Nginx Ingress Controller Installation Error, “dial tcp 10.96.0.1:443: i/o timeout”

0
votes

I'm trying to setup a kubernetes cluster with kubeadm and vagrant. I faced an error during installing nginx ingress controller was timeout when the pods is trying to retrieve the configmap through kubernetes API. I have looked around and trying to apply their solution, still no luck, this is the reason I come out with this post.

Environment:

I'm using vagrant to setup 2 nodes with ubuntu/xenial image.

kmaster
-------------------------------------------
network:
Adapter1: NAT
Adapter2: HostOnly-network, IP:192.168.2.71

kworker1
-------------------------------------------
network:
Adapter1: NAT
Adapter2: HostOnly-network, IP:192.168.2.72

I followed the kubeadm to setup the cluster

[Setup kubernetes with kubeadm]

And my kube cluster init command as below:

kubeadm init --pod-network-cidr=192.168.0.0/16 --apiserver-advertise-address=192.168.2.71

and apply calico network plugin policy:

kubectl apply -f \
https://docs.projectcalico.org/v3.4/getting-started/kubernetes/installation/hosted/etcd.yaml

kubectl apply -f \
https://docs.projectcalico.org/v3.4/getting-started/kubernetes/installation/hosted/calico.yaml

(Calico is a plugin I currently successful installed with, I will come out another post for flannel plugin which the plugin unable to access the service)

I'm using helm to install ingress controller followed the tutorial https://kubernetes.github.io/ingress-nginx/deploy/

That's the error occurred once I applied helm deploy command when I describe the pod

Helm Ingress Error

Appreciate someone can help, as I know the reason was the pod unable to access kubernetes API. But not this already should enable by kubernetes by default?

My kubesystem pods status as below: kube system pods

Another solution provided from kubernetes official website:

1) install kube-proxy with sidecar, I still new with kubernetes and I'm looking for example how to install kube-proxy with sidecar. Appreciate if someone could provide an example.

2) use client-go, I'm very confuse when I read this post, it seems that using go command to pull the go script, and I have no clue how's it working with kubernetes pods.

1
kuberneteskubernetes-helmnginx-ingress
(a) watch out with vagrant clusters as it is very important that nothing in the cluster try to bind to that NAT interface; kubespray is notorious for overlooking that, so kubeadm may fall prey to it, also. You can actually side-step that issue entirely by using bridge for the interface, if that's acceptable in your situation. (b) i/o timeouts are almost always a CNI failure; did all the calico Pods come up successfully?mdaniel
Yes, calico pod were up successfully. I can access to a sample service and deployments.A1ucard
and other Pods can access 10.96.0.1:443? you also mentioned "the error occurred once I applied helm deploy command" -- is that the same error? Please do consider fleshing our your question to include more details; log messages, tests you have already run, anythingmdaniel
The other pod not able to access kunernetes api also.A1ucard
I have added more info, and I try to ping 10.96.0.1 from other port, it's not working also.... Maybe I have to try in the real environment like GCD, AWS,...A1ucard

1 Answers

1
votes

You guys are right, I have tested with digital ocean's droplet and it works as expected, I hit another error is "forbidden, user service account not permitted". Look like the pods is able to access the kubernetes api already. I also tested install istio which I encountered the same issue before, and now it worked in digital ocean droplet.

Thank you guys.