内容
隐藏
1.etcd启动告警 member 2ce221743acad866 has already been bootstrapped
方法一:
该节点已经被引导,可能是因为之前这个节点已经加入过集群了,但配置失败,在启动参数那里设置的是new,所以需要将 --initial-cluster-state=new 修改成 --initial-cluster-state=existing。
改别的设置文件均不可行,etcd.service才是启动项。
方法二:把所有etcd节点的 data-dir 文件
rm /var/lib/etcd/member/* -rf
然后重启。
2.kubectl get cs,nodes报错
报错如下
The connection to the server 127.0.0.1:6443 was refused - did you specify the right host or port?
通过命令netstat -ntlp查看 发现 23847/kube-apiserve这个进程绑定的地址为192.168.85.12
命令识别的地址为127.0.0.1
我更改了/etc/kubernetes/config/kube-apiserver下的--bind-address=绑定地址,然后重启了服务
systemctl restart kube-apiserver
然后再执行就没问题了
首次安装可能是设置问题导致
3.创建dashboard 报错 CrashLoopBackOff
[root@k8s-master dashboard]# kubectl get pods -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kubernetes-dashboard-7d5f7c58f5-v276l 0/1 CrashLoopBackOff 3 63s 10.30.86.2 192.168.85.13 <none> <none>
[root@k8s-master dashboard]# kubectl logs kubernetes-dashboard-7d5f7c58f5-v276l --namespace=kube-system
Error from server (Forbidden): Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy) ( pods/log kubernetes-dashboard-7d5f7c58f5-v276l)
[root@k8s-master dashboard]#
解决方法:
绑定一个cluster-admin的权限:
kubectl create clusterrolebinding system:anonymous --clusterrole=cluster-admin --user=system:anonymous
4.dashboard invalid apiserver certificates or service account's configuration) or the --apiserver-host
修改apiserver证书文件重启apiserver服务即可
cat kubernetes-csr.json
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"192.168.85.12",
"10.30.75.1",
"10.0.0.1", #加这行
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "ShangHai",
"L": "ShangHai",
"O": "k8s",
"OU": "System"
}
]
}
同步证书并重启服务
cfssl gencert -ca=/opt/k8s/certs/ca.pem -ca-key=/opt/k8s/certs/ca-key.pem -config=/opt/k8s/certs/ca-config.json -profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes
scp kubernetes* 192.168.85.12:/etc/kubernetes/ssl
kubernetes.csr 100% 1253 68.7KB/s 00:00
kubernetes-csr.json 100% 542 181.1KB/s 00:00
kubernetes-key.pem 100% 1679 1.1MB/s 00:00
kubernetes.pem
重启服务
systemctl restart kube-apiserver
systemctl restart kube-scheduler
systemctl restart kube-controller-manager
重建dashboard
同步正确的节点的证书到这台异常的服务器上。
6 Kubenates RunAsUser被禁止
查看日志
Apr 22 16:06:08 k8s-master01 kube-controller-manager: I0422 16:06:08.769311 90889 event.go:255] Event(v1.ObjectReference{Kind:"ReplicaSet", Namespace:"kubernetes-dashboard", Name:"dashboard-metrics-scraper-76585494d8", UID:"65198225-3ddd-4231-8e17-6aee46a876ec", APIVersion:"apps/v1", ResourceVersion:"255999", FieldPath:""}): type: 'Warning' reason: 'FailedCreate' Error creating: pods "dashboard-metrics-scraper-76585494d8-sflwv" is forbidden: SecurityContext.RunAsUser is forbidden
解决方法
cd /etc/kubernetes
cp apiserver.conf apiserver.conf.bak
vim apiserver.conf
找到SecurityContextDeny关键字并将其删除。
systemctl restart kube-apiserver
- 我的微信
- 这是我的微信扫一扫
-
- 我的微信公众号
- 我的微信公众号扫一扫
-
