Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

edgemesh的HTTPS测试用例中,nginx的pod无法启动 #540

Open
as154 opened this issue Jan 25, 2024 · 0 comments
Open

edgemesh的HTTPS测试用例中,nginx的pod无法启动 #540

as154 opened this issue Jan 25, 2024 · 0 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@as154
Copy link

as154 commented Jan 25, 2024

集群情况:

[root@server ~]# kubectl get nodes -o wide
NAME     STATUS   ROLES                         AGE     VERSION                     INTERNAL-IP      EXTERNAL-IP   OS-IMAGE                         KERNEL-VERSION                 CONTAINER-RUNTIME
master   Ready    control-plane,master,worker   38d     v1.22.12                    192.168.100.90   <none>        CentOS Linux 7 (Core)            3.10.0-1160.102.1.el7.x86_64   docker://19.3.9
pi       Ready    agent,edge                    7d22h   v1.23.15-kubeedge-v1.13.0   192.168.1.2      <none>        Debian GNU/Linux 11 (bullseye)   5.15.61-v8+                    docker://20.10.6

根据HTTPS测试用例部署服务:

[root@server testyaml]# ./examples/nginx-https/tools.sh cleanup
secret "nginxsecret" deleted
configmap "nginxconfigmap" deleted
deployment.apps "nginx-https" deleted
service "nginx-https" deleted
delete https example success!
[root@server testyaml]# ./examples/nginx-https/tools.sh install
Generating RSA private key, 2048 bit long modulus
..............................................................+++
....................................................+++
e is 65537 (0x10001)
Signature ok
subject=/C=CN/ST=Zhejiang/L=Hangzhou/O=KubeEdge/CN=kubeedge.io
Getting Private key
Generating RSA private key, 2048 bit long modulus
.................................+++
...........................................+++
e is 65537 (0x10001)
Signature ok
subject=/C=CN/ST=Zhejiang/L=Hangzhou/O=KubeEdge/CN=my-nginx.com
Getting Private key
Getting CA Private Key
Generating RSA private key, 2048 bit long modulus
........................+++
.......................................................................+++
e is 65537 (0x10001)
Signature ok
subject=/C=CN/ST=Zhejiang/L=Hangzhou/O=KubeEdge/CN=my-nginx.com
Getting Private key
Getting CA Private Key
secret/nginxsecret created
configmap/nginxconfigmap created
deployment.apps/nginx-https created
service/nginx-https created
create https example success!

然后进入容器的内部访问相关服务,无法获得返回结果:

[root@server testyaml]# kubectl exec -it alpine-test -- sh
/ # curl -k --cert client.crt --key client.key https://nginx-https
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to nginx-https:443
/ # curl --cacert rootCA.crt --cert client.crt --key client.key https://my-nginx.com
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to my-nginx.com:443

查看pod,发现pod没有启动

[root@server testyaml]# kubectl get pods -o wide
NAME                             READY   STATUS             RESTARTS       AGE     IP              NODE     NOMINATED NODE   READINESS GATES
alpine-test                      1/1     Running            1 (156m ago)   5h56m   10.233.70.217   master   <none>           <none>
hostname-edge-84cb45ccf4-twlwc   1/1     Running            0              4h18m   172.17.0.3      pi       <none>           <none>
nginx-https-84c9fc57f8-vdg5n     0/1     CrashLoopBackOff   6 (26s ago)    6m31s   172.17.0.4      pi       <none>           <none>
websocket-test                   1/1     Running            0              5h56m   10.233.70.218   master   <none>           <none>

查看pod的日志,发现好像是证书的问题?

[root@server testyaml]# kubectl logs nginx-https-84c9fc57f8-vdg5n
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2024/01/25 07:46:11 [emerg] 1#1: unknown directive "ssl" in /etc/nginx/nginx.conf:36
nginx: [emerg] unknown directive "ssl" in /etc/nginx/nginx.conf:36

我去了搜索这个问题,但是搜索结果是重新生成nginx的证书,但是我无法进入容器,这种情况应该怎么办?

@as154 as154 added the kind/bug Categorizes issue or PR as related to a bug. label Jan 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Development

No branches or pull requests

1 participant