Kubernetes 使用kubeadm创建HA集群
我正在基于以下站点建设kubeadm HA。Kubernetes 使用kubeadm创建HA集群,kubernetes,kubeadm,Kubernetes,Kubeadm,我正在基于以下站点建设kubeadm HA。 我使用的环境是AWS上的Ubuntu服务器16.04 我在建设环境时遇到了问题 执行kubeadm init--config=config.yaml时会发生以下错误 # kubeadm init --config=config.yaml [init] Using Kubernetes version: v1.10.3 [init] Using Authorization modes: [Node RBAC] [preflight] Running
我使用的环境是AWS上的Ubuntu服务器16.04 我在建设环境时遇到了问题 执行
kubeadm init--config=config.yaml
时会发生以下错误
# kubeadm init --config=config.yaml
[init] Using Kubernetes version: v1.10.3
[init] Using Authorization modes: [Node RBAC]
[preflight] Running pre-flight checks.
[WARNING SystemVerification]: docker version is greater than the most recently validated version. Docker version: 18.03.1-ce. Max validated version: 17.03
[WARNING FileExisting-crictl]: crictl not found in system path
Suggestion: go get github.com/kubernetes-incubator/cri-tools/cmd/crictl
[preflight] Some fatal errors occurred:
[ERROR FileAvailable--etc-kubernetes-manifests-etcd.yaml]: /etc/kubernetes/manifests/etcd.yaml already exists
[ERROR ExternalEtcdVersion]: couldn't parse external etcd version "": Version string empty
[ERROR ExternalEtcdVersion]: couldn't parse external etcd version "": Version string empty
[ERROR ExternalEtcdVersion]: couldn't parse external etcd version "": Version string empty
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
这是config.yaml(IP地址值是虚拟的。) apiVersion:kubeadm.k8s.io/v1alpha1 种类:主配置 应用程序编程接口: 广告地址:192.168.0.10 etcd: 端点: - https://192.168.0.10:2379 - https://192.168.0.11:2379 - https://192.168.0.12:2379 caFile:/etc/kubernetes/pki/etcd/ca.pem 证书文件:/etc/kubernetes/pki/etcd/client.pem 密钥文件:/etc/kubernetes/pki/etcd/client-key.pem 网络: 子网:10.244.0.0/16 APIServerCertSAN: - apiServerExtraArgs: apiserver计数:“3” 这是kubeadm中的错误吗?
请告诉我如何解决错误。您遇到的问题与v1.10.3
kubeadm
之前的版本抑制连接错误有关。这就是为什么您不能准确地看到正在发生的事情,并且可能会想到配置文件中的一些错误
以下是与您的问题相关的问题
在版本1.10.3中,出现了一个修复程序,因此现在您应该可以看到连接错误,并找出如何修复这些错误
在任何情况下,您的问题都是由与etcd群集端点的连接问题引起的
https://192.168.0.10:2379/version
https://192.168.0.11:2379/version
https://192.168.0.12:2379/version
您可以尝试使用配置文件中的证书从运行kubeadm init
的节点使用curl
命令连接到该端点:
caFile: /etc/kubernetes/pki/etcd/ca.pem
certFile: /etc/kubernetes/pki/etcd/client.pem
keyFile: /etc/kubernetes/pki/etcd/client-key.pem
以下是一个例子:
curl --cacert /etc/kubernetes/pki/etcd/ca.pem --cert /etc/kubernetes/pki/etcd/client.pem --key /etc/kubernetes/pki/etcd/client-key.pem -L https://192.168.0.10:2379/version
{"etcdserver":"3.3.2","etcdcluster":"3.3.0"}
如果出现连接错误,应在群集初始化之前解决此问题
这是与检查外部etcd服务器版本相关的代码部分。它是从以下位置复制的:
//检查验证外部etcd版本
//TODO:使用官方的etcd Golang客户端进行此操作?
func(evc ExternalEtcdVersionCheck)检查()(警告、错误[]错误){
glog.V(1).Infoln(“验证外部etcd版本”)
//如果用户未使用外部etcd,请快速返回
如果evc.Etcd.External.Endpoints==nil{
返回零,零
}
var config*tls.config
变量错误
如果为config,err=evc.configRootCAs(config);err!=nil{
errors=追加(errors,err)
返回零,错误
}
如果配置,err=evc.configCertAndKey(配置);err!=nil{
errors=追加(errors,err)
返回零,错误
}
客户端:=evc.getHTTPClient(配置)
对于u,端点:=范围evc.Etcd.External.Endpoints{
如果,err:=url.Parse(端点); err!=nil{
errors=append(errors,fmt.Errorf(“未能分析外部etcd端点%s:%v”,端点,err))
持续
}
resp:=etcdVersionResponse{}
变量错误
versionURL:=fmt.Sprintf(“%s/%s”,端点,“版本”)
如果tmpVersionURL,err:=purell.NormalizeURLString(versionURL,purell.FlagRemovedUpplicateSlashes);err!=nil{
errors=append(errors,fmt.Errorf(“未能规范化外部etcd版本url%s:%v”,versionURL,err))
持续
}否则{
versionURL=tmpVersionURL
}
#####这里我们连接到端点并请求版本信息
如果err=getEtcdVersionResponse(客户端、versionURL和响应);err!=nil{
errors=追加(errors,err)
持续
}
#####在这里,如果上一步出现错误,我们将打印该错误消息
etcdVersion,err:=semver.Parse(resp.Etcdserver)
如果错误!=零{
errors=append(errors,fmt.Errorf(“无法分析外部etcd版本%q:%v”,resp.Etcdserver,err))
持续
}
如果etcdVersion.LT(minExternalEtcdVersion){
errors=append(errors,fmt.Errorf(“此版本的kubeadm仅支持外部etcd版本>=%s。当前版本:%s”,kubeadmconstants.MinExternalEtcdVersion,resp.Etcdserver))
持续
}
}
返回零,错误
}
....
func getEtcdVersionResponse(client*http.client,url字符串,目标接口{})错误{
loopCount:=ExternaleTCDRequestMetries+1
变量错误
var STOPPOOL
对于loopCount>0{
如果loopCount可以用config.yaml内容更新您的问题吗?当使用ELB作为负载平衡器时,是否需要指定cloudProvider:“aws”?
curl --cacert /etc/kubernetes/pki/etcd/ca.pem --cert /etc/kubernetes/pki/etcd/client.pem --key /etc/kubernetes/pki/etcd/client-key.pem -L https://192.168.0.10:2379/version
{"etcdserver":"3.3.2","etcdcluster":"3.3.0"}
// Check validates external etcd version
// TODO: Use the official etcd Golang client for this instead?
func (evc ExternalEtcdVersionCheck) Check() (warnings, errors []error) {
glog.V(1).Infoln("validating the external etcd version")
// Return quickly if the user isn't using external etcd
if evc.Etcd.External.Endpoints == nil {
return nil, nil
}
var config *tls.Config
var err error
if config, err = evc.configRootCAs(config); err != nil {
errors = append(errors, err)
return nil, errors
}
if config, err = evc.configCertAndKey(config); err != nil {
errors = append(errors, err)
return nil, errors
}
client := evc.getHTTPClient(config)
for _, endpoint := range evc.Etcd.External.Endpoints {
if _, err := url.Parse(endpoint); err != nil {
errors = append(errors, fmt.Errorf("failed to parse external etcd endpoint %s : %v", endpoint, err))
continue
}
resp := etcdVersionResponse{}
var err error
versionURL := fmt.Sprintf("%s/%s", endpoint, "version")
if tmpVersionURL, err := purell.NormalizeURLString(versionURL, purell.FlagRemoveDuplicateSlashes); err != nil {
errors = append(errors, fmt.Errorf("failed to normalize external etcd version url %s : %v", versionURL, err))
continue
} else {
versionURL = tmpVersionURL
}
##### Here we connect to endpoint and request version info
if err = getEtcdVersionResponse(client, versionURL, &resp); err != nil {
errors = append(errors, err)
continue
}
##### Here we print that error message in case of error on the previous step
etcdVersion, err := semver.Parse(resp.Etcdserver)
if err != nil {
errors = append(errors, fmt.Errorf("couldn't parse external etcd version %q: %v", resp.Etcdserver, err))
continue
}
if etcdVersion.LT(minExternalEtcdVersion) {
errors = append(errors, fmt.Errorf("this version of kubeadm only supports external etcd version >= %s. Current version: %s", kubeadmconstants.MinExternalEtcdVersion, resp.Etcdserver))
continue
}
}
return nil, errors
}
....
func getEtcdVersionResponse(client *http.Client, url string, target interface{}) error {
loopCount := externalEtcdRequestRetries + 1
var err error
var stopRetry bool
for loopCount > 0 {
if loopCount <= externalEtcdRequestRetries {
time.Sleep(externalEtcdRequestInterval)
}
stopRetry, err = func() (stopRetry bool, err error) {
r, err := client.Get(url)
if err != nil {
loopCount--
return false, err #### <-- this line was fixed by replacing "return false, nil"
}
defer r.Body.Close()
if r != nil && r.StatusCode >= 500 && r.StatusCode <= 599 {
loopCount--
return false, fmt.Errorf("server responded with non-successful status: %s", r.Status)
}
return true, json.NewDecoder(r.Body).Decode(target)
}()
if stopRetry {
break
}
}
return err
}