kubelet启动失败

Question

kubelet启动失败

wajika opened this issue 4 years ago · comments

我按照kubernetes-the-hard-way的步骤走到创建 worker节点的步骤
启动worker 节点的kubelet服务时出现报错

Apr 13 16:29:47 k8s-node-1 kubelet[20520]: E0413 16:29:47.049611 20520 reflector.go:125] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: Get https://192.168.51.166:6443/api/v1/pods?fieldSelector=spec.nodeName%3Dk8s-node-1&limit=500&resourceVersion=0: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "Kubernetes")

我该怎么排查？

kubectl get nodes --kubeconfig admin.kubeconfig
结果是空的

执行其他命令是正常的
kubectl get componentstatuses
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health":"true"}

wajika · Answer 1 · Wed Apr 15 2020 15:02:48 GMT+0800 (China Standard Time)

我找了一下kelseyhightower的issues页面，好像没几个人有提到x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "Kubernetes")的报错

Pengfei Ni · Answer 2 · Wed Apr 15 2020 17:08:24 GMT+0800 (China Standard Time)

检查一下 /var/lib/kubelet/kubeconfig 里面的证书是不是有问题？

wajika · Answer 3 · Wed Apr 15 2020 17:26:42 GMT+0800 (China Standard Time)

/var/lib/kubelet/kubeconfig
应该和哪个文件比较呢？

wajika · Answer 4 · Wed Apr 15 2020 18:21:37 GMT+0800 (China Standard Time)

走到controller节点安装完毕后，还没到安装worker节点的步骤
执行curl 就报403
curl --cacert ca.pem https://192.168.51.169:6443/api

Pengfei Ni · Answer 5 · Wed Apr 15 2020 19:58:13 GMT+0800 (China Standard Time)

还没到worker安装的话，那可能是证书生成错误了。重新生成证书试试？