Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/kubernetes/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Kubernetes Master2和Master3处于未就绪状态。似乎与kubelet.conf中的用户配置相关_Kubernetes - Fatal编程技术网
Fatal编程技术网
  • kubernetes/
  • Kubernetes Master2和Master3处于未就绪状态。似乎与kubelet.conf中的用户配置相关

Kubernetes Master2和Master3处于未就绪状态。似乎与kubelet.conf中的用户配置相关

kubernetes

Kubernetes Master2和Master3处于未就绪状态。似乎与kubelet.conf中的用户配置相关,kubernetes,Kubernetes,申请证书续期后,我有以下问题。只有一位大师准备好了 root@cl9master1:~# kubectl get nodes | grep master cl9master1 Ready master 401d v1.15.0 cl9master2 NotReady master 401d v1.15.0 cl9master3 NotReady master 401d v1.15.0 “journalctl-xeu kubelet”返

申请证书续期后,我有以下问题。只有一位大师准备好了

root@cl9master1:~# kubectl get nodes | grep master
cl9master1    Ready      master   401d   v1.15.0
cl9master2    NotReady   master   401d   v1.15.0
cl9master3    NotReady   master   401d   v1.15.0
“journalctl-xeu kubelet”返回的日志:

查看kubectl.conf,master1和master2/3之间存在差异

对于master1:

root@cl9master1:~# cat /etc/kubernetes/kubelet.conf
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0t...LQo=
    server: https://10.35.104.69:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: system:node:cl9master1
  name: system:node:cl9master1@kubernetes
current-context: system:node:cl9master1@kubernetes
kind: Config
preferences: {}
users:
- name: system:node:cl9master1
  user:
    client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem
    client-key: /var/lib/kubelet/pki/kubelet-client-current.pem
大师2

root@cl9master2:~# cat /etc/kubernetes/kubelet.conf
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0t...LQo=
    server: https://10.35.104.75:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: default-auth
  name: default-auth@kubernetes
current-context: default-auth@kubernetes
kind: Config
preferences: {}
users:
- name: default-auth
  user:
    client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem
    client-key: /var/lib/kubelet/pki/kubelet-client-current.pem
我可以检查什么以及如何修复此问题?
非常感谢

节点用户必须在system:nodes(如果是工作者节点或system:master,如果是主节点)组中,看起来master2使用的默认身份验证不在system:nodes组中,并且没有列出服务的正确权限。如果您的节点在system:nodes组之外,则需要为用户默认身份验证设置适当的RBAC以使其工作

您可以通过两种方式解决此问题:

  • 将master2用户组更改为system:nodes(如user:system:node:cl9master2)注意:还需要使用适当的Oranisation和CN值创建证书
  • 或者为默认身份验证用户创建适当的RBAC
    • 请参阅文件页

    谢谢,
    Kiruba

    我的错误可能是因为我在master1上运行了这个命令:#kubeadm alpha kubeconfig user--客户机名称系统:node:cl9master1--组织系统:nodes>/etc/kubernetes/kubelet.conf,而在master2上运行了这个命令:#kubeadm alpha kubeconfig user--客户机名称默认auth--组织系统:nodes>/etc/kubernetes/kubelet.conf我可能应该在master2上使用system:node:cl9master2而不是默认的authI确认:我通过在master2和master3上重新运行以下命令解决了这个问题:#kubeadm alpha kubeconfig user--client name system:node:cl9masterX--org system:nodes>/etc/kubernetes/kubelet.conf 
    root@cl9master2:~# cat /etc/kubernetes/kubelet.conf
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0t...LQo=
    server: https://10.35.104.75:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: default-auth
  name: default-auth@kubernetes
current-context: default-auth@kubernetes
kind: Config
preferences: {}
users:
- name: default-auth
  user:
    client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem
    client-key: /var/lib/kubelet/pki/kubelet-client-current.pem