背景:
最近适配国产化信创,使用银河麒麟SP3服务器版本,在用rancher部署K8S后,启用监控模块,无法启动,查看是命名空间: cattle-prometheus下的grafana-cluster-monitoring有异常,追踪下去是子pod grafana-proxy启动时候查看错误日志nginx: [emerg] host not found in upstream "localhost" in /nginx/nginx.conf:33
######正常的Nginx.conf
worker_processes auto;
error_log /dev/stdout warn;
pid /var/cache/nginx/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)';
proxy_connect_timeout 10;
proxy_read_timeout 180;
proxy_send_timeout 5;
proxy_buffering off;
proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g;
server {
listen 8080;
access_log off;
gzip on;
gzip_min_length 1k;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
proxy_set_header Host $host;
location /api/dashboards {
proxy_pass http://localhost:3000;
}
location /api/search {
proxy_pass http://localhost:3000;
sub_filter_types application/json;
sub_filter_once off;
sub_filter '"url":"/d' '"url":"d';
}
location / {
proxy_cache my_zone;
proxy_cache_valid 200 302 1d;
proxy_cache_valid 301 30d;
proxy_cache_valid any 5m;
proxy_cache_bypass $http_cache_control;
add_header X-Proxy-Cache $upstream_cache_status;
add_header Cache-Control "public";
proxy_pass http://localhost:3000/;
sub_filter_types text/html;
sub_filter_once off;
sub_filter '"appSubUrl":""' '"appSubUrl":"."';
sub_filter '"url":"/' '"url":"./';
sub_filter ':"/avatar/' ':"avatar/';
if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) {
expires 90d;
}
}
}
}[rancher@rancher1 ~]$
操作环境:
银河麒麟SP3服务器版本、软件版本:rancher2.4.5 Kubernetes 版本: v1.18.3 docker EC18.0.9和20都测了
尝试过的解决方法
和Cenos7.9部署的环境进行了比较,发现麒麟下执行kubectl命令行,cat /etc/hosts没权限,vi打开文件是空的,看错误日志应该是这个空的引起Nginx 配置localhost无法解析。
# Run kubectl commands inside here
# e.g. kubectl get all
> cat /etc/hosts
cat: /etc/hosts: Permission denied
>
在Centos7.9下执行正常
# Kubernetes-managed hosts file.
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
fe00::0 ip6-mcastprefix
fe00::1 ip6-allnodes
fe00::2 ip6-allrouters
10.42.1.113 grafana-cluster-monitoring-855c6cdd4-n2hhf
2个系统中的hosts的权限分别是
-rw-r--r--. 1 root root 206 Oct 31 13:13 hosts(Centos)
-rw-r----- 1 root root 206 Apr 12 13:38 hosts(麒麟)
kubectl -n cattle-prometheus patch deployments grafana-cluster-monitoring --patch '{
"spec": {
"template": {
"spec": {
"hostAliases": [
{
"hostnames":
[
"localhost"
],
"ip": "127.0.0.1"
}
]
}
}
}
}'
我想要达到的结果
grafana-cluster-monitoring能和Centos7.9环境一样新增pod中的hosts权限正常