k8s配置错误解决集锦

1.etcd启动告警 member 2ce221743acad866 has already been bootstrapped

方法一:
该节点已经被引导,可能是因为之前这个节点已经加入过集群了,但配置失败,在启动参数那里设置的是new,所以需要将 --initial-cluster-state=new 修改成  --initial-cluster-state=existing。
改别的设置文件均不可行,etcd.service才是启动项。
方法二:把所有etcd节点的 data-dir 文件
 rm  /var/lib/etcd/member/*  -rf
 然后重启。

2.kubectl get cs,nodes报错

报错如下
The connection to the server 127.0.0.1:6443 was refused - did you specify the right host or port?
通过命令netstat -ntlp查看 发现 23847/kube-apiserve这个进程绑定的地址为192.168.85.12
命令识别的地址为127.0.0.1 
我更改了/etc/kubernetes/config/kube-apiserver下的--bind-address=绑定地址,然后重启了服务
 systemctl restart kube-apiserver
然后再执行就没问题了
首次安装可能是设置问题导致

3.创建dashboard 报错 CrashLoopBackOff

[root@k8s-master dashboard]# kubectl get pods -n kube-system -o wide
NAME                                    READY   STATUS             RESTARTS   AGE   IP           NODE            NOMINATED NODE   READINESS GATES
kubernetes-dashboard-7d5f7c58f5-v276l   0/1     CrashLoopBackOff   3          63s   10.30.86.2   192.168.85.13   <none>           <none>
[root@k8s-master dashboard]#  kubectl logs  kubernetes-dashboard-7d5f7c58f5-v276l --namespace=kube-system
Error from server (Forbidden): Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy) ( pods/log kubernetes-dashboard-7d5f7c58f5-v276l)
[root@k8s-master dashboard]# 

解决方法:
绑定一个cluster-admin的权限:
kubectl create clusterrolebinding system:anonymous   --clusterrole=cluster-admin   --user=system:anonymous

4.dashboard invalid apiserver certificates or service account's configuration) or the --apiserver-host

k8s配置错误解决集锦
修改apiserver证书文件重启apiserver服务即可
cat kubernetes-csr.json
{
    "CN": "kubernetes",
    "hosts": [
        "127.0.0.1",
        "192.168.85.12",
        "10.30.75.1",
        "10.0.0.1", #加这行
        "kubernetes",
        "kubernetes.default",
        "kubernetes.default.svc",
        "kubernetes.default.svc.cluster",
        "kubernetes.default.svc.cluster.local"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
          "C": "CN",
          "ST": "ShangHai",
          "L": "ShangHai",
          "O": "k8s",
          "OU": "System"
        }
    ]
}

同步证书并重启服务
cfssl gencert -ca=/opt/k8s/certs/ca.pem -ca-key=/opt/k8s/certs/ca-key.pem -config=/opt/k8s/certs/ca-config.json -profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes

 scp kubernetes* 192.168.85.12:/etc/kubernetes/ssl
kubernetes.csr                                                                                                                                                                    100% 1253    68.7KB/s   00:00    
kubernetes-csr.json                                                                                                                                                               100%  542   181.1KB/s   00:00    
kubernetes-key.pem                                                                                                                                                                100% 1679     1.1MB/s   00:00    
kubernetes.pem       

重启服务
systemctl restart kube-apiserver
systemctl restart kube-scheduler
systemctl restart kube-controller-manager
重建dashboard
k8s配置错误解决集锦
  • 我的微信
  • 这是我的微信扫一扫
  • weinxin
  • 我的微信公众号
  • 我的微信公众号扫一扫
  • weinxin
avatar

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: