Comments (7)
Tangxzh317
commented on May 13, 2024
3
这个错误是由于自建的ca证书不被本机信任导致的,只要把ca证书导入到本地信任中心即可。具体只要在每个主机主机上运行一下:cat ca证书文件 >> /etc/pki/tls/certs/ca-bundle.crt 即可。
from kubernetes-handbook.
yewenchuan1688
commented on May 13, 2024
2
问题解决了,应该是忘记了创建 kubectl kubeconfig 文件导致。
$ export KUBE_APISERVER="https://172.20.0.113:6443"
$ # 设置集群参数
$ kubectl config set-cluster kubernetes
--certificate-authority=/etc/kubernetes/ssl/ca.pem
--embed-certs=true
--server=${KUBE_APISERVER}
$ # 设置客户端认证参数
$ kubectl config set-credentials admin
--client-certificate=/etc/kubernetes/ssl/admin.pem
--embed-certs=true
--client-key=/etc/kubernetes/ssl/admin-key.pem
$ # 设置上下文参数
$ kubectl config set-context kubernetes
--cluster=kubernetes
--user=admin
$ # 设置默认上下文
$ kubectl config use-context kubernetes
from kubernetes-handbook.
yewenchuan1688
commented on May 13, 2024
[root@k8s-master ssl]# openssl verify -CAfile ca.pem kubernetes.pem
kubernetes.pem: OK
[root@k8s-master ssl]# openssl verify -CAfile ca.pem kube-proxy.pem
kube-proxy.pem: OK
[root@k8s-master ssl]# openssl verify -CAfile ca.pem admin.pem
admin.pem: OK
from kubernetes-handbook.
yewenchuan1688
commented on May 13, 2024
/etc/kubernetes/apiserver 配置
KUBE_API_ARGS="--authorization-mode=RBAC --runtime-config=rbac.authorization.k8s.io/v1beta1 --kubelet-https=true --experimental-bootstrap-token-auth --token-auth-file=/etc/kubernetes/token.csv --service-node-port-range=30000-32767 --tls-cert-file=/etc/kubernetes/ssl/kubernetes.pem --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem --client-ca-file=/etc/kubernetes/ssl/ca.pem --service-account-key-file=/etc/kubernetes/ssl/ca-key.pem --etcd-cafile=/etc/kubernetes/ssl/ca.pem --etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem --etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem --enable-swagger-ui=true --apiserver-count=3 --audit-log-maxage=30 --audit-log-maxbackup=3 --audit-log-maxsize=100 --audit-log-path=/var/lib/audit.log --event-ttl=1h"
from kubernetes-handbook.
yewenchuan1688
commented on May 13, 2024
[root@k8s-master ssl]# cat /etc/kubernetes/token.csv
4b7ce34c2e85b68aacbac758ef492fa7,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
from kubernetes-handbook.
yewenchuan1688
commented on May 13, 2024
[root@k8s-master ssl]# journalctl -xef -u kubelet
-- Logs begin at 三 2017-08-16 02:59:44 CST. --
8月 16 03:00:04 k8s-master systemd[1]: Started Kubernetes Kubelet Server.
-- Subject: Unit kubelet.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit kubelet.service has finished starting up.
--
-- The start-up result is done.
8月 16 03:00:04 k8s-master systemd[1]: Starting Kubernetes Kubelet Server...
-- Subject: Unit kubelet.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit kubelet.service has begun starting up.
8月 16 03:00:05 k8s-master kubelet[2680]: Flag --api-servers has been deprecated, Use --kubeconfig instead. Will be removed in a future version.
8月 16 03:00:05 k8s-master kubelet[2680]: I0816 03:00:05.138984 2680 feature_gate.go:144] feature gates: map[]
8月 16 03:00:05 k8s-master kubelet[2680]: error: failed to run Kubelet: cannot create certificate signing request: User "kubelet-bootstrap" cannot create certificatesigningrequests.certificates.k8s.io at the cluster scope. (post certificatesigningrequests.certificates.k8s.io)
8月 16 03:00:05 k8s-master systemd[1]: kubelet.service: main process exited, code=exited, status=1/FAILURE
8月 16 03:00:05 k8s-master systemd[1]: Unit kubelet.service entered failed state.
8月 16 03:00:05 k8s-master systemd[1]: kubelet.service failed.
from kubernetes-handbook.
rootsongjc
commented on May 13, 2024
https://github.com/rootsongjc/follow-me-install-kubernetes-cluster 这个项目早就停止更新了,所有的额更改都在本项目中,你看到的可能是过时的配置,请先参考本项目中的安装部署说明。
PS. 提交Issue时应该注意下Markdown的格式化。
from kubernetes-handbook.
Related Issues (20)
- Typo
- gitbook 生成mobi、pdf 失败 HOT 2
- k8s 可以添加证书hosts不存在的主机
- k8s
- k8s 添加node节点问题
- 关于flannel网络插件的安装问题
- 翻译错误:https://www.kubernetes.org.cn/deployment 中“直邮”应该为“只有” HOT 2
- 跪求编译一个epub的版本 HOT 2
- pulumi 不是一个云原生的编程语言 HOT 1
- 编译成本地pdf或者epub时报错 HOT 9
- 最新版PDF格式的的Kubernetes Handbook书签无法正确跳转 HOT 13
- Pause容器 内容错误
- 垃圾收集 小节内容里的版本兼容问题 HOT 1
- 6.5.7 章节缺少说明 HOT 1
- 7.3.4 错别字
- 9.2 SIG 和工作组错别字
- 5.5.5 IP地址写错
- Ceph的块存储简称错误 HOT 1
- Pause 容器小节拼写错误 HOT 1
- Katacoda.com is now closed. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes-handbook.