【k8s】Kubernetes版本v1.17.3 kubesphere 3.1.1 默认用户登录失败

最新推荐文章于 2024-02-18 16:39:16 发布
最新推荐文章于 2024-02-18 16:39:16 发布
阅读量1k 收藏 1
点赞数 1
分类专栏: 云原生技术 文章标签: kubernetes 容器 云原生 k8s kubesphere
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/oDianZi1234567/article/details/132816750
版权

1.发帖: 

Kubernetes版本v1.17.3 kubesphere 3.11 默认用户登录失败 - KubeSphere 开发者社区

2. 问题日志: 

2.1问题排查方法 : 

用户无法登录

http://192.168.56.100:30880/

 2.2查看用户状态 

 kubectl get users

[root@k8s-node1 ~]# kubectl get users
NAME    EMAIL                 STATUS
admin   admin@kubesphere.io

正常的应该是: 

 

2.3 检查 ks-controller-manager 是否正常运行,是否有异常日志:

kubectl -n kubesphere-system logs -l app=ks-controller-manager

kubectl -n kubesphere-system logs -l app=ks-controller-manager
I0911 11:49:58.686749       1 clusterrolebinding_controller.go:188] Successfully synced key:system:controller:pod-garbage-collector
I0911 11:49:58.686755       1 event.go:278] Event(v1.ObjectReference{Kind:"ClusterRoleBinding", Namespace:"", Name:"ks-controller-manager-rolebinding", UID:"aefd6d7b-953a-4967-a0a5-86ff738396ab", APIVersion:"rbac.authorization.k8s.io/v1", ResourceVersion:"105248", FieldPath:""}): type: 'Normal' reason: 'Synced' ClusterRoleBinding synced successfully
I0911 11:49:58.686779       1 event.go:278] Event(v1.ObjectReference{Kind:"ClusterRoleBinding", Namespace:"", Name:"kubesphere-prometheus-operator", UID:"b1a2af46-1fd9-42a3-a954-118e0fa3b824", APIVersion:"rbac.authorization.k8s.io/v1", ResourceVersion:"117259", FieldPath:""}): type: 'Normal' reason: 'Synced' ClusterRoleBinding synced successfully
I0911 11:49:58.686811       1 event.go:278] Event(v1.ObjectReference{Kind:"ClusterRoleBinding", Namespace:"", Name:"system:controller:pod-garbage-collector", UID:"4c2913ad-0dc2-4ce4-9555-79884b51f3ad", APIVersion:"rbac.authorization.k8s.io/v1", ResourceVersion:"119", FieldPath:""}): type: 'Normal' reason: 'Synced' ClusterRoleBinding synced successfully
I0911 11:49:58.696411       1 globalrolebinding_controller.go:204] Successfully synced key:admin
I0911 11:49:58.696471       1 event.go:278] Event(v1.ObjectReference{Kind:"GlobalRoleBinding", Namespace:"", Name:"admin", UID:"e599dd3d-efa7-49c1-9e29-f734ed7c2fd3", APIVersion:"iam.kubesphere.io/v1alpha2", ResourceVersion:"104977", FieldPath:""}): type: 'Normal' reason: 'Synced' GlobalRoleBinding synced successfully
I0911 11:49:58.700995       1 clusterrolebinding_controller.go:188] Successfully synced key:admin-cluster-admin
I0911 11:49:58.701351       1 event.go:278] Event(v1.ObjectReference{Kind:"ClusterRoleBinding", Namespace:"", Name:"admin-cluster-admin", UID:"8c1bc9f3-7e49-4198-b951-846c594a04ab", APIVersion:"rbac.authorization.k8s.io/v1", ResourceVersion:"107126", FieldPath:""}): type: 'Normal' reason: 'Synced' ClusterRoleBinding synced successfully
E0911 11:50:25.054212       1 user_controller.go:239] Internal error occurred: failed calling webhook "users.iam.kubesphere.io": Post https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2?timeout=4s: context deadline exceeded
E0911 11:50:25.054314       1 basecontroller.go:132] error syncing 'admin' in user-controller: Internal error occurred: failed calling webhook "users.iam.kubesphere.io": Post https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2?timeout=4s: context deadline exceeded, requeuing 
[root@k8s-node1 ~]# kubectl delete secret -n cattle-system cattle-webhook-tls
Error from server (NotFound): secrets "cattle-webhook-tls" not found

 关键信息; error syncing 'admin' in user-controller: Internal error occurred: failed calling webhook "users.iam.kubesphere.io": Post https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2

3. 问题解决 

参考: 在修改密码和添加用户时报错 - KubeSphere 开发者社区

set ks-controller-manage hostNetwork: true

kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io users.iam.kubesphere.io

问题解决日志: 最后reboot 重启

[root@k8s-node1 ~]# kubectl get users
NAME    EMAIL                 STATUS
admin   admin@kubesphere.io   
[root@k8s-node1 ~]# kubectl -n kubesphere-system logs -l app=ks-controller-manager
I0911 11:49:58.686749       1 clusterrolebinding_controller.go:188] Successfully synced key:system:controller:pod-garbage-collector
I0911 11:49:58.686755       1 event.go:278] Event(v1.ObjectReference{Kind:"ClusterRoleBinding", Namespace:"", Name:"ks-controller-manager-rolebinding", UID:"aefd6d7b-953a-4967-a0a5-86ff738396ab", APIVersion:"rbac.authorization.k8s.io/v1", ResourceVersion:"105248", FieldPath:""}): type: 'Normal' reason: 'Synced' ClusterRoleBinding synced successfully
I0911 11:49:58.686779       1 event.go:278] Event(v1.ObjectReference{Kind:"ClusterRoleBinding", Namespace:"", Name:"kubesphere-prometheus-operator", UID:"b1a2af46-1fd9-42a3-a954-118e0fa3b824", APIVersion:"rbac.authorization.k8s.io/v1", ResourceVersion:"117259", FieldPath:""}): type: 'Normal' reason: 'Synced' ClusterRoleBinding synced successfully
I0911 11:49:58.686811       1 event.go:278] Event(v1.ObjectReference{Kind:"ClusterRoleBinding", Namespace:"", Name:"system:controller:pod-garbage-collector", UID:"4c2913ad-0dc2-4ce4-9555-79884b51f3ad", APIVersion:"rbac.authorization.k8s.io/v1", ResourceVersion:"119", FieldPath:""}): type: 'Normal' reason: 'Synced' ClusterRoleBinding synced successfully
I0911 11:49:58.696411       1 globalrolebinding_controller.go:204] Successfully synced key:admin
I0911 11:49:58.696471       1 event.go:278] Event(v1.ObjectReference{Kind:"GlobalRoleBinding", Namespace:"", Name:"admin", UID:"e599dd3d-efa7-49c1-9e29-f734ed7c2fd3", APIVersion:"iam.kubesphere.io/v1alpha2", ResourceVersion:"104977", FieldPath:""}): type: 'Normal' reason: 'Synced' GlobalRoleBinding synced successfully
I0911 11:49:58.700995       1 clusterrolebinding_controller.go:188] Successfully synced key:admin-cluster-admin
I0911 11:49:58.701351       1 event.go:278] Event(v1.ObjectReference{Kind:"ClusterRoleBinding", Namespace:"", Name:"admin-cluster-admin", UID:"8c1bc9f3-7e49-4198-b951-846c594a04ab", APIVersion:"rbac.authorization.k8s.io/v1", ResourceVersion:"107126", FieldPath:""}): type: 'Normal' reason: 'Synced' ClusterRoleBinding synced successfully
E0911 11:50:25.054212       1 user_controller.go:239] Internal error occurred: failed calling webhook "users.iam.kubesphere.io": Post https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2?timeout=4s: context deadline exceeded
E0911 11:50:25.054314       1 basecontroller.go:132] error syncing 'admin' in user-controller: Internal error occurred: failed calling webhook "users.iam.kubesphere.io": Post https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2?timeout=4s: context deadline exceeded, requeuing 
[root@k8s-node1 ~]# kubectl delete secret -n cattle-system cattle-webhook-tls
Error from server (NotFound): secrets "cattle-webhook-tls" not found
[root@k8s-node1 ~]# kubectl delete mutatingwebhookconfigurations.admissionregistration.k8s.io --ignore-not-found=true rancher.cattle.io
[root@k8s-node1 ~]# kubectl delete pod -n cattle-system -l app=rancher-webhook
No resources found
[root@k8s-node1 ~]# kubectl delete secret -n cattle-system cattle-webhook-tls
Error from server (NotFound): secrets "cattle-webhook-tls" not found
[root@k8s-node1 ~]# kubectl delete mutatingwebhookconfigurations.admissionregistration.k8s.io --ignore-not-found=true rancher.cattle.io
[root@k8s-node1 ~]# kubectl delete pod -n cattle-system -l app=rancher-webhook
No resources found
[root@k8s-node1 ~]# set ks-controller-manage hostNetwork: true
[root@k8s-node1 ~]# kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io users.iam.kubesphere.io
validatingwebhookconfiguration.admissionregistration.k8s.io "users.iam.kubesphere.io" deleted
[root@k8s-node1 ~]# systemctl  docker  restart  
Unknown operation 'docker'.
[root@k8s-node1 ~]# reboot

 reboot之后: 

[root@k8s-node1 ~]# kubectl get users
NAME    EMAIL                 STATUS
admin   admin@kubesphere.io   Active
[root@k8s-node1 ~]# 
[root@k8s-node1 ~]#

 重新登录成功

Rsingstarzengjx
关注
  • 1
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Kubernetes】解决 ingress-srv.yaml 报错 failed calling webhook “validate.nginx.ingress.kubernetes.io
嗨Sirius
04-03 8699
问题场景 在编写 Kubernetes 的 ingress controller 入口控制器的配置文件的时候 kubectl apply -f ingress-srv.yaml 报了几个错 no matches for kind “Ingress” in version “networking.k8s.io/v1beta1” APIVersion 改成 v1 过后,pathType 又不对了 超级头痛的 ingress 内部访问错误👇🏻 Error from server (Interna
Error from server (InternalError): Internal error occurred: failed calling webhook \“users.iam.kubes
weixin_42324368的博客
12-21 419
【代码】Error from server (InternalError): Internal error occurred: failed calling webhook \“users.iam.kubes。
k8s图形界面登录报错Failure
mandarin_meng的博客
09-20 594
使用client-certificate-data和client-key-data生成一个p12文件。然后关闭浏览器,重新登录后通过token登录就可以了。生成client-certificate-data。下面是Chrome和Firefox浏览器导入证书。kubecfg.p12就是生成的个人证书。生成client-key-data。k8s图形界面登录报错如下。
新建或删除名称空间报错:Error from server (InternalError): Internal error occurred: failed calling webhook
命运下的祥子的博客
04-28 3437
Kubernetes 中可扩展准入控制器(Admission Controllers)机制的一种实现形式,它定义了一组 Webhook 规则,用于对新创建或修改的 Kubernetes 资源进行自动验证和修正操作。类似,是 Kubernetes 中可扩展准入控制器(Admission Controllers)机制的一种实现形式,它定义了一组 Webhook 规则,用于在 Kubernetes API Server 接收到新的资源提交请求时,对新资源进行自动修改操作,从而实现资源自动化管理的目的。
k8s 安装kubesphere3.4.1 多次安装报错 Error from server (InternalError): Internal error occurred: failed call...
epmgy315的博客
12-27 784
failed: [localhost] (item={'ns': 'kubesphere-system', 'kind': 'users.iam.kubesphere.io', 'resource': 'admin', 'release': 'ks-core'}) => {"ansible_loop_var": "item", "changed": true, "cmd": "/usr/l...
k8s.gcr.io/kube-scheduler:v1.17.3镜像包
03-06
kubernetesk8s.gcr.io/kube-scheduler:v1.17.3镜像包,版本v1.17.3。文件是kube-scheduler:v1.17.3
k8s.gcr.io/kube-proxy:v1.17.3镜像包
03-06
kubernetesk8s.gcr.io/kube-proxy:v1.17.3镜像包,版本v1.17.3。文件是kube-proxy_v_1_17.3.tar
k8s.gcr.io/kube-controller-manager:v1.17.3镜像包
03-06
kubernetesk8s.gcr.io/kube-controller-manager:v1.17.3镜像包,版本v1.17.3。文件是kube-controller-manager_v_1_17.3.tar
preloaded-images-k8s-v1-v1.17.3-docker-overlay2.tar.lz4
03-23
话不多说 preloaded-images-k8s-v1-v1.17.3-docker-overlay2.tar.lz4 preloaded-images-k8s-v1-v1.17.3-docker-overlay2.tar.lz4 记得用文本工具打开去分享的网盘链接中下载
kubesphere-mini.yaml
09-11
最小化安装 KubeSphere
k8s admission webhook报错
guoguangwu的专栏
02-01 526
k8s admission webhook报错
创建pod时报错
chunmiao3032的专栏
04-03 921
[root@k8s-master ephemeral]# kubectl apply -f pod-tomcat.yaml Error from server (InternalError): error when creating "pod-tomcat.yaml": Internal error occurred: failed calling webhook "namespace.sidecar-injector.istio.io": Post "https://istiod.istio-syst..
创建自定义ingress报错:Internal error occurred: failed calling webhook “validate.nginx.ingress.kubernetes.io
惜鸟的博客
04-01 1万+
问题描述: 当我使用ingress-demo.yaml文件创建自定义的ingress时 使用命令创建:kubectl apply -f ingress-demo.yaml 报如下错误: Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": Post https://ingress-nginx-controller-admission.kube-system.svc:443/networ
Kubernetes基础:is forbidden: User YYY cannot list resource的RBAC问题对应
热门推荐
知行合一 止于至善
09-04 1万+
这篇文章memo一下一种常见的RBAC权限问题的判断和对应方法。
使用 ws-manager 用户 创建企业空间 demo-workspace 报错
gs80140的专栏
10-27 246
kubesphere ws-manager Forbidden workspacetemplates
KubeSphere:登录错误,token failed, reason: getaddrinfo EAI_AGAIN ks-apiserver
最新发布
weixin_36873225的博客
02-18 602
KubeSphere:登录错误,token failed, reason: getaddrinfo EAI_AGAIN ks-apiserver。kubesphere登录失败,redis连接失败 - KubeSphere 开发者社区。目前这几个image pull policy都是Always,直接执行下面的命。找到coredns服务。
Istio 自动注入 sidecar 不成功及k8s安装istio后pod无法创建解决方案
学亮编程手记
05-26 2818
环境 Kubernetes v1.15.6 源码安装 Istio v1.2.5 Helm 安装 Istio v1.2.5 Helm 安装 Istio Helm安装 问题 安装完后,做官方 bookinfo 实验 kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml 出现 sidecar 自动注入不成功。 解决方法 第一种可能: 安装 Istio 时,配置了 enableNamespacesByDefault: false si
curl https方式访问kubernetes集群API
lovely_nn的博客
04-13 981
使用curl https方式访问kubernetes集群的api,认证方式需要用到token,这里使用变量赋予APISERVER 和TOKEN的值 apiserver: $ APISERVER=$(kubectl config view | grep server | cut -f 2- -d ":" | tr -d " ") token: $ TOKEN=$(kubectl describe secret $(kubectl get secrets | grep default | cut -f1 -
kubesphere 问题解决
怨行客
05-12 6646
镜像下载不下来,到对应节点 docker pull 重启节点后,无监控数据,因为你没有正确退出节点,这样退链接 其实就是停止调度,重启kubectl,docker
帮写一个一键部署k8s的脚本
08-03
### 回答1: 我可以为您提供一个脚本,用于一键部署Kubernetes群集: #!/usr/bin/env bash # define the version of Kubernetes you want to install K8S_VERSION="v1.17.3" # check the OS type if [ -f /etc/os-release ]; then . /etc/os-release OS=$NAME VER=$VERSION_ID else OS=$(uname -s) VER=$(uname -r) fi # install prerequisites packages if [ $OS == "Ubuntu" ]; then apt-get update apt-get -y install apt-transport-https ca-certificates curl software-properties-common elif [ $OS == "CentOS Linux" ]; then yum install -y yum-utils device-mapper-persistent-data lvm2 fi # add Kubernetes apt or yum repository if [ $OS == "Ubuntu" ]; then curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - add-apt-repository "deb http://apt.kubernetes.io/ kubernetes-$K8S_VERSION main" elif [ $OS == "CentOS Linux" ]; then yum-config-manager --add-repo https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 yum-config-manager --enable kubernetes-el7-x86_64 fi # install Kubernetes kubeadm if [ $OS == "Ubuntu" ]; then apt-get update apt-get install -y kubelet kubeadm kubectl elif [ $OS == "CentOS Linux" ]; then yum install -y kubelet kubeadm kubectl fi # start and enable kubelet systemctl enable --now kubelet # initialize the cluster kubeadm init --kubernetes-version $K8S_VERSION ### 回答2: 一键部署Kubernetesk8s)的脚本是一个简化部署流程的自动化脚本,使得用户可以轻松地部署和管理Kubernetes集群。以下是一个简单的一键部署Kubernetes的脚本示例: 脚本开始时,首先需要检查运行该脚本的主机是否满足Kubernetes的基本要求。这些要求可能包括安装特定的操作系统或软件包。如果主机不满足要求,则脚本会提醒用户必须满足这些要求才能继续执行部署。 一旦主机满足要求,脚本将提示用户输入所需的配置信息,如Master节点和Worker节点的IP地址、Kubernetes版本等。 接下来,脚本将根据用户提供的配置信息,自动生成所需的配置文件。这些配置文件包括kubelet、kube-proxy、kube-scheduler和kube-controller-manager等组件的配置。此外,还会生成部署Kubernetes集群所需的核心组件,如etcd、kube-apiserver和kube-controller-manager。 通过使用合适的工具(如kubeadm或kubespray),脚本将根据生成的配置文件自动安装和配置Kubernetes集群。在这个过程中,脚本会自动下载和安装所需的软件包。 一旦安装完成,脚本将进行必要的集群初始化操作,如初始化Master节点、注册Worker节点等。最后,它将在屏幕上显示一些有关集群状态的信息,以便用户进行检查。 这只是一个简单的一键部署Kubernetes脚本示例,实际上,根据不同的场景和需求,脚本可能还需要处理更多的配置选项和安全设置。因此,正确的配置和定制化是实现一键部署Kubernetes脚本的关键。 ### 回答3: 一键部署Kubernetesk8s)的脚本是一个自动化脚本,旨在简化和加速部署Kubernetes集群的过程。下面是一个示例脚本的步骤: 1. 安装依赖: 在开始之前,需要确保主机已经安装了相关依赖,比如Docker、kubeadm等。脚本会检查依赖并在需要时进行安装。 2. 初始化Master节点: 脚本将使用kubeadm初始化Kubernetes Master节点。这将设置所需的网络和容器运行时,创建一个密钥并保存在Master节点上。 3. 部署网络插件: 在初始化Master节点后,需要选择一个网络插件来配置Kubernetes网络。脚本将允许用户选择并自动部署选定的网络插件,如Flannel或Calico。 4. 添加Worker节点: 脚本将引导用户添加Kubernetes Worker节点。用户将被要求在Worker节点上运行一个特定的指令,以便将其加入到集群中。 5. 配置Kubectl: 脚本将自动帮助用户设置kubectl命令行工具,以便能够与Kubernetes集群进行交互。 6. 验证集群: 一键部署脚本的最后一步是验证Kubernetes集群的功能。脚本将运行一些验证测试,如创建Pod和Service,以确保集群正常工作。 这只是一个简单的示例,实际脚本可能会更复杂,并根据用户的需求进行定制。用户可以选择不同的选项,如使用不同的网络插件或添加其他组件,如Ingress Controller或Dashboard。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值