k8s--報錯
k8s--報錯
1.
[root@master kubeconfig]# kubectl get csr
No resources found.
解決
查看master/var/log/messages
--------------------------------------------------------------------------------------------------------------------
2.
kubeconfig]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
Error from server (AlreadyExists): clusterrolebindings.rbac.authorization.k8s.io "cluster-admin-binding" already exists
因爲殘留文件致使沒法從新導入集羣因此執行:
kubectl delete clusterrolebinding kubelet-bootstrap
sudo kubectl delete clusterrolebindings cluster-admin-binding
進行集羣導入到rancher的時候殘留配置文件致使導入失敗
sudo kubectl get clusterrolebindings cluster-admin-binding -o yaml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding
metadata: creationTimestamp: "2020-02-10T13:35:42Z" name:
cluster-admin-binding resourceVersion: "35967" selfLink:
/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/cluster-admin-binding
uid: d3c207d2-4adc-4e3e-951d-48c5ad99eeaa roleRef: apiGroup:
rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin
subjects:
apiGroup: rbac.authorization.k8s.io kind: User name: lishikai
sudo kubectl delete clusterrolebindings cluster-admin-binding
clusterrolebinding.rbac.authorization.k8s.io "cluster-admin-binding"
deleted
----------------------------------------------------------------------------------------------------
3. master 獲取不到節點的請求 setenforce: SELinux is disabled
[root@master kubeconfig]# kubectl get csr
No resources found.
[root@master kubeconfig]# kubectl get csr
No resources found.
[root@master kubeconfig]# kubectl get csr
No resources found.
節點 提示;;
9月 29 18:05:39 node1 kubelet[39660]: I0929 18:05:39.569373 39660 bootstrap.go:235] Failed to connect to apiserver: the server has asked for the client to ...credentials
9月 29 18:05:41 node1 kubelet[39660]: I0929 18:05:41.749264 39660 bootstrap.go:235] Failed to connect to apiserver: the server has asked for the client to ...credential
處理方法:
kubeconfig 腳本配置裏的 token 序列號配置錯誤
修改以下,後
# 設置客戶端認證參數
kubectl config set-credentials kubelet-bootstrap \
--token=11403f512b6f0dcf9807cec2862cd32a \
--kubeconfig=bootstrap.kubeconfig
刪除原來的文件 從新生成
[root@master kubeconfig]# rm -rf kube-proxy.kubeconfig
[root@master kubeconfig]# rm -rf bootstrap.kubeconfig
[root@master kubeconfig]# ls
kubeconfig
[root@master kubeconfig]# bash kubeconfig 192.168.100.3 /root/k8s/k8s-cert/
Cluster "kubernetes" set.
從新將生成的文件傳給節點,
[root@master kubeconfig]# scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.100.5:/opt/kubernetes/cfg/
root@192.168.100.5 s password:
bootstrap.kubeconfig 100% 2167 1.7MB/s 00:00
kube-proxy.kubeconfig 100% 6273 7.1MB/s 00:00
節點重啓服務
systemctl restart kubelet.service
master 從新獲取信息
[root@master kubeconfig]# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr-D-6Qg-440uk6mAMVNkwmyAQbDSXH3r7GB9BjarecFvg 11s kubelet-bootstrap Pending
-----------------------------------------------------------------
3.加入etcd羣集報錯
request sent was ignored: peer
錯誤緣由:集羣id不匹配
解決:建立server.pem 和server-key.pem
連同ca證書一塊兒發給要加入的節點192.168.100.200
cat > server-csr.json <<EOF
{
"CN": "etcd",
"hosts": [
"192.168.100.170", "master地址"
"192.168.100.180", "node1地址"
"192.168.100.190" "node2地址"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
刪除各節點ETCD的日誌
rm -rf /var/lib/etcd/default.etcd
master從新生成配置文件
[root@master k8s]# bash etcd.sh etcd01 192.168.100.170 etcd02=https://192.168.100.180:2380,etcd03=https://192.168.100.190:2380,etcd03=https://192.168.100.200:2380 '//進入卡住狀態等待其餘節點加入,使用另一個終端查看'
檢查羣集狀態
-----------------------------------------------------
#暴露端口供外部訪問
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=Nodeport
kubectl get svc 查看pod服務列表
清空重來 kubeadm reset
----------------------------------------------------------
######問題描述
建立bootstrap角色賦予權限用於鏈接apiserver請求籤名時報錯,修改以下所示:
[root@localhost kubeconfig]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
Error from server (AlreadyExists): clusterrolebindings.rbac.authorization.k8s.io 「kubelet-bootstrap」 already exists
問題分析
這是由於以前已經建立過錯誤的簽名,簽名被佔用,須要刪除已經被佔用的簽名
問題解決
一、刪除簽名
kubectl delete clusterrolebindings kubelet-bootstrap
二、從新建立成功
[root@localhost kubeconfig]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created
相關文章
- 1. K8S kubelet logs報錯
- 2. k8s 學習(報錯解決)
- 3. k8s報錯日誌查看
- 4. docker和k8s常見報錯
- 5. k8s ConfigMap報錯信息
- 6. k8s部署ingress-nginx報錯拍錯
- 7. K8S 的報錯問題解決
- 8. k8s報錯x509: certificate signed by unknown authority
- 9. k8s錯誤CrashLoopBackOff
- 10. k8s, etcd集羣搭建報報錯:request cluster ID mismatch (got
- 更多相關文章...
- • 錯誤處理 - RUST 教程
- • PHP PDO 錯誤與錯誤處理 - PHP參考手冊
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
- • 三篇文章瞭解 TiDB 技術內幕 —— 談調度
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 外部其他進程嵌入到qt FindWindow獲得窗口句柄 報錯無法鏈接的外部符號 [email protected] 無法被([email protected]@[email protected]@@引用
- 2. UVa 11524 - InCircle
- 3. The Monocycle(bfs)
- 4. VEC-C滑窗
- 5. 堆排序的應用-TOPK問題
- 6. 實例演示ElasticSearch索引查詢term,match,match_phase,query_string之間的區別
- 7. 數學基礎知識 集合
- 8. amazeUI 復擇框問題解決
- 9. 揹包問題理解
- 10. 算數平均-幾何平均不等式的證明,從麥克勞林到柯西
歡迎關注本站公眾號,獲取更多信息
