PorterLB访问异常

fanxin

域名访问提示证书异常：

使用svc端口+IP地址访问，显示如下：

以下是porter-manager日志：
I0316 05:48:34.417591 74707 request.go:621] Throttling request took 1.179259757s, request: GET:https://lb.kubesphere.local:6443/apis/app.k8s.io/v1beta1?timeout=32s I0316 12:26:54.746706 1 request.go:621] Throttling request took 1.043059123s, request: GET:https://10.233.0.1:443/apis/app.k8s.io/v1beta1?timeout=32s {"level":"info","ts":1615897614.9003007,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, admission.Defaulter interface is not implemented","GVK":"network.kubesphere.io/v1alpha2, Kind=Eip"} {"level":"info","ts":1615897614.9003615,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"network.kubesphere.io/v1alpha2, Kind=Eip","path":"/validate-network-kubesphere-io-v1alpha2-eip"} {"level":"info","ts":1615897614.9003913,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/validate-network-kubesphere-io-v1alpha2-eip"} {"level":"info","ts":1615897614.9014869,"logger":"gobgpd","msg":"gobgpd starting"} I0316 12:26:54.901521 1 leaderelection.go:242] attempting to acquire leader lease default/porter-speaker... {"level":"info","ts":1615897614.901647,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"bgppeer","source":"kind source: /, Kind="} {"level":"info","ts":1615897614.9016068,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"LBController","source":"kind source: /, Kind="} {"level":"info","ts":1615897614.901711,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"IPAM","source":"kind source: /, Kind="} {"level":"info","ts":1615897614.9017572,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"BgpConfController","source":"kind source: /, Kind="} {"level":"info","ts":1615897614.9015303,"logger":"controller-runtime.webhook.webhooks","msg":"starting webhook server"} I0316 12:26:54.908908 1 leaderelection.go:252] successfully acquired lease default/porter-speaker {"level":"info","ts":1615897614.9141505,"logger":"controller-runtime.certwatcher","msg":"Updated current TLS certificate"} {"level":"info","ts":1615897614.914274,"logger":"controller-runtime.webhook","msg":"serving webhook server","host":"","port":443} {"level":"info","ts":1615897614.9143298,"logger":"controller-runtime.certwatcher","msg":"Starting certificate watcher"} {"level":"info","ts":1615897615.0018613,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"BgpConfController","source":"kind source: /, Kind="} {"level":"info","ts":1615897615.0019019,"logger":"controller-runtime.controller","msg":"Starting Controller","controller":"IPAM"} {"level":"info","ts":1615897615.0019326,"logger":"controller-runtime.controller","msg":"Starting Controller","controller":"bgppeer"} {"level":"info","ts":1615897615.0018566,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"LBController","source":"kind source: /, Kind="} {"level":"info","ts":1615897615.1021066,"logger":"controller-runtime.controller","msg":"Starting workers","controller":"IPAM","worker count":1} {"level":"info","ts":1615897615.1021419,"logger":"controller-runtime.controller","msg":"Starting workers","controller":"bgppeer","worker count":1} {"level":"info","ts":1615897615.1020913,"logger":"controller-runtime.controller","msg":"Starting Controller","controller":"BgpConfController"} {"level":"info","ts":1615897615.1021676,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"LBController","source":"kind source: /, Kind="} {"level":"info","ts":1615897615.1021912,"logger":"controller-runtime.controller","msg":"Starting workers","controller":"BgpConfController","worker count":1} {"level":"info","ts":1615897615.1022134,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"LBController","source":"kind source: /, Kind="} {"level":"info","ts":1615897615.1022334,"logger":"controller-runtime.controller","msg":"Starting Controller","controller":"LBController"} {"level":"info","ts":1615897615.10224,"logger":"controller-runtime.controller","msg":"Starting workers","controller":"LBController","worker count":1} {"level":"info","ts":1615897750.0273163,"msg":"use interface eth0 to speak arp"} {"level":"info","ts":1615897827.9672966,"msg":"setup porter service","service":"kubesphere-controls-system/kubesphere-router-test"} {"level":"info","ts":1615897827.9673684,"logger":"IPAM","msg":"unAssignIP","args":{"Key":"kubesphere-controls-system/kubesphere-router-test","Addr":"","Eip":"","Protocol":"layer2","Unalloc":false},"peek":true,"result":{"Addr":"","Eip":"","Protocol":"","Sp":null},"err":null} {"level":"info","ts":1615897827.972944,"msg":"assignIP update eip","eip":{"usage":1,"poolSize":254,"used":{"10.11.168.1":"kubesphere-controls-system/kubesphere-router-test"},"firstIP":"10.11.168.1","lastIP":"10.11.168.254","ready":true,"v4":true}} {"level":"info","ts":1615897827.9731796,"logger":"IPAM","msg":"assignIP","args":{"Key":"kubesphere-controls-system/kubesphere-router-test","Addr":"","Eip":"","Protocol":"layer2","Unalloc":false},"result":{"Addr":"10.11.168.1","Eip":"porter-layer2-eip","Protocol":"layer2","Sp":{}},"err":null} {"level":"error","ts":1615897827.9732754,"logger":"controller-runtime.controller","msg":"Reconciler error","controller":"LBController","request":"kubesphere-controls-system/kubesphere-router-test","error":"Endpoints \"kubesphere-router-test\" not found","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/home/ubuntu/go-path/pkg/mod/github.com/go-logr/zapr@v0.1.0/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/home/ubuntu/go-path/pkg/mod/sigs.k8s.io/controller-runtime@v0.6.0/pkg/internal/controller/controller.go:258\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/ubuntu/go-path/pkg/mod/sigs.k8s.io/controller-runtime@v0.6.0/pkg/internal/controller/controller.go:232\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/home/ubuntu/go-path/pkg/mod/sigs.k8s.io/controller-runtime@v0.6.0/pkg/internal/controller/controller.go:211\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/home/ubuntu/go-path/pkg/mod/k8s.io/apimachinery@v0.18.2/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/home/ubuntu/go-path/pkg/mod/k8s.io/apimachinery@v0.18.2/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/home/ubuntu/go-path/pkg/mod/k8s.io/apimachinery@v0.18.2/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/home/ubuntu/go-path/pkg/mod/k8s.io/apimachinery@v0.18.2/pkg/util/wait/wait.go:90"} {"level":"info","ts":1615897827.9786735,"msg":"setup porter service","service":"kubesphere-controls-system/kubesphere-router-test"} {"level":"info","ts":1615897827.978803,"logger":"IPAM","msg":"unAssignIP","args":{"Key":"kubesphere-controls-system/kubesphere-router-test","Addr":"","Eip":"","Protocol":"layer2","Unalloc":false},"peek":true,"result":{"Addr":"10.11.168.1","Eip":"porter-layer2-eip","Protocol":"layer2","Sp":{}},"err":null} {"level":"error","ts":1615897827.9788656,"logger":"controller-runtime.controller","msg":"Reconciler error","controller":"LBController","request":"kubesphere-controls-system/kubesphere-router-test","error":"Endpoints \"kubesphere-router-test\" not found","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/home/ubuntu/go-path/pkg/mod/github.com/go-logr/zapr@v0.1.0/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/home/ubuntu/go-path/pkg/mod/sigs.k8s.io/controller-runtime@v0.6.0/pkg/internal/controller/controller.go:258\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/ubuntu/go-path/pkg/mod/sigs.k8s.io/controller-runtime@v0.6.0/pkg/internal/controller/controller.go:232\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/home/ubuntu/go-path/pkg/mod/sigs.k8s.io/controller-runtime@v0.6.0/pkg/internal/controller/controller.go:211\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/home/ubuntu/go-path/pkg/mod/k8s.io/apimachinery@v0.18.2/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/home/ubuntu/go-path/pkg/mod/k8s.io/apimachinery@v0.18.2/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/home/ubuntu/go-path/pkg/mod/k8s.io/apimachinery@v0.18.2/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/home/ubuntu/go-path/pkg/mod/k8s.io/apimachinery@v0.18.2/pkg/util/wait/wait.go:90"} {"level":"info","ts":1615897828.9790378,"msg":"setup porter service","service":"kubesphere-controls-system/kubesphere-router-test"} {"level":"info","ts":1615897828.979124,"logger":"IPAM","msg":"unAssignIP","args":{"Key":"kubesphere-controls-system/kubesphere-router-test","Addr":"","Eip":"","Protocol":"layer2","Unalloc":false},"peek":true,"result":{"Addr":"10.11.168.1","Eip":"porter-layer2-eip","Protocol":"layer2","Sp":{}},"err":null} {"level":"info","ts":1615897828.9887743,"msg":"setup porter service","service":"kubesphere-controls-system/kubesphere-router-test"} {"level":"info","ts":1615897828.9888184,"logger":"IPAM","msg":"unAssignIP","args":{"Key":"kubesphere-controls-system/kubesphere-router-test","Addr":"","Eip":"","Protocol":"layer2","Unalloc":false},"peek":true,"result":{"Addr":"10.11.168.1","Eip":"porter-layer2-eip","Protocol":"layer2","Sp":{}},"err":null} {"level":"info","ts":1615897896.4748492,"msg":"setup porter service","service":"kubesphere-controls-system/kubesphere-router-test"} {"level":"info","ts":1615897896.4760666,"logger":"IPAM","msg":"unAssignIP","args":{"Key":"kubesphere-controls-system/kubesphere-router-test","Addr":"","Eip":"","Protocol":"layer2","Unalloc":false},"peek":true,"result":{"Addr":"10.11.168.1","Eip":"porter-layer2-eip","Protocol":"layer2","Sp":{}},"err":null} {"level":"info","ts":1615897903.6589775,"msg":"setup porter service","service":"kubesphere-controls-system/kubesphere-router-test"} {"level":"info","ts":1615897903.659028,"logger":"IPAM","msg":"unAssignIP","args":{"Key":"kubesphere-controls-system/kubesphere-router-test","Addr":"","Eip":"","Protocol":"layer2","Unalloc":false},"peek":true,"result":{"Addr":"10.11.168.1","Eip":"porter-layer2-eip","Protocol":"layer2","Sp":{}},"err":null} {"level":"info","ts":1615897903.6682997,"logger":"arpSpeaker","msg":"map ingress ip","ingress":"10.11.168.1","nodeIP":"10.11.121.37","nodeMac":"52:54:00:22:97:37"} {"level":"info","ts":1615897903.6683373,"logger":"arpSpeaker","msg":"send gratuitous arp packet","eip":"10.11.168.1","nodeIP":"10.11.121.37","hwAddr":"52:54:00:22:97:37"} {"level":"info","ts":1615897903.6683795,"logger":"arpSpeaker","msg":"send gratuitous arp packet","eip":"10.11.168.1","nodeIP":"10.11.121.37","hwAddr":"52:54:00:22:97:37"} {"level":"info","ts":1615897903.6684473,"msg":"setup porter service","service":"kubesphere-controls-system/kubesphere-router-test"} {"level":"info","ts":1615897903.6685042,"logger":"IPAM","msg":"unAssignIP","args":{"Key":"kubesphere-controls-system/kubesphere-router-test","Addr":"","Eip":"","Protocol":"layer2","Unalloc":false},"peek":true,"result":{"Addr":"10.11.168.1","Eip":"porter-layer2-eip","Protocol":"layer2","Sp":{}},"err":null} 2021/03/16 12:32:55 http: TLS handshake error from 154.86.159.97:3399: remote error: tls: unknown certificate 2021/03/16 12:32:55 http: TLS handshake error from 154.86.159.97:3400: remote error: tls: unknown certificate 2021/03/16 12:32:56 http: TLS handshake error from 154.86.159.97:3401: remote error: tls: unknown certificate {"level":"info","ts":1615898104.2721558,"msg":"setup porter service","service":"kubesphere-controls-system/kubesphere-router-test"} {"level":"info","ts":1615898104.2722213,"logger":"IPAM","msg":"unAssignIP","args":{"Key":"kubesphere-controls-system/kubesphere-router-test","Addr":"","Eip":"","Protocol":"layer2","Unalloc":true},"peek":true,"result":{"Addr":"10.11.168.1","Eip":"porter-layer2-eip","Protocol":"layer2","Sp":{}},"err":null} {"level":"info","ts":1615898104.2846096,"msg":"unAssignIP update eip","eip":{"poolSize":254,"firstIP":"10.11.168.1","lastIP":"10.11.168.254","ready":true,"v4":true}} {"level":"info","ts":1615898104.284703,"logger":"IPAM","msg":"unAssignIP","args":{"Key":"kubesphere-controls-system/kubesphere-router-test","Addr":"","Eip":"","Protocol":"layer2","Unalloc":true},"peek":false,"result":{"Addr":"10.11.168.1","Eip":"porter-layer2-eip","Protocol":"layer2","Sp":{}},"err":null} {"level":"error","ts":1615898104.2919269,"logger":"controller-runtime.controller","msg":"Reconciler error","controller":"LBController","request":"kubesphere-controls-system/kubesphere-router-test","error":"Operation cannot be fulfilled on services \"kubesphere-router-test\": StorageError: invalid object, Code: 4, Key: /registry/services/specs/kubesphere-controls-system/kubesphere-router-test, ResourceVersion: 0, AdditionalErrorMsg: Precondition failed: UID in precondition: b85762c9-43b3-47c8-9823-064eb8ee6ab1, UID in object meta: ","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/home/ubuntu/go-path/pkg/mod/github.com/go-logr/zapr@v0.1.0/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/home/ubuntu/go-path/pkg/mod/sigs.k8s.io/controller-runtime@v0.6.0/pkg/internal/controller/controller.go:258\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/ubuntu/go-path/pkg/mod/sigs.k8s.io/controller-runtime@v0.6.0/pkg/internal/controller/controller.go:232\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/home/ubuntu/go-path/pkg/mod/sigs.k8s.io/controller-runtime@v0.6.0/pkg/internal/controller/controller.go:211\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/home/ubuntu/go-path/pkg/mod/k8s.io/apimachinery@v0.18.2/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/home/ubuntu/go-path/pkg/mod/k8s.io/apimachinery@v0.18.2/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/home/ubuntu/go-path/pkg/mod/k8s.io/apimachinery@v0.18.2/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/home/ubuntu/go-path/pkg/mod/k8s.io/apimachinery@v0.18.2/pkg/util/wait/wait.go:90"} {"level":"info","ts":1615898105.2922297,"msg":"setup porter service","service":"kubesphere-controls-system/kubesphere-router-test"} 2021/03/16 12:35:44 http: TLS handshake error from 154.86.159.97:3402: remote error: tls: unknown certificate 2021/03/16 12:35:47 http: TLS handshake error from 154.86.159.97:3403: remote error: tls: unknown certificate 2021/03/16 12:35:50 http: TLS handshake error from 154.86.159.97:3404: remote error: tls: unknown certificate 2021/03/16 12:36:58 http: TLS handshake error from 154.86.159.97:3405: remote error: tls: unknown certificate 2021/03/16 12:37:06 http: TLS handshake error from 154.86.159.97:3407: remote error: tls: unknown certificate 2021/03/16 12:37:06 http: TLS handshake error from 154.86.159.97:3406: remote error: tls: unknown certificate 2021/03/16 12:37:10 http: TLS handshake error from 154.86.159.97:3408: remote error: tls: unknown certificate {"level":"info","ts":1615898283.6875381,"msg":"setup porter service","service":"kubesphere-controls-system/kubesphere-router-test"} {"level":"info","ts":1615898283.687597,"logger":"IPAM","msg":"unAssignIP","args":{"Key":"kubesphere-controls-system/kubesphere-router-test","Addr":"","Eip":"","Protocol":"layer2","Unalloc":false},"peek":true,"result":{"Addr":"","Eip":"","Protocol":"","Sp":null},"err":null} {"level":"info","ts":1615898283.6944706,"msg":"assignIP update eip","eip":{"usage":1,"poolSize":254,"used":{"10.11.168.1":"kubesphere-controls-system/kubesphere-router-test"},"firstIP":"10.11.168.1","lastIP":"10.11.168.254","ready":true,"v4":true}} {"level":"info","ts":1615898283.6945052,"logger":"IPAM","msg":"assignIP","args":{"Key":"kubesphere-controls-system/kubesphere-router-test","Addr":"","Eip":"","Protocol":"layer2","Unalloc":false},"result":{"Addr":"10.11.168.1","Eip":"porter-layer2-eip","Protocol":"layer2","Sp":{}},"err":null} {"level":"info","ts":1615898283.703702,"msg":"setup porter service","service":"kubesphere-controls-system/kubesphere-router-test"} {"level":"info","ts":1615898283.7037523,"logger":"IPAM","msg":"unAssignIP","args":{"Key":"kubesphere-controls-system/kubesphere-router-test","Addr":"","Eip":"","Protocol":"layer2","Unalloc":false},"peek":true,"result":{"Addr":"10.11.168.1","Eip":"porter-layer2-eip","Protocol":"layer2","Sp":{}},"err":null} {"level":"info","ts":1615898285.5962362,"msg":"setup porter service","service":"kubesphere-controls-system/kubesphere-router-test"} {"level":"info","ts":1615898285.5965188,"logger":"IPAM","msg":"unAssignIP","args":{"Key":"kubesphere-controls-system/kubesphere-router-test","Addr":"","Eip":"","Protocol":"layer2","Unalloc":false},"peek":true,"result":{"Addr":"10.11.168.1","Eip":"porter-layer2-eip","Protocol":"layer2","Sp":{}},"err":null} {"level":"info","ts":1615898293.5297678,"msg":"setup porter service","service":"kubesphere-controls-system/kubesphere-router-test"} {"level":"info","ts":1615898293.5298073,"logger":"IPAM","msg":"unAssignIP","args":{"Key":"kubesphere-controls-system/kubesphere-router-test","Addr":"","Eip":"","Protocol":"layer2","Unalloc":false},"peek":true,"result":{"Addr":"10.11.168.1","Eip":"porter-layer2-eip","Protocol":"layer2","Sp":{}},"err":null} {"level":"info","ts":1615898293.537294,"logger":"arpSpeaker","msg":"map ingress ip","ingress":"10.11.168.1","nodeIP":"10.11.121.37","nodeMac":"52:54:00:22:97:37"} {"level":"info","ts":1615898293.5373218,"logger":"arpSpeaker","msg":"send gratuitous arp packet","eip":"10.11.168.1","nodeIP":"10.11.121.37","hwAddr":"52:54:00:22:97:37"} {"level":"info","ts":1615898293.5374596,"logger":"arpSpeaker","msg":"send gratuitous arp packet","eip":"10.11.168.1","nodeIP":"10.11.121.37","hwAddr":"52:54:00:22:97:37"} {"level":"info","ts":1615898293.537628,"msg":"setup porter service","service":"kubesphere-controls-system/kubesphere-router-test"} {"level":"info","ts":1615898293.5377464,"logger":"IPAM","msg":"unAssignIP","args":{"Key":"kubesphere-controls-system/kubesphere-router-test","Addr":"","Eip":"","Protocol":"layer2","Unalloc":false},"peek":true,"result":{"Addr":"10.11.168.1","Eip":"porter-layer2-eip","Protocol":"layer2","Sp":{}},"err":null} 2021/03/16 12:38:39 http: TLS handshake error from 154.86.159.97:3410: remote error: tls: unknown certificate 2021/03/16 12:38:39 http: TLS handshake error from 154.86.159.97:3409: remote error: tls: unknown certificate 2021/03/16 12:38:45 http: TLS handshake error from 154.86.159.97:3411: remote error: tls: unknown certificate 2021/03/16 12:38:45 http: TLS handshake error from 154.86.159.97:3412: remote error: tls: unknown certificate 2021/03/16 12:39:32 http: TLS handshake error from 154.86.159.97:3413: remote error: tls: unknown certificate 2021/03/16 12:39:39 http: TLS handshake error from 154.86.159.97:3414: remote error: tls: unknown certificate 2021/03/16 12:45:59 http: TLS handshake error from 154.86.159.97:3415: remote error: tls: unknown certificate 2021/03/16 12:45:59 http: TLS handshake error from 154.86.159.97:3416: remote error: tls: unknown certificate

duanjiong

上面的ip很明显不是k8s集群内部ip， porter目前有一个提供webhook服务的端口，是https的，你肯定是什么应用数据路由到了porter的端口上了，你自己再仔细检查下

fanxin

duanjiong 我是重装系统，安装kubesphere，安装porter，登录建项目，开网关，配置路由，期间没有做其他事情，154.86.159.97是我本地浏览器的IP地址(访问绑定的域名)

duanjiong

删除应用，然后再次安装应用将value中的webhookPort修改为443之外的其他未被占用的端口