主页
产品
OpenShift Container Platform
4.7
安装
8.5.8.4. 路由无法访问端点

8.5.8.4. 路由无法访问端点

在安装过程中，可能会遇到虚拟路由器冗余协议（VRRP）冲突。如果以前使用一个特定集群名称部署的集群中的个 OpenShift Container Platform 节点仍在运行，且这个节点不是使用相同集群名称部署的当前 OpenShift Container Platform 集群的一部分，则可能会出现冲突。例如，一个集群使用集群名称 openshift 部署，它部署了三个 Control Plane（master）节点和三个 worker 节点。之后，一个单独的安装会使用相同的集群名称 openshift，但这个重新部署只安装了三个 control plane(master)节点，以前部署的三个 worker 节点处于 ON 状态。这可能导致 Virtual Router Identifier（VRID）冲突和 VRRP 冲突。

获取路由：
```
oc get route oauth-openshift
```
```
$ oc get route oauth-openshift
```
Copy to Clipboard Toggle word wrap

检查服务端点：

oc get svc oauth-openshift

$ oc get svc oauth-openshift

Copy to Clipboard

Toggle word wrap

NAME              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
oauth-openshift   ClusterIP   172.30.19.162   <none>        443/TCP   59m

NAME              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
oauth-openshift   ClusterIP   172.30.19.162   <none>        443/TCP   59m

Copy to Clipboard

Toggle word wrap

尝试从 Control Plane（master）节点访问该服务：

curl -k https://172.30.19.162

[core@master0 ~]$ curl -k https://172.30.19.162

Copy to Clipboard

Toggle word wrap

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
  },
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
  "reason": "Forbidden",
  "details": {
  },
  "code": 403

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
  },
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
  "reason": "Forbidden",
  "details": {
  },
  "code": 403

Copy to Clipboard

Toggle word wrap

找到 provisioner 节点的 authentication-operator 错误：

oc logs deployment/authentication-operator -n openshift-authentication-operator

$ oc logs deployment/authentication-operator -n openshift-authentication-operator

Copy to Clipboard

Toggle word wrap

Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-authentication-operator", Name:"authentication-operator", UID:"225c5bd5-b368-439b-9155-5fd3c0459d98", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'OperatorStatusChanged' Status for clusteroperator/authentication changed: Degraded message changed from "IngressStateEndpointsDegraded: All 2 endpoints for oauth-server are reporting"

Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-authentication-operator", Name:"authentication-operator", UID:"225c5bd5-b368-439b-9155-5fd3c0459d98", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'OperatorStatusChanged' Status for clusteroperator/authentication changed: Degraded message changed from "IngressStateEndpointsDegraded: All 2 endpoints for oauth-server are reporting"

Copy to Clipboard

Toggle word wrap

解决方案

确保每个部署的集群名称都是唯一的，确保没有冲突。
关闭所有不是使用相同集群名称的集群部署的一部分的节点。否则，OpenShift Container Platform 集群的身份验证 pod 可能无法成功启动。

返回顶部

8.5.8.4. 路由无法访问端点

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links