编程知识 cdmana.com

K8s -- error report

k8s-- Report errors

1.
[root@master kubeconfig]# kubectl get csr
No resources found.
 solve 
 see master/var/log/messages

--------------------------------------------------------------------------------------------------------------------

2.
kubeconfig]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap

Error from server (AlreadyExists): clusterrolebindings.rbac.authorization.k8s.io "cluster-admin-binding" already exists
 Unable to re import cluster due to residual files, so execute :
kubectl delete  clusterrolebinding kubelet-bootstrap

sudo kubectl delete clusterrolebindings cluster-admin-binding

 Import the cluster to rancher The import failed due to residual configuration file 
sudo kubectl get clusterrolebindings cluster-admin-binding -o yaml

apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding
metadata: creationTimestamp: "2020-02-10T13:35:42Z" name:
cluster-admin-binding resourceVersion: "35967" selfLink:
/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/cluster-admin-binding
uid: d3c207d2-4adc-4e3e-951d-48c5ad99eeaa roleRef: apiGroup:
rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin
subjects:

apiGroup: rbac.authorization.k8s.io kind: User name: lishikai
sudo kubectl delete clusterrolebindings cluster-admin-binding

clusterrolebinding.rbac.authorization.k8s.io "cluster-admin-binding"
deleted

----------------------------------------------------------------------------------------------------

3.  master  Failed to get the request of node   setenforce: SELinux is disabled
[root@master kubeconfig]#  kubectl get csr
No resources found.
[root@master kubeconfig]#  kubectl get csr
No resources found.
[root@master kubeconfig]#  kubectl get csr
No resources found.

 node   Tips ;;  
9 month  29 18:05:39 node1 kubelet[39660]: I0929 18:05:39.569373   39660 bootstrap.go:235] Failed to connect to apiserver: the server has asked for the client to ...credentials
9 month  29 18:05:41 node1 kubelet[39660]: I0929 18:05:41.749264   39660 bootstrap.go:235] Failed to connect to apiserver: the server has asked for the client to ...credential

 processing method :
kubeconfig  In the script configuration  token  Serial number configuration error 
 Revised as follows , after 
#  Set the client authentication parameters 
kubectl config set-credentials kubelet-bootstrap \
  --token=11403f512b6f0dcf9807cec2862cd32a \
  --kubeconfig=bootstrap.kubeconfig

 Delete the original file           To regenerate the 
[root@master kubeconfig]# rm -rf kube-proxy.kubeconfig
[root@master kubeconfig]# rm -rf bootstrap.kubeconfig
[root@master kubeconfig]# ls
kubeconfig
[root@master kubeconfig]# bash kubeconfig 192.168.100.3 /root/k8s/k8s-cert/
Cluster "kubernetes" set.

 Re pass the generated file to the node ,
[root@master kubeconfig]# scp bootstrap.kubeconfig  kube-proxy.kubeconfig  root@192.168.100.5:/opt/kubernetes/cfg/
root@192.168.100.5 s password:
bootstrap.kubeconfig                                                                                                                      100% 2167     1.7MB/s   00:00
kube-proxy.kubeconfig                                                                                                                     100% 6273     7.1MB/s   00:00
 Node restart service 

systemctl restart kubelet.service
master   Recapture information 

[root@master kubeconfig]# kubectl get csr
NAME                                                   AGE   REQUESTOR           CONDITION
node-csr-D-6Qg-440uk6mAMVNkwmyAQbDSXH3r7GB9BjarecFvg   11s   kubelet-bootstrap   Pending

-----------------------------------------------------------------
3. Join in etcd Cluster error 
request sent was ignored: peer 
 The reason for the error : colony id Mismatch 
 solve : establish server.pem  and server-key.pem
 together with ca The certificate is sent to the node to join 192.168.100.200

cat > server-csr.json <<EOF
{
    "CN": "etcd",
    "hosts": [
    "192.168.100.170", "master Address "
    "192.168.100.180",  "node1 Address "
    "192.168.100.190"   "node2 Address "
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "BeiJing",
            "ST": "BeiJing"
        }
    ]
}
EOF

 Delete nodes ETCD Log 
rm -rf /var/lib/etcd/default.etcd
master Regenerate the configuration file 
[root@master k8s]# bash etcd.sh etcd01 192.168.100.170 etcd02=https://192.168.100.180:2380,etcd03=https://192.168.100.190:2380,etcd03=https://192.168.100.200:2380  '// Enter stuck state and wait for other nodes to join , Use another terminal to view '
 Check the cluster state 
-----------------------------------------------------

# Expose ports for external access 
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=Nodeport

kubectl get svc  see pod List of services 

 Empty and start again  kubeadm reset

----------------------------------------------------------
###### Problem description 

 establish bootstrap Roles give permissions to connect apiserver The request for signature is wrong , Modify as follows :

[root@localhost kubeconfig]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
Error from server (AlreadyExists): clusterrolebindings.rbac.authorization.k8s.io “kubelet-bootstrap” already exists

 Problem analysis 

 This is because the wrong signature has been created before , The signature is occupied , You need to delete the already occupied signature 

 Problem solving 

1、 Delete signature 

kubectl delete clusterrolebindings kubelet-bootstrap

2、 Re created successfully 

[root@localhost kubeconfig]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created

版权声明
本文为[0k 45536bv]所创,转载请带上原文链接,感谢

Scroll to Top