sealos join --master 执行报错
1、首先检查 etcd 集群不知道 10.51.13.236 已经退出 k8s 集群,etcd 集群中还保存着 10.51.13.236 的信息,所以在加入时连接 10.51.13.236 失败
2、sealos本身配置的问题
[root@mos-master-01 .sealos]# sealos join --master 10.51.13.236
17:59:50 [INFO] [ssh.go:51] [10.51.13.236:22] [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
17:59:50 [INFO] [ssh.go:51] [10.51.13.236:22] [WARNING FileExisting-socat]: socat not found in system path
17:59:50 [INFO] [ssh.go:51] [10.51.13.236:22] [preflight] Reading configuration from the cluster...
17:59:50 [INFO] [ssh.go:51] [10.51.13.236:22] [preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
17:59:50 [INFO] [ssh.go:51] [10.51.13.236:22] [preflight] Running pre-flight checks before initializing the new control plane instance
17:59:50 [INFO] [ssh.go:51] [10.51.13.236:22] [preflight] Pulling images required for setting up a Kubernetes cluster
17:59:50 [INFO] [ssh.go:51] [10.51.13.236:22] [preflight] This might take a minute or two, depending on the speed of your internet connection
17:59:50 [INFO] [ssh.go:51] [10.51.13.236:22] [preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
17:59:50 [INFO] [ssh.go:51] [10.51.13.236:22] [certs] Using certificateDir folder "/etc/kubernetes/pki"
17:59:51 [INFO] [ssh.go:51] [10.51.13.236:22] error execution phase control-plane-prepare/certs: error creating PKI assets: failed to write or validate certificate "apiserver": certificate apiserver is invalid: x509: certificate is valid for 10.51.13.236, 127.0.0.1, 10.96.0.1, not 10.51.13.229
17:59:51 [INFO] [ssh.go:51] [10.51.13.236:22] To see the stack trace of this error execute with --v=5 or higher
17:59:51 [DEBG] [ssh.go:58] [10.51.13.236:22] sed "s/10.51.13.229 apiserver.cluster.local/10.51.13.236 apiserver.cluster.local/g" -i /etc/hosts
17:59:51 [DEBG] [ssh.go:58] [10.51.13.236:22] rm -rf .kube/config && mkdir -p /root/.kube && cp /etc/kubernetes/admin.conf /root/.kube/config && chmod 600 /root/.kube/config
17:59:51 [DEBG] [ssh.go:58] [10.51.13.236:22] rm -rf /root/kube || :
17:59:51 [INFO] [ssh.go:13] [ssh][10.51.13.224:22] rm -rf /etc/kubernetes/manifests/kube-sealyun-lvscare* || :
17:59:51 [INFO] [ssh.go:13] [ssh][10.51.13.30:22] rm -rf /etc/kubernetes/manifests/kube-sealyun-lvscare* || :
17:59:51 [INFO] [ssh.go:13] [ssh][10.51.13.60:22] rm -rf /etc/kubernetes/manifests/kube-sealyun-lvscare* || :
17:59:51 [INFO] [ssh.go:13] [ssh][10.51.13.27:22] rm -rf /etc/kubernetes/manifests/kube-sealyun-lvscare* || :
17:59:51 [INFO] [ssh.go:13] [ssh][10.51.13.54:22] rm -rf /etc/kubernetes/manifests/kube-sealyun-lvscare* || :
17:59:52 [DEBG] [ssh.go:25] [ssh][10.51.13.60:22]command result is:
17:59:52 [DEBG] [ssh.go:25] [ssh][10.51.13.27:22]command result is:
17:59:52 [DEBG] [ssh.go:25] [ssh][10.51.13.54:22]command result is:
17:59:52 [DEBG] [ssh.go:25] [ssh][10.51.13.224:22]command result is:
17:59:52 [DEBG] [ssh.go:25] [ssh][10.51.13.30:22]command result is:
17:59:52 [INFO] [scp.go:159] [ssh][10.51.13.60:22]transfer total size is: 0MB
17:59:52 [INFO] [scp.go:159] [ssh][10.51.13.224:22]transfer total size is: 0MB
17:59:52 [INFO] [scp.go:159] [ssh][10.51.13.27:22]transfer total size is: 0MB
17:59:52 [INFO] [scp.go:159] [ssh][10.51.13.54:22]transfer total size is: 0MB
17:59:52 [INFO] [scp.go:159] [ssh][10.51.13.30:22]transfer total size is: 0MB
核心错误,翻译过来就是 找到了 10.51.13.236, 127.0.0.1, 10.96.0.1,但是没有 10.51.13.229
17:59:51 [INFO] [ssh.go:51] [10.51.13.236:22] error execution phase control-plane-prepare/certs: error creating PKI assets: failed to write or validate certificate "apiserver": certificate apiserver is invalid: x509: certificate is valid for 10.51.13.236, 127.0.0.1, 10.96.0.1, not 10.51.13.229
解决办法找到 /root/.sealos/config.yaml 文件
not 10.51.13.229,那我们就给他添加 10.51.13.229
cat /root/.sealos/config.yaml
masters:
- 10.51.13.229:22
- 10.51.13.96:22
- 10.51.13.236:22
nodes:
- 10.51.13.224:22
- 10.51.13.60:22
- 10.51.13.54:22
- 10.51.13.27:22
- 10.51.13.30:22
dnsdomain: cluster.local
apiservercertsans:
- 127.0.0.1
- apiserver.cluster.local
- 10.51.13.229
- 10.51.13.249
- 10.103.97.2
user: root
passwd: pci@123
privatekey: /root/.ssh/id_rsa
pkpassword: ""
apiserverdomain: apiserver.cluster.local
network: calico
vip: 10.103.97.2
pkgurl: /app/soft/kube1.19.10.tar.gz
version: v1.19.10
repo: k8s.gcr.io
podcidr: 100.64.0.0/10
svccidr: 10.96.0.0/12
certpath: /root/.sealos/pki
certetcdpath: /root/.sealos/pki/etcd
lvscarename: fanux/lvscare
lvscaretag: latest
alioss:
ossendpoint: ""
accesskeyid: ""
accesskeysecrets: ""
bucketname: ""
objectpath: ""
发现 apiservercertsans 没有 10.51.13.229,添加 - 10.51.13.229 运行即可