丢失了我的openshift控制台(“应用程序不可用”)

应用程序不可用

如果路由存在但找不到相应的服务或pod,通常会看到这种情况,但在这种情况下,路由存在:

$ oc -n openshift-console get route
NAME        HOST/PORT                                             PATH   SERVICES    PORT    TERMINATION          WILDCARD
console     console-openshift-console.apps.example.com            console     https   reencrypt/Redirect   None
downloads   downloads-openshift-console.apps.example.com          downloads   http    edge/Redirect        None

服务存在:

$ oc -n openshift-console get service
NAME        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
console     ClusterIP   172.30.36.70     <none>        443/TCP   57d
downloads   ClusterIP   172.30.190.186   <none>        80/TCP    57d

豆荚是健康的:

$ oc -n openshift-console get pods
NAME                       READY   STATUS    RESTARTS   AGE
console-76c8d7d755-gtfm8   0/1     Running   1          4m12s
console-76c8d7d755-mvf6n   0/1     Running   1          4m12s
downloads-9656c996-mmqhk   1/1     Running   0          53d
downloads-9656c996-z2khj   1/1     Running   0          53d

查看控制台吊舱的日志,似乎在联系oauth服务时出现问题:

2021-01-04T22:05:48Z auth: error contacting auth provider (retrying in 10s): Get https://kubernetes.default.svc/.well-known/oauth-authorization-server: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
2021-01-04T22:05:58Z auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps.example.com/oauth/token failed: Head https://oauth-openshift.apps.example.com: EOF
2021-01-04T22:06:13Z auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps.example.com/oauth/token failed: Head https://oauth-openshift.apps.example.com: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
2021-01-04T22:06:23Z auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps.example.com/oauth/token failed: Head https://oauth-openshift.apps.example.com: EOF
2021-01-04T22:06:38Z auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps.example.com/oauth/token failed: Head https://oauth-openshift.apps.example.com: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
2021-01-04T22:06:53Z auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps.example.com/oauth/token failed: Head https://oauth-openshift.apps.example.com: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

但是在树上的豆荚 openshift-authentication 命名空间似乎正常,并且没有在日志中报告任何错误。我应该在哪里寻找问题的根源?

预期的路由和服务存在于 openshift身份验证 命名空间:

$ oc -n openshift-authentication get route
NAME              HOST/PORT                                 PATH   SERVICES          PORT   TERMINATION            WILDCARD
oauth-openshift   oauth-openshift.apps.example.com          oauth-openshift   6443   passthrough/Redirect   None

$ oc -n openshift-authentication get service
NAME              TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
oauth-openshift   ClusterIP   172.30.233.202   <none>        443/TCP   57d

$ oc -n openshift-authentication get route oauth-openshift -o json | jq .status
{
  "ingress": [
    {
      "conditions": [
        {
          "lastTransitionTime": "2020-11-08T19:48:08Z",
          "status": "True",
          "type": "Admitted"
        }
      ],
      "host": "oauth-openshift.apps.example.com",
      "routerCanonicalHostname": "apps.example.com",
      "routerName": "default",
      "wildcardPolicy": "None"
    }
  ]
}