我有一个由 Rancher Desktop 创建的本地 Kubernetes。我已经根据本教程部署了一个命名的 Cloudflared 隧道。
直到今天它一直运行良好>我最近开始出错:
未能充分增加接收缓冲区大小(原为:208 kiB,需要:2048 kiB,得到:416 kiB)。有关详细信息,请参阅https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size。
我已经阅读了链接中的内容,但是,这是在 pod 中运行的。我不确定如何解决它。
以下是完整日志:
2023-03-18 00:27:51.450Z 2023-03-18T00:27:51Z INF Starting tunnel tunnelID=c9aa4140-fee8-4862-a479-3c1faacbd816
2023-03-18 00:27:51.450Z 2023-03-18T00:27:51Z INF Version 2023.3.1
2023-03-18 00:27:51.450Z 2023-03-18T00:27:51Z INF GOOS: linux, GOVersion: go1.19.7, GoArch: arm64
2023-03-18 00:27:51.451Z 2023-03-18T00:27:51Z INF Settings: map[config:/etc/cloudflared/config/config.yaml cred-file:/etc/cloudflared/creds/credentials.json credentials-file:/etc/cloudflared/creds/credentials.json metrics:0.0.0.0:2000 no-autoupdate:true]
2023-03-18 00:27:51.453Z 2023-03-18T00:27:51Z INF Generated Connector ID: a2d07b8a-3343-4b28-bbb5-a0cc951d5093
2023-03-18 00:27:51.453Z 2023-03-18T00:27:51Z INF Initial protocol quic
2023-03-18 00:27:51.456Z 2023-03-18T00:27:51Z INF ICMP proxy will use 10.42.0.32 as source for IPv4
2023-03-18 00:27:51.456Z 2023-03-18T00:27:51Z INF ICMP proxy will use fe80::3c91:31ff:fe74:68ee in zone eth0 as source for IPv6
2023-03-18 00:27:51.456Z 2023-03-18T00:27:51Z WRN The user running cloudflared process has a GID (group ID) that is not within ping_group_range. You might need to add that user to a group within that range, or instead update the range to encompass a group the user is already in by modifying /proc/sys/net/ipv4/ping_group_range. Otherwise cloudflared will not be able to ping this network error="Group ID 65532 is not between ping group 1 to 0"
2023-03-18 00:27:51.456Z 2023-03-18T00:27:51Z WRN ICMP proxy feature is disabled error="cannot create ICMPv4 proxy: Group ID 65532 is not between ping group 1 to 0 nor ICMPv6 proxy: socket: permission denied"
2023-03-18 00:27:51.460Z 2023-03-18T00:27:51Z INF Starting Hello World server at 127.0.0.1:34545
2023-03-18 00:27:51.460Z 2023-03-18T00:27:51Z INF Starting metrics server on [::]:2000/metrics
2023-03-18 00:27:51.462Z 2023/03/18 00:27:51 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
2023-03-18 00:27:51.592Z 2023-03-18T00:27:51Z INF Connection ca329025-1f06-4f36-a8b2-27eda979345d registered with protocol: quic connIndex=0 ip=198.41.192.107 location=LAX
2023-03-18 00:27:51.760Z 2023-03-18T00:27:51Z INF Connection a25fdab3-adff-4be5-8eb3-c22d593dfbc5 registered with protocol: quic connIndex=1 ip=198.41.200.193 location=SJC
2023-03-18 00:27:52.670Z 2023-03-18T00:27:52Z INF Connection ef583d03-d123-4e8e-b8ad-37eed817d2da registered with protocol: quic connIndex=2 ip=198.41.200.113 location=SJC
2023-03-18 00:27:53.684Z 2023-03-18T00:27:53Z INF Connection 25609514-8c37-451e-b4ac-1fb9fba2b9b8 registered with protocol: quic connIndex=3 ip=198.41.192.37 location=LAX
我的
cloudflaredhm-cloudflared所以我可以通过以下方式获取节点名称:
kubectl get pods -o wide -n hm-cloudflared
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
cloudflared-7cdf78df46-x5fb7 0/1 CrashLoopBackOff 13 (93s ago) 26m 10.42.0.82 lima-rancher-desktop <none> <none>
一旦获取到 pod 运行所在的节点名称,就可以通过 kubectl-plugins ssh 进入 Kubernetes 节点:
# Install kubectl-plugins
git clone https://github.com/luksa/kubectl-plugins $HOME/kubectl-plugins
export PATH=$PATH:$HOME/kubectl-plugins
# SSH into the Kubernetes node
kubectl ssh node lima-rancher-desktop
Kubernetes节点内部,基于https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size#non-bsd, 我可以通过以下方式增加 UDP 接收缓冲区大小:
sysctl -w net.core.rmem_max=2500000
此命令会将最大接收缓冲区大小增加到大约 2.5 MB。
现在只需重新启动
cloudflared