I am running Kubernetes 1.5.0 in hyperkube and it gets stuck with the following lines cyclically repeating in the logs:
E0228 21:28:35.891472 20321 reflector.go:188] pkg/kubelet/config/apiserver.go:44: Failed to list *api.Pod: Get http://localhost:8443/api/v1/pods?fieldSelector=spec.nodeName%3D127.0.0.1&resourceVersion=0: dial tcp 127.0.0.1:8443: getsockopt: connection refused
E0228 21:28:35.892410 20321 reflector.go:188] pkg/kubelet/kubelet.go:386: Failed to list *api.Node: Get http://localhost:8443/api/v1/nodes?fieldSelector=metadata.name%3D127.0.0.1&resourceVersion=0: dial tcp 127.0.0.1:8443: getsockopt: connection refused
Here is how I am starting Hyperkube:
docker run \
--volume=/:/rootfs:ro \
--volume=/sys:/sys:ro \
--volume=/var/lib/docker/:/var/lib/docker:rw \
--volume=/var/lib/kubelet/:/var/lib/kubelet:rw \
--volume=/var/run:/var/run:rw \
--net=host \
--pid=host \
--privileged=true \
--name=kube -d \
gcr.io/google-containers/hyperkube:v1.5.3 \
/hyperkube kubelet --containerized \
--hostname-override="127.0.0.1" \
--address="0.0.0.0" \
--api-servers=http://localhost:8443 \
--allow-privileged=true --v=2
To second the comment from #nehal-j-wani, 8443 is the secure port, but you're using the http scheme, without any client or CA certificate.
Sounds like you are not intending to communicate with your local API server over TLS, so you should rather either:
use the insecure port (defaults to 8080)
fix your kubelet flags to use the TLS communication properly
See also:
kubelet
TLS bootstrapping
Related
I am very new to docker so please bear with me. I am following the documentation on https://docs.docker.com/registry/deploying/#running-a-domain-registry
I have spin up 2 nodes on play-with-docker.com for my learning.
On Node1 I am able to set up a private registry successfully using the following command
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v "$(pwd)"/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v "$(pwd)"/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
I was also able to pull and push images from Node1 to the registry. However, when I go on Node2 and try to log in to the registry it gives the following error:
[node2] (local) root#192.168.0.7 ~
$ docker login 192.168.0.8:5000
Username: testuser
Password:
Error response from daemon: Get https://192.168.0.8:5000/v2/: dial tcp 192.168.0.8:5000: connect: connection refused
please let me know what am I missing?
Node2 can't access port 5000 on 192.168.0.8. This looks like a network issue.
Are your nodes in the same network?
Are there firewall rules that might be blocking access to port 5000?
Are you sure 192.168.0.8 is the correct IP address of your Node1 machine?
To test your TCP connection use telnet. For example telnet 192.168.0.8 5000 (assuming 192.168.0.8 is the correct IP address).
I'm trying to run confluent schema registry via docker image (on Mac os Catalina and Docker version 19.03.12)
docker run --network="host" -e \
SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL=localhost:2181 \
-e SCHEMA_REGISTRY_HOST_NAME=localhost \
-e SCHEMA_REGISTRY_LISTENERS=http://0.0.0.0:8081 \
-e SCHEMA_REGISTRY_DEBUG=true confluentinc/cp-schema-registry
I'm running zookeper (3.5.8) and kafka server no the localmachine (no docker). The above picks (3.5.8 client of zookeper). However schema-registry is unable to connect.
[main-SendThread(localhost:2181)]
INFO org.apache.zookeeper.ClientCnxn -
Socket error occurred: localhost/127.0.0.1:2181: Connection refused
[main-SendThread(localhost:2181)]
INFO org.apache.zookeeper.ClientCnxn -
Opening socket connection to server localhost/127.0.0.1:2181.
Will not attempt to authenticate using SASL (unknown error)
I also tried mapping the port, instead of running it in the host network but have the same result
docker run -p 8081:8081 -e \
SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL=host.docker.internal:2181 \
-e SCHEMA_REGISTRY_HOST_NAME=localhost \
-e SCHEMA_REGISTRY_LISTENERS=http://0.0.0.0:8081 \
-e SCHEMA_REGISTRY_DEBUG=true confluentinc/cp-schema-registry
Any ideas? Kafka BTW is running happily I can consume and produce messages.
I'm trying to run kurent-media-server, by following the instructions found here:
https://hub.docker.com/r/kurento/kurento-media-server
I've followed them, but I am still unable to connect to the server.
After running
$ docker run --name kms -d -p 8888:8888 \
kurento/kurento-media-server
$ curl -i -N \
-H "Connection: Upgrade" \
-H "Upgrade: websocket" \
-H "Host: 127.0.0.1:8888" \
-H "Origin: 127.0.0.1" \
http://127.0.0.1:8888/kurento
I get curl: (56) Recv failure: Connection reset by peer, instead of
HTTP/1.1 500 Internal Server Error
Server: WebSocket++/0.7.0
How can I fix this? I seem to have done done everything properly.
Try using latest image of kurento-media-server docker. I am using version 6.13.2 and it works fine for me.
I've got problems trying to run both GitLab CE and the GitLab CI Runner in Docker containers.
This is how I run the GitLab CE container:
docker run --detach \
--name gitlab \
--hostname gitlab.local \
--publish 80:80 \
--restart always \
--env GITLAB_OMNIBUS_CONFIG="external_url 'http://gitlab.local/';" \
--volume ~/volumes/gitlab/config:/etc/gitlab \
--volume ~/volumes/gitlab/logs:/var/log/gitlab \
--volume ~/volumes/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce
Then I can connect to GitLab without problems on the host both through the locally bound interface — i.e. http://localhost — and the container IP — i.e. http://gitlab.local after adding e.g. 172.17.0.2 gitlab gitlab.local on my hosts file).
The problems arise when I try to register a GitLab CI Runner container, through:
docker run --rm --tty --interactive \
--name gitlab-runner-register \
--add-host "gitlab.local:172.17.0.2" \
--link=gitlab \
--volume ~/volumes/gitlab-runner:/etc/gitlab-runner \
gitlab/gitlab-runner \
register \
--non-interactive \
--executor "docker" \
--docker-image alpine:3 \
--url "http://gitlab.local/" \
--registration-token "XXXXXXXXXXXX" \
--description "docker-runner" \
--tag-list "docker" \
--run-untagged \
--locked="false"
The errors I get are:
ERROR: Registering runner... failed runner=XXXXXX status=couldn't execute POST against http://gitlab.local/api/v4/runners: Post http://gitlab.local/api/v4/runners: dial tcp 172.17.0.2:80: getsockopt: connection refused
PANIC: Failed to register this runner. Perhaps you are having network problems
Some help? Thanks in advance!
UPDATE: I've also tried to link a BusyBox to the gitlab container. Pinging it works like a charm, but wgetting it gives Connection refused:
$ docker run --rm --link=gitlab busybox ping -c 1 gitlab
PING gitlab (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.124 ms
--- gitlab ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.124/0.124/0.124 ms
$ docker run --rm --link=gitlab busybox wget http://gitlab
Connecting to gitlab (172.17.0.2:80)
wget: can't connect to remote host (172.17.0.2): Connection refused
So networking is working fine and probably the "issue" is more related to the binding. As demonstration of this, I've tried to run a python http server in the gitlab container in order to retry the wget command and... it works:
$ docker run --rm --link=gitlab busybox wget http://gitlab:8000
Connecting to gitlab:8000 (172.17.0.2:8000)
index.html 100% |********************************| 1065 0:00:00 ETA
When I am trying to start application in shinyproxy I get the following error
Caused by: java.util.concurrent.ExecutionException: javax.ws.rs.ProcessingException: org.apache.http.conn.HttpHostConnectException: Connect to localhost:2375 [localhost/127.0.0.1] failed: Connection refused (Connection refused)
OS - rhel 7.1
Docker.service file
ExecStart=/usr/bin/dockerd-current \
/usr/bin/dockerd -H fd:// -D -H tcp://127.0.0.1:2375 \
–add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
–default-runtime=docker-runc \
–authorization-plugin=rhel-push-plugin \
–exec-opt native.cgroupdriver=systemd \
–userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
Please go to Docker settings and and expose daemon on tcp://localhost:2375 without TLS.