-
Notifications
You must be signed in to change notification settings - Fork 295
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vSphere: oc logs ... results in 'net/http: TLS handshake timeout" #86
Comments
API server can't reach kubelet's port. Ensure 10250 is not blocked on masters / workers by any kind of firewall |
I'm behind a corporate proxy. If I unset my https_proxy vars at least the curl command
returns Unauthorized. But
doesn't work. Same net/http tls timeout error. I'm wondering if oc shouldn't use hostnames instead of IP addresses because in my NO_PROXY env variable I set our intranet domain so internal hostnames aren't sent to the corporate proxy. This worked in the past. Can I set the log-level on the oc log command somehow to get more debug info? |
Does curl work from master node? Did you setup proxy according to https://docs.openshift.com/container-platform/4.3/installing/installing_bare_metal/installing-restricted-networks-bare-metal.html#installation-configure-proxy_installing-restricted-networks-bare-metal?
oc asks api-server to get logs, and apiserver is using InternalDNS address to contact the kubelet. Masters must be able to reach nodes using its short hostname |
I have done that. But because in the past the proxy information in the install-config.yaml file was not served from the bootstrap machine to the masters and workers I patch that to their ignition-files. Shouldn't I do that? |
The curl from the master also says: Unauthorized. Also the oc logs command does not work there. |
Maybe you remember #19 |
Something must have changed in the last weeks because formerly I got logs. |
I add this section to all ignition files for the masters and workers:
|
Okay, now try curl from api container |
That's not working. In the api-server container HTTPS_PROXY env variable is set to my corporate proxy. Also NO_PROXY is set but without the IPs of my masters. If I unset the proxy variables in the API server container, the curl responds with Unauthorized. The problem seems to be that the master's IP address is not in the NO_PROXY variable. |
What's
|
You mean I must add the subnet of my VMs also to the no_proxy env variable? I'll try that. |
Thanks Vadim. That was the problem :-) ! I had to add the subnet CIDR of my VMs to the no_proxy field in the install-config.yaml file. |
Hi,
OKD version: 4.4.0-0.okd-2020-02-25-003044
I cant get the logs of pods neither in the web ui nor on the console. I always get this:
(10.0.224.179 is master2)
On master2 in the logs of pod api-server (sudo crictl logs api-server):
Has anybody an idea what could be wrong in my setup?
Greetings,
Josef
SOLUTION: My cluster is behind a corporate proxy. I had to add the subnet of my VMs (CIDR) to the no_proxy field in the install-config.yaml file !
The text was updated successfully, but these errors were encountered: