kubelet启动失败
wajika opened this issue · comments
我按照kubernetes-the-hard-way的步骤走到创建 worker节点的步骤
启动worker 节点的kubelet服务时出现报错
Apr 13 16:29:47 k8s-node-1 kubelet[20520]: E0413 16:29:47.049611 20520 reflector.go:125] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: Get https://192.168.51.166:6443/api/v1/pods?fieldSelector=spec.nodeName%3Dk8s-node-1&limit=500&resourceVersion=0: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "Kubernetes")
我该怎么排查?
kubectl get nodes --kubeconfig admin.kubeconfig
结果是空的
执行其他命令是正常的
kubectl get componentstatuses
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health":"true"}
我找了一下kelseyhightower的issues页面,好像没几个人有提到x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "Kubernetes")的报错
检查一下 /var/lib/kubelet/kubeconfig 里面的证书是不是有问题?
/var/lib/kubelet/kubeconfig
应该和哪个文件比较呢?
走到controller节点安装完毕后,还没到安装worker节点的步骤
执行curl 就报403
curl --cacert ca.pem https://192.168.51.169:6443/api
还没到worker安装的话,那可能是证书生成错误了。重新生成证书试试?