更换代理
go env -w GOPROXY=https://goproxy.cn
开发环境给匿名用户授权
kubectl create clusterrolebinding test:anonymous --clusterrole=cluster-admin --user=system:anonymous
错误1:
pkg/client/informers/externalversions/factory.go:116: Failed to watch *v1.VirtualMachine: failed to list *v1.VirtualMachine: Get "https://192.168.66.10:6443/apis/cloud.hft.com/v1/virtualmachines?limit=500&resourceVersion=0": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
解决方法:
更换controller的config配置文件,
kubectl config view --raw --output='json' >config
导出后放入 ~/.kube/下面
错误2:
node再次加入集群报错
[root@k8s-node01 ~]# kubeadm join 192.168.66.10:6443 --token abcdef.0123456789abcdef \
> --discovery-token-ca-cert-hash sha256:54a22ad4abd23052e9c40c576b684899ef0778ebedfd9db09e09fed36ea9ea45
[preflight] Running pre-flight checks
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.12. Latest validated version: 19.03
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
[kubelet-check] Initial timeout of 40s passed.
error execution phase kubelet-start: error uploading crisocket: timed out waiting for the condition
To see the stack trace of this error execute with --v=5 or higher
需要重置下node的相关配置后,再执行加入动作
[root@k8s-node01 ~]# kubeadm reset -f
[root@k8s-node01 ~]# kubeadm join 192.168.66.10:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:54a22ad4abd23052e9c40c576b684899ef0778ebedfd9db09e09fed36ea9ea45
错误3:当kube-proxy和kube-flannel同时无法正常启动时,要优先解决kube-proxy
# kubectl logs kube-proxy-l9twb -n kube-system
I0305 01:31:39.411949 1 server.go:488] failed complete: unrecognized feature gate: SupportIPVSProxyMode
goroutine 1 [running]:
k8s.io/kubernetes/vendor/k8s.io/klog/v2.stacks(0xc00000e001, 0xc0004b6000, 0x6e, 0xc0)
通过报错可以看到kube-proxy无法识别SupportIPVSProxyMode这个字段,于是访问官方查看最新版本ipvs开启的正确配置,通过https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/ipvs/README.md可以看到官方说明,我们只要删除这个无效配置即可
由于集群已经初始化成功了,所以现在改kubeadm初始化配置文件没有意义,因为我们需要直接修改kube-proxy的启动配置
查找configMap
# kubectl get cm -n kube-system
NAME DATA AGE
coredns 1 7d
extension-apiserver-authentication 6 7d
kube-flannel-cfg 2 61m
kube-proxy 2 7d
kube-root-ca.crt 1 7d
kubeadm-config 2 7d
kubelet-config-1.20 1 7d
#kubectl edit cm kube-proxy -n kube-system
在编辑模式中找到以下字段,删除后保存退出
featureGates:
SupportIPVSProxyMode: true
然后将删除所有kube-proxy pod进行重启,查看pod运行情况
# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-54d67798b7-hxgxl 1/1 Running 1 6d23h
coredns-54d67798b7-mx5jq 1/1 Running 0 6d23h
etcd-k8s-master01 1/1 Running 2 6d23h
kube-apiserver-k8s-master01 1/1 Running 2 6d23h
kube-controller-manager-k8s-master01 1/1 Running 2 6d23h
kube-flannel-ds-ddmn4 1/1 Running 8 22m
kube-flannel-ds-gsvpt 1/1 Running 8 22m
kube-flannel-ds-njlfp 1/1 Running 8 22m
kube-proxy-4bdm2 1/1 Running 0 8m20s
kube-proxy-667zv 1/1 Running 0 7m55s
kube-proxy-jlnkf 1/1 Running 0 8m6s
kube-scheduler-k8s-master01 1/1 Running 2 6d23h