k8s环境IP改变后如何修复

最新推荐文章于 2023-12-20 11:00:32 发布
最新推荐文章于 2023-12-20 11:00:32 发布
阅读量1.8k 收藏 7
点赞数 2
分类专栏: k8s 文章标签: k8s kubernetes
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/wen328/article/details/121009302
版权

文章目录

1 备份证书文件

本环境使用kubeasz工具安装,CNI插件为kube-ovn
# 查看原始k8s证书目录
tree /etc/kubernetes/
/etc/kubernetes/
├── kube-controller-manager.kubeconfig
├── kubelet.kubeconfig
├── kube-proxy.kubeconfig
├── kube-scheduler.kubeconfig
└── ssl
    ├── aggregator-proxy-key.pem
    ├── aggregator-proxy.pem
    ├── ca-key.pem
    ├── ca.pem
    ├── etcd-key.pem
    ├── etcd.pem
    ├── kubernetes-key.pem
    └── kubernetes.pem

# kubeasz脚本安装得证书文件则再/etc/kubeasz/clusters/k8s-01/ssl/这个目录下

2 恢复etcd集群

2.1 生成证书

mkdir /root/ca && cd /root/ca
cat > ca-config.json << EOF
{
  "signing": {
    "default": {
      "expiry": "438000h"
    },
    "profiles": {
      "kubernetes": {
        "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ],
        "expiry": "438000h"
      }
    },
    "profiles": {
      "kcfg": {
        "usages": [
            "signing",
            "key encipherment",
            "client auth"
        ],
        "expiry": "438000h"
      }
    }
  }
}
EOF
 
cat > ca-csr.json << EOF
{
  "CN": "kubernetes",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "HangZhou",
      "L": "XS",
      "O": "k8s",
      "OU": "System"
    }
  ],
  "ca": {
    "expiry": "876000h"
  }
}
EOF
 
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
 
mkdir -p /etc/kubernetes/ssl
cp ca*pem /etc/kubernetes/ssl

export NODE_IP=XXXX
cat > etcd-csr.json <<EOF
{
  "CN": "etcd",
  "hosts": [
    "${NODE_IP}",
    "127.0.0.1"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "HangZhou",
      "L": "XS",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
EOF

cfssl gencert -ca=ca.pem \
  -ca-key=ca-key.pem \
  -config=ca-config.json \
  -profile=kubernetes etcd-csr.json | cfssljson -bare etcd
 
cp etcd*pem /etc/kubernetes/ssl/

2.2 修改etcd得服务配置文件

# 修改配置文件中得IP地址
vim /etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos
 
[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/opt/kube/bin/etcd \
  --name=etcd-XXXX \
  --cert-file=/etc/kubernetes/ssl/etcd.pem \
  --key-file=/etc/kubernetes/ssl/etcd-key.pem \
  --peer-cert-file=/etc/kubernetes/ssl/etcd.pem \
  --peer-key-file=/etc/kubernetes/ssl/etcd-key.pem \
  --trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
  --peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
  --initial-advertise-peer-urls=https://XXXX:2380 \
  --listen-peer-urls=https://XXXX:2380 \
  --listen-client-urls=https://XXXX:2379,http://127.0.0.1:2379 \
  --advertise-client-urls=https://XXXX:2379 \
  --initial-cluster-token=etcd-cluster-0 \
  --initial-cluster=etcd-XXXX=https://XXXX:2380 \
  --initial-cluster-state=new \
  --data-dir=/var/lib/etcd \
  --snapshot-count=50000 \
  --auto-compaction-retention=1 \
  --max-request-bytes=10485760 \
  --auto-compaction-mode=periodic \
  --quota-backend-bytes=8589934592
Restart=always
RestartSec=15
LimitNOFILE=65536
OOMScoreAdjust=-999
 
[Install]
WantedBy=multi-user.target

2.3 重启etcd服务

systemctl daemon-reload
systemctl restart etcd
# 服务启动正常
systemctl status etcd
● etcd.service - Etcd Server
     Loaded: loaded (/etc/systemd/system/etcd.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2021-10-27 15:25:09 CST; 36min ago
       Docs: https://github.com/coreos
   Main PID: 124559 (etcd)
      Tasks: 23 (limit: 19101)
     Memory: 117.3M
     CGroup: /system.slice/etcd.service

3 生成kube/config证书

cd /root/ca
cat > admin-csr.json <<EOF
{
  "CN": "admin",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "HangZhou",
      "L": "XS",
      "O": "system:masters",
      "OU": "System"
    }
  ]
}
EOF
cfssl gencert \
  -ca=ca.pem \
  -ca-key=ca-key.pem \
  -config=ca-config.json \
  -profile=kubernetes \
  admin-csr.json | cfssljson -bare admin

APISERVER="https://XXXX:6443"
  
kubectl config set-cluster kubernetes \
  --certificate-authority=ca.pem \
  --embed-certs=true \
  --server=${APISERVER} \
  --kubeconfig=admin.kubeconfig
  
kubectl config set-credentials admin \
  --client-certificate=admin.pem \
  --client-key=admin-key.pem \
  --embed-certs=true \
  --kubeconfig=admin.kubeconfig
  
kubectl config set-context default \
  --cluster=kubernetes \
  --user=admin \
  --kubeconfig=admin.kubeconfig
  
kubectl config use-context default --kubeconfig=admin.kubeconfig
 
cp admin.kubeconfig ~/.kube/config

4 修复kube-apiserver

4.1 生成证书

cat > kubernetes-csr.json <<EOF
{
  "CN": "kubernetes",
  "hosts": [
    "127.0.0.1",
    "XXXX",
    "10.68.0.1",
    "172.20.0.1",
    "10.1.1.1",
    "k8s.test.io",
    "kubernetes",
    "kubernetes.default",
    "kubernetes.default.svc",
    "kubernetes.default.svc.cluster",
    "kubernetes.default.svc.cluster.local"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "HangZhou",
      "L": "XS",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
EOF
 
cfssl gencert \
  -ca=ca.pem \
  -ca-key=ca-key.pem \
  -config=ca-config.json \
  -profile=kubernetes \
  kubernetes-csr.json | cfssljson -bare kubernetes
 
cp kubernetes-key.pem kubernetes.pem /etc/kubernetes/ssl/

cat > aggregator-proxy-csr.json <<EOF 
{
  "CN": "aggregator",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "HangZhou",
      "L": "XS",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
EOF

cfssl gencert \
  -ca=ca.pem \
  -ca-key=ca-key.pem \
  -config=ca-config.json \
  -profile=kubernetes \
  aggregator-proxy-csr.json | cfssljson -bare aggregator-proxy

cp kubernetes.pem kubernetes-key.pem aggregator-proxy.pem aggregator-proxy-key.pem /etc/kubernetes/ssl

4.2 修改kube-apiserver服务配置文件

# 将IP地址修改为现在得IP
vim /etc/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target

[Service]
ExecStart=/opt/kube/bin/kube-apiserver \
  --advertise-address=XXXX \
  --allow-privileged=true \
  --anonymous-auth=false \
  --api-audiences=api,istio-ca \
  --authorization-mode=Node,RBAC \
  --bind-address=XXXX \
  --client-ca-file=/etc/kubernetes/ssl/ca.pem \
  --endpoint-reconciler-type=lease \
  --etcd-cafile=/etc/kubernetes/ssl/ca.pem \
  --etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem \
  --etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem \
  --etcd-servers=https://XXXX:2379 \
  --kubelet-certificate-authority=/etc/kubernetes/ssl/ca.pem \
  --kubelet-client-certificate=/etc/kubernetes/ssl/kubernetes.pem \
  --kubelet-client-key=/etc/kubernetes/ssl/kubernetes-key.pem \
  --service-account-issuer=kubernetes.default.svc \
  --service-account-signing-key-file=/etc/kubernetes/ssl/ca-key.pem \
  --service-account-key-file=/etc/kubernetes/ssl/ca.pem \
  --service-cluster-ip-range=10.68.0.0/16 \
  --service-node-port-range=30000-32767 \
  --tls-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
  --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
  --requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem \
  --requestheader-allowed-names=aggregator \
  --requestheader-extra-headers-prefix=X-Remote-Extra- \
  --requestheader-group-headers=X-Remote-Group \
  --requestheader-username-headers=X-Remote-User \
  --proxy-client-cert-file=/etc/kubernetes/ssl/aggregator-proxy.pem \
  --proxy-client-key-file=/etc/kubernetes/ssl/aggregator-proxy-key.pem \
  --enable-aggregator-routing=true \
  --v=2
Restart=always
RestartSec=5
Type=notify
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

4.3 重启服务

systemctl daemon-reload
systemctl restart kube-apiserver

5 修复kube-controller-manager

5.1 生成证书

cat > kube-controller-manager-csr.json <<EOF 
{
  "CN": "system:kube-controller-manager",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "HangZhou",
      "L": "XS",
      "O": "system:kube-controller-manager",
      "OU": "System"
    }
  ]
}
EOF

cfssl gencert \
  -ca=ca.pem \
  -ca-key=ca-key.pem \
  -config=ca-config.json \
  -profile=kubernetes \
  kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager

kubectl config set-cluster kubernetes \
  --certificate-authority=ca.pem \
  --embed-certs=true \
  --server=${APISERVER} \
  --kubeconfig=kube-controller-manager.kubeconfig
 
kubectl config set-credentials system:kube-controller-manager \
  --client-certificate=kube-controller-manager.pem \
  --client-key=kube-controller-manager-key.pem \
  --embed-certs=true \
  --kubeconfig=kube-controller-manager.kubeconfig
 
kubectl config set-context default \
  --cluster=kubernetes \
  --user=system:kube-controller-manager \
  --kubeconfig=kube-controller-manager.kubeconfig 
 
kubectl config use-context default --kubeconfig=kube-controller-manager.kubeconfig
cp kube-controller-manager.kubeconfig /etc/kubernetes

5.2 修改systemd文件

# ip替换
vim /etc/systemd/system/kube-controller-manager.service

[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
ExecStart=/opt/kube/bin/kube-controller-manager \
  --bind-address=XXXX \
  --allocate-node-cidrs=true \
  --cluster-cidr=172.20.0.0/16 \
  --cluster-name=kubernetes \
  --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem \
  --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem \
  --kubeconfig=/etc/kubernetes/kube-controller-manager.kubeconfig \
  --leader-elect=true \
  --node-cidr-mask-size=24 \
  --root-ca-file=/etc/kubernetes/ssl/ca.pem \
  --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem \
  --service-cluster-ip-range=10.68.0.0/16 \
  --use-service-account-credentials=true \
  --v=2
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

5.3 重启服务

systemctl daemon-reload
systemctl restart kube-controller-manager

6 修复kube-scheduler

6.1 生成证书

cat > kube-scheduler-csr.json <<EOF 
{
  "CN": "system:kube-scheduler",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "HangZhou",
      "L": "XS",
      "O": "system:kube-scheduler",
      "OU": "System"
    }
  ]
}
EOF

cfssl gencert \
  -ca=ca.pem \
  -ca-key=ca-key.pem \
  -config=ca-config.json \
  -profile=kubernetes \
  kube-scheduler-csr.json | cfssljson -bare kube-scheduler
  
kubectl config set-cluster kubernetes \
  --certificate-authority=ca.pem \
  --embed-certs=true \
  --server=${APISERVER} \
  --kubeconfig=kube-scheduler.kubeconfig 
 
kubectl config set-credentials system:kube-scheduler \
  --client-certificate=kube-scheduler.pem \
  --client-key=kube-scheduler-key.pem \
  --embed-certs=true \
  --kubeconfig=kube-scheduler.kubeconfig 
 
kubectl config set-context default \
  --cluster=kubernetes \
  --user=system:kube-scheduler \
  --kubeconfig=kube-scheduler.kubeconfig 
 
kubectl config use-context default --kubeconfig=kube-scheduler.kubeconfig
cp kube-scheduler.kubeconfig /etc/kubernetes

6.2 修改systemd

# 修改ip
vim /etc/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
ExecStart=/opt/kube/bin/kube-scheduler \
  --bind-address=XXXX \
  --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig \
  --leader-elect=true \
  --v=2
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

6.3 重启服务

systemctl daemon-reload
systemctl restart kube-scheduler

7 kube-proxy修复

7.1 生成证书

cat > kube-proxy-csr.json <<EOF
{
  "CN": "system:kube-proxy",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "HangZhou",
      "L": "XS",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
EOF

cfssl gencert -ca=ca.pem \
  -ca-key=ca-key.pem \
  -config=ca-config.json \
  -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
 cp kube-proxy*.pem /etc/kubernetes/ssl/


kubectl config set-cluster kubernetes \
  --certificate-authority=/etc/kubernetes/ssl/ca.pem \
  --embed-certs=true \
  --server=${APISERVER} \
  --kubeconfig=kube-proxy.kubeconfig

kubectl config set-credentials kube-proxy \
  --client-certificate=/etc/kubernetes/ssl/kube-proxy.pem \
  --client-key=/etc/kubernetes/ssl/kube-proxy-key.pem \
  --embed-certs=true \
  --kubeconfig=kube-proxy.kubeconfig

kubectl config set-context default \
  --cluster=kubernetes \
  --user=kube-proxy \
  --kubeconfig=kube-proxy.kubeconfig

kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
cp kube-proxy.kubeconfig /etc/kubernetes/

7.2 修改systemd

# 修改IP
vim /etc/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target

[Service]
# kube-proxy 根据 --cluster-cidr 判断集群内部和外部流量,指定 --cluster-cidr 或 --masquerade-all 选项后,kube-proxy 会对访问 Service IP 的请求做 SNAT
WorkingDirectory=/var/lib/kube-proxy
ExecStart=/opt/kube/bin/kube-proxy \
  --config=/var/lib/kube-proxy/kube-proxy-config.yaml
Restart=always
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

# 以下文件也需修改
vim /var/lib/kube-proxy/kube-proxy-config.yaml

7.3 重启服务

systemctl daemon-reload
systemctl restart kube-proxy

8 kubelet修复

8.1 生成证书

cat > kubelet-csr.json <<EOF 
{
  "CN": "system:node:XXXX",
  "hosts": [
    "127.0.0.1",
    "XXXX"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "HangZhou",
      "L": "XS",
      "O": "system:nodes",
      "OU": "System"
    }
  ]
}
EOF

cfssl gencert \
  -ca=ca.pem \
  -ca-key=ca-key.pem \
  -config=ca-config.json \
  -profile=kubernetes \
  kubelet-csr.json | cfssljson -bare kubelet

kubectl config set-cluster kubernetes \
  --certificate-authority=ca.pem \
  --embed-certs=true \
  --server=${APISERVER} \
  --kubeconfig=kubelet.kubeconfig
 
kubectl config set-credentials system:node:XXXX \
  --client-certificate=kubelet.pem \
  --client-key=kubelet-key.pem \
  --embed-certs=true \
  --kubeconfig=kubelet.kubeconfig
 
kubectl config set-context default \
  --cluster=kubernetes \
  --user=system:node:XXXX \
  --kubeconfig=kubelet.kubeconfig 
 
kubectl config use-context default --kubeconfig=kubelet.kubeconfig

cp kubelet-key.pem /etc/kubernetes/ssl/
cp kubelet.pem /etc/kubernetes/ssl/
cp  kubelet.kubeconfig /etc/kubernetes

8.2 修改systemd

# 修改ip
vim /etc/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
WorkingDirectory=/var/lib/kubelet
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/cpu/podruntime.slice
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/cpuacct/podruntime.slice
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/cpuset/podruntime.slice
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/memory/podruntime.slice
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/pids/podruntime.slice
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/systemd/podruntime.slice

ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/cpu/system.slice
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/cpuacct/system.slice
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/cpuset/system.slice
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/memory/system.slice
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/pids/system.slice
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/systemd/system.slice

ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/hugetlb/podruntime.slice
ExecStartPre=/bin/mkdir -p /sys/fs/cgroup/hugetlb/system.slice
ExecStart=/opt/kube/bin/kubelet \
  --config=/var/lib/kubelet/config.yaml \
  --cni-bin-dir=/opt/kube/bin \
  --cni-conf-dir=/etc/cni/net.d \
  --hostname-override=XXXX \
  --image-pull-progress-deadline=5m \
  --kubeconfig=/etc/kubernetes/kubelet.kubeconfig \
  --network-plugin=cni \
  --pod-infra-container-image=easzlab/pause-amd64:3.2 \
  --root-dir=/var/lib/kubelet \
  --v=2
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

# 此文件得ip也需修改
vim /var/lib/kubelet/config.yaml

8.3 重启服务

systemctl daemon-reload
systemctl restart kubelet

8.4 发现节点

# 删除之前得节点
kubectl get nodes
NAME             STATUS     ROLES    AGE   VERSION
172.27.125.193   NotReady   master   8d    v1.20.2
kubectl delete nodes 172.27.125.193
# 查看新nodes
root@ddddd:~/ca# kubectl get nodes
NAME            STATUS     ROLES    AGE   VERSION
172.18.30.170   NotReady   <none>   9s    v1.20.2
root@ddddd:~/ca# kubectl get nodes
NAME            STATUS   ROLES    AGE    VERSION
172.18.30.170   Ready    <none>   101s   v1.20.2

注意

kube-ovn 需要给nodes重新添加标签

kubectl label nodes 172.18.30.170 kube-ovn/role=master

问题

kubectl get pod -n kube-system
NAME                                         READY   STATUS              RESTARTS   AGE
coredns-5787695b7f-crws6                     0/1     ContainerCreating   0          12h
dashboard-metrics-scraper-79c5968bdc-h258p   0/1     ContainerCreating   0          12h
kube-ovn-cni-nz4s8                           0/1     CrashLoopBackOff    197        11h
kube-ovn-controller-5b5c995f45-tz4q9         0/1     Running             103        12h
kube-ovn-pinger-szlww                        0/1     ContainerCreating   0          11h
kubernetes-dashboard-c4c6566d6-xf7lf         0/1     ContainerCreating   0          12h
metrics-server-8568cf894b-lgghc              0/1     ContainerCreating   0          12h
node-local-dns-5tqwc                         1/1     Running             0          11h
ovn-central-64d9dd94f9-s2vpb                 0/1     Running             0          12h
ovs-ovn-pdcf9                                0/1     CrashLoopBackOff    164        11h

api server报错

10月 28 09:39:41 aaaa kube-apiserver[390595]: E1028 09:39:41.194334  390595 authentication.go:53] Unable to authenticate the request due to an error: [invalid bearer token, square/go-jose: error in c>
10月 28 09:39:41 aaaa kube-apiserver[390595]: E1028 09:39:41.302237  390595 authentication.go:53] Unable to authenticate the request due to an error: [invalid bearer token, square/go-jose: error in c>
10月 28 09:39:41 aaaa kube-apiserver[390595]: E1028 09:39:41.428900  390595 authentication.go:53] Unable to authenticate the request due to an error: [invalid bearer token, square/go-jose: error in c>

解决思路

由于我们重新生成了k8s得证书,所以之前得secrets都失效了,因此需删除之前得secrets,生成新的
kube-system命令空间重新生成secrets

kubectl get secrets -n kube-system  | grep kubernetes.io/service-account-token | awk -F' ' '{print $1}' | xargs -I {}  kubectl delete secrets {} -n kube-system

修改secrets之后,CNI pod可以启动成功,K8s服务可以正常使用!!!

kubectl get pod -n kube-system
NAME                                         READY   STATUS    RESTARTS   AGE
coredns-5787695b7f-crws6                     0/1     Running   0          13h
dashboard-metrics-scraper-79c5968bdc-h258p   1/1     Running   0          13h
kube-ovn-cni-vmkhr                           1/1     Running   1          9m18s
kube-ovn-controller-5b5c995f45-zl8n7         1/1     Running   0          10m
kube-ovn-pinger-ss6xv                        1/1     Running   0          9m48s
kubernetes-dashboard-c4c6566d6-gtv8g         1/1     Running   0          83s
metrics-server-8568cf894b-pmnc6              1/1     Running   0          75s
node-local-dns-5tqwc                         1/1     Running   0          13h
ovn-central-64d9dd94f9-kh4q5                 1/1     Running   0          10m
ovs-ovn-wrwj9                                1/1     Running   1          9m28s
wen328
关注
  • 2
    点赞
  • 7
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
k8s master 节点修改 ip 地址后,calico 提示:Get _http url__ x509_ certificate is valid for xxx, not xxx
甘蓝的专栏
01-05 396
提供k8s修改master ip后,calico提示证书无效的排查思路
k8s服务器修改ip,[转载][K8S] Kubernetes 集群变更IP地址
weixin_39546312的博客
07-31 847
[K8S] Kubernetes 集群变更IP地址原文:https://blog.csdn.net/whywhy0716/article/details/92658111本文基于单节点K8S。碎碎念已搭建好的K8S集群遭遇服务器的IP变了,kubectl 完全连不上“你的.旧.IP.地址:6443”,这时候我们最希望的绝对不是重新再部署一次,我们要的只是修改配置,让已有的环境在新IP下再次焕发生机...
内网环境k8s离线安装部署
10-31
在无法连接互联网的内网环境部署k8s详细教程。
kubenetes 1.4 安装后8080端口无法访问
热门推荐
日进一步
10-19 2万+
参考kubenetes 1.4的官方文档完成安装后,发现master接地的8080端口只能通过127.0.0.1或localhost访问,通过节点IP是无法访问的,从而造成如下问题: 1、从其他节点无法执行kubectl命令, 例如在node节点执行如下命令会提示连接失败 kubectl -s http://masterIP:8080 get nodes root@ubuntu2:~# k
k8s集群更换ip地址(单master)
wana19881025的博客
01-12 4216
k8s单master集群更换Ip操作
k8s集群环境修改ip地址后,如何恢复环境
weixin_43847124的博客
03-29 5000
说明: 该方法是通过kubeadm rest 方法进行恢复,比较适合自己搭建测试环境后,恢复测试使用,跟进自己的情况参看使用。 查询了部分参看文章,因为我部署时,使用的是 kubeadm init \ --apiserver-advertise-address=10.0.2.40 \ --image-repository registry.aliyuncs.com/google_containers 进行部署的,不是通过kubeadm-config.yaml配置文件进行部署,本篇文章应该不算如何恢复环
k8s 集群全部更换机器 IP
会哭的雨@的博客
03-01 2690
1. 更换/etc/hosts对照表 /etc/resolv.conf && /etc/hosts 一起修改 2. 更换keepalived机器中vip 3. 查找/etc/kubernetes/manifest中旧IP并替换【直接grep /etc/kubernet 下面的IP替换为新IP】 4. 确认外网mcd.io能拉取 5 /etc/kubernetes 中旧ip要换 6. 重新生成认证证书 systemctl stop docker cp -r /e.
Kubernetes 集群疑难杂症排障:服务器 IP 变更后集群故障了,我该如何修复
easylife206的专栏
11-03 1196
公众号关注「奇妙的 Linux 世界」设为「星标」,每天带你玩转 Linux !记录一次因为 IP 变更导致集群故障的修复过程。有两个集群,一个是单节点(allinone),另一个是四节点(3 master 1 node)的集群。1. 更新 Etcd 证书【在每个 Etcd 节点】备份 Etcd 证书cp-R/etc/ssl/etcd/ssl/etc/ssl/etcd/ssl-bak查看 ...
K8s主机IP地址变更集群恢复
qq_43571324的博客
12-11 880
k8s主机IP变更集群恢复
K8s集群IP地址变更
tun456的博客
04-10 534
IPADDR1=192.168.0.86 ##原IP地址。PREFIX1=16 ###不同网段,添加路由转发。查看网卡信息是否有新的IP地址和原IP地址。可以看到当前使用的网卡。验证IP地址是否生效。在进行相互ping。
生产环境 kubeadm部署k8s
04-09
生产环境 kubeadm部署k8s 包括master高可用
k8s系统环境初始化一键脚本
09-17
原文:https://blog.csdn.net/m0_37814112/article/details/120220219 说明:k8s系统环境初始化一键脚本
k8s部署前后端分离项目.doc
05-11
k8s+docker部署前后端分离项目详细步骤; 服务器环境k8s为一个主节点,两个子节点,还使用了harbor远程仓库; 前后端分离项目为SpringBoot+vue,其中包含两个jar包一个dist.zip压缩包;
k8s环境部署dvwa靶机
09-01
k8s环境部署dvwa靶机
kubernetes集群部署成功后,在浏览器输入Linux主机IP地址+port端口号访问,无法访问的问题解决
cdbdqn001的博客
01-02 4403
1、这里以k8s单机集群部署为例,所有服务启动完毕 systemctl start etcd systemctl start docker systemctl start kube-apiserver.service systemctl start kube-controller-manager.service systemctl start kube-scheduler.service syst...
安装最新版kubenetes 1.29问题总结
最新发布
weixin_56302282的博客
12-20 673
kubenetes 1.29默认使用containerd作为CRI runtime,但是由于现在大部分kubenetes版本还在使用docker,默认/etc/containerd/config.toml配置文件的disabled_plugins列表默认打开且cri在该列表中,所以!注释掉该行配置即可!3.初始化时可以接参数:--apiserver-advertise-address 本地IP地址,按需再接其余的参数。1.本地hostname写入/etc/hosts文件。
k8s修改集群IP--重置集群
epmgy315的博客
10-09 568
原来IP地址192.168.10.138 k8s-master192.168.10.139 k8s-node1192.168.10.140 k8s-node2 新IP地址192.168.10.148 k8s-master192.168.10.149 k8s-node1192.168.10.150 k8s-node2 cp -Rf /etc/kubernetes/ /etc/kubernetes-...
k8s 中mysql 无法访问_故障排查:Kubernetes 中 Pod 无法正常解析域名
Jerry00713的博客
03-24 7343
问题描述: 最近将 Kubernetes 升级到 1.18.1 版本,不过升级完后,查看工作节点的部分 Pod 无法启动,查看消息全是 connetion timeout 的问题,一看连接超时的地址大部分是以域名方式连接集群内部地址(ClusterIP),少部分是以域名方式连接集群外部地址,通过 IP 进行远程连接的应用倒是没有问题(例如,应用通过 IP 连接 MySQL),由此判断,初步怀疑很可能是 DNS 出现了问题,后来慢慢发现 kube-proxy 中的错误,再定位到 IPVS parseIP E
Docker Desktop 启用Kubernetes失败解决办法
ttaannkkee的博客
02-25 7513
docker desktop 启用kubernetes失败
k8s命令部署k8s环境
08-18
要使用kubectl命令部署k8s环境,可以按照以下步骤进行操作: 1. 首先,使用kubectl create deployment命令创建一个deployment对象来部署你的应用程序。例如,你可以运行以下命令: kubectl create deployment k8s-demo --image=registry.cn-hangzhou.aliyuncs.com/boot-k8s/k8s-demo:1.0 --dry-run=client -o yaml > congge-k8s.yaml 这个命令将创建一个名为k8s-demo的deployment对象,并使用指定的镜像创建容器。并且将输出保存到congge-k8s.yaml文件中。<span class="em">1</span><span class="em">2</span><span class="em">3</span> #### 引用[.reference_title] - *1* *2* *3* [k8s集群部署springboot项目](https://blog.csdn.net/zhangcongyi420/article/details/128461806)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_1"}}] [.reference_item style="max-width: 100%"] [ .reference_list ]

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值