当在 Openshift 路由器端口前面使用原生 LB 时,请更改其默认端口(80 和 443)
Issue
- 如果集群中的某些服务接管了
hostnetwork上的端口 80 或 443,则路由器 pod 处于待处理状态。 -
路由器 pod 日志显示持续的套接字连接失败:
[Snippet]
I0620 10:57:57.469187 1 metrics.go:147] Router health and metrics port listening at 0.0.0.0:1936 on HTTP and HTTPS
E0620 10:57:57.495382 1 haproxy.go:392] can't scrape HAProxy: dial unix /var/lib/haproxy/run/haproxy.sock: connect: no such file or directory
I0620 10:57:57.515858 1 router.go:252] Router is including routes in all namespaces
E0620 10:57:57.740102 1 haproxy.go:392] can't scrape HAProxy: dial unix /var/lib/haproxy/run/haproxy.sock: connect: connection refused
E0620 10:57:57.767828 1 limiter.go:137] error reloading router: exit status 1
[ALERT] 170/105757 (62):Starting frontend public: cannot bind socket [0.0.0.0:80]
[end] -
当将 infra 节点放在外部 Haproxy 负载均衡后,用来平衡到 Openshift Container Platform 路由器的流量时,在应用新的 OCP 路由器端口后,infra 节点后端会在 haproxy 统计页面上出现红色状态,并在日志中显示第 4 层 TCP 检查失败,permission denied accessing the new port。
- OCP 中的路由无法访问,给出 "Application not available" 错误。
Environment
OpenShift Container Platform v3.9、v3.10 和 v3.11
Haproxy 版本 1.8
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
