443 (#0)
*   Trying 192.168.59.101...
* Connected to 192.168.59.101 (192.168.59.101) port 8443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* NSS error -5938 (PR_END_OF_FILE_ERROR)
* Encountered end of file
* Closing connection 0
curl: (35) Encountered end of file

为什么哈代不起作用？

kubernetes

haproxy

回答 1

Server Fault用户

发布于 2019-05-21 11:21:15

最后，我发现这个问题是由centos 7's默认的SELinux策略引起的，如果用sudo setenforce 0暂时禁用它，它就能工作。

票数 0

页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持

原文链接：

https://serverfault.com/questions/968212

复制

相似问题

问k8s api服务器的haproxy返回PR_END_OF_FILE_ERROR
EN

回答 1

Server Fault用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问k8s api服务器的haproxy返回PR_END_OF_FILE_ERROREN

回答 1

Server Fault用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问k8s api服务器的haproxy返回PR_END_OF_FILE_ERROR
EN