Kubernetes Master2和Master3处于未就绪状态。似乎与kubelet.conf中的用户配置相关
申请证书续期后,我有以下问题。只有一位大师准备好了Kubernetes Master2和Master3处于未就绪状态。似乎与kubelet.conf中的用户配置相关,kubernetes,Kubernetes,申请证书续期后,我有以下问题。只有一位大师准备好了 root@cl9master1:~# kubectl get nodes | grep master cl9master1 Ready master 401d v1.15.0 cl9master2 NotReady master 401d v1.15.0 cl9master3 NotReady master 401d v1.15.0 “journalctl-xeu kubelet”返
root@cl9master1:~# kubectl get nodes | grep master
cl9master1 Ready master 401d v1.15.0
cl9master2 NotReady master 401d v1.15.0
cl9master3 NotReady master 401d v1.15.0
“journalctl-xeu kubelet”返回的日志:
查看kubectl.conf,master1和master2/3之间存在差异
对于master1:
root@cl9master1:~# cat /etc/kubernetes/kubelet.conf
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0t...LQo=
server: https://10.35.104.69:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: system:node:cl9master1
name: system:node:cl9master1@kubernetes
current-context: system:node:cl9master1@kubernetes
kind: Config
preferences: {}
users:
- name: system:node:cl9master1
user:
client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem
client-key: /var/lib/kubelet/pki/kubelet-client-current.pem
大师2
root@cl9master2:~# cat /etc/kubernetes/kubelet.conf
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0t...LQo=
server: https://10.35.104.75:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: default-auth
name: default-auth@kubernetes
current-context: default-auth@kubernetes
kind: Config
preferences: {}
users:
- name: default-auth
user:
client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem
client-key: /var/lib/kubelet/pki/kubelet-client-current.pem
我可以检查什么以及如何修复此问题?
非常感谢 节点用户必须在system:nodes(如果是工作者节点或system:master,如果是主节点)组中,看起来master2使用的默认身份验证不在system:nodes组中,并且没有列出服务的正确权限。如果您的节点在system:nodes组之外,则需要为用户默认身份验证设置适当的RBAC以使其工作 您可以通过两种方式解决此问题:
Kiruba我的错误可能是因为我在master1上运行了这个命令:#kubeadm alpha kubeconfig user--客户机名称系统:node:cl9master1--组织系统:nodes>/etc/kubernetes/kubelet.conf,而在master2上运行了这个命令:#kubeadm alpha kubeconfig user--客户机名称默认auth--组织系统:nodes>/etc/kubernetes/kubelet.conf我可能应该在master2上使用system:node:cl9master2而不是默认的authI确认:我通过在master2和master3上重新运行以下命令解决了这个问题:#kubeadm alpha kubeconfig user--client name system:node:cl9masterX--org system:nodes>/etc/kubernetes/kubelet.conf
root@cl9master2:~# cat /etc/kubernetes/kubelet.conf
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0t...LQo=
server: https://10.35.104.75:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: default-auth
name: default-auth@kubernetes
current-context: default-auth@kubernetes
kind: Config
preferences: {}
users:
- name: default-auth
user:
client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem
client-key: /var/lib/kubelet/pki/kubelet-client-current.pem