kubernetes-无法加入主节点-错误执行阶段预检:无法验证API服务器的身份 [英] kubernetes - Couldn't able to join master node - error execution phase preflight: couldn't validate the identity of the API Server

问题描述

我不是k8s的新手，所以对于拥有k8s专业知识的人来说，这可能是一个非常简单的问题.

我正在使用两个节点

1. master-2cpu，2 GB内存
2. worker-1 cpu，1 GB memory
3. 操作系统-Ubuntu-hashicorp/bionic64

我确实成功设置了主节点，我可以看到它已启动并正在运行

vagrant@master:~$ kubectl get nodes
NAME     STATUS   ROLES    AGE   VERSION
master   Ready    master   29m   v1.18.2

这是我生成的令牌

vagrant@master:~$ kubeadm token create --print-join-command
W0419 13:45:52.513532   16403 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join 10.0.2.15:6443 --token xuz63z.todnwgijqb3z1vhz     --discovery-token-ca-cert-hash sha256:d4dadda6fa90c94eca1c8dcd3a441af24bb0727ffc45c0c27161ee8f7e883521 

问题-但是，当我尝试从worker节点加入它时，我会得到

vagrant@worker:~$ sudo kubeadm join 10.0.2.15:6443 --token xuz63z.todnwgijqb3z1vhz     --discovery-token-ca-cert-hash sha256:d4dadda6fa90c94eca1c8dcd3a441af24bb0727ffc45c0c27161ee8f7e883521 
W0419 13:46:17.651819   15987 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
error execution phase preflight: couldn't validate the identity of the API Server: Get https://10.0.2.15:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s: dial tcp 10.0.2.15:6443: connect: connection refused
To see the stack trace of this error execute with --v=5 or higher

这里是被占用的端口

10.0.2.15:2379 
10.0.2.15:2380 
10.0.2.15:68

请注意，我正在使用-

中的CNI

kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

解决方案

以下是我在安装kubernetes时发现的错误-

(有关详细的安装步骤，请遵循-安装步骤)

但这是我犯的主要错误-

Mistake 1- 因为我正在使用VM，所以我的两个VM(主服务器和工作服务器)上都有多个以太网适配器.默认情况下，CNI始终采用 eth0 ，但在我们的情况下，它应为 eth1

1: lo: <LOOPBACK,UP,LOWER_UP>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:bb:14:75 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:fb:48:77 brd ff:ff:ff:ff:ff:ff
    inet 100.0.0.1
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP>

Mistake 2- 我在没有 -的情况下初始化我的 kubeadm 的方式- -apiserver-advertise-address 和 -pod-network-cidr

这是我使用的kubeadm命令-

[vagrant@master ~]$ sudo kubeadm init --apiserver-advertise-address=100.0.0.1 --pod-network-cidr=10.244.0.0/16

Mistake 3- -由于我们的虚拟机中有多个以太网适配器，因此我无法找到一种方法来设置额外的args从切换 eth0 到 calico.yml 配置中的 eth1 .

所以我使用了绒布CNI *

[vagrant@master ~]$ wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

并在args部分中添加- -iface = eth1

- --iface=eth1
        args:
        - --ip-masq
        - --kube-subnet-mgr
        - --iface=eth1

那之后就奏效了

I am novice to k8s, so this might be very simple issue for someone with expertise in the k8s.

I am working with two nodes

1. master - 2cpu, 2 GB memory
2. worker - 1 cpu, 1 GB memory
3. OS - ubuntu - hashicorp/bionic64

I did setup the master node successfully and i can see it is up and running

vagrant@master:~$ kubectl get nodes
NAME     STATUS   ROLES    AGE   VERSION
master   Ready    master   29m   v1.18.2

Here is token which i have generated

vagrant@master:~$ kubeadm token create --print-join-command
W0419 13:45:52.513532   16403 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join 10.0.2.15:6443 --token xuz63z.todnwgijqb3z1vhz     --discovery-token-ca-cert-hash sha256:d4dadda6fa90c94eca1c8dcd3a441af24bb0727ffc45c0c27161ee8f7e883521 

Issue - But when i try to join it from the worker node i get

vagrant@worker:~$ sudo kubeadm join 10.0.2.15:6443 --token xuz63z.todnwgijqb3z1vhz     --discovery-token-ca-cert-hash sha256:d4dadda6fa90c94eca1c8dcd3a441af24bb0727ffc45c0c27161ee8f7e883521 
W0419 13:46:17.651819   15987 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
error execution phase preflight: couldn't validate the identity of the API Server: Get https://10.0.2.15:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s: dial tcp 10.0.2.15:6443: connect: connection refused
To see the stack trace of this error execute with --v=5 or higher

Here are the ports which are occupied

10.0.2.15:2379 
10.0.2.15:2380 
10.0.2.15:68

Note i am using CNI from -

kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

解决方案

Here are mistakes which realized i did during my kubernetes installation -

(For detailed installation step follow - Steps for Installation )

But here are the key mistakes which i did -

Mistake 1 - Since i was working on the VMs so i had multiple ethernet adapter on my both the VMs (master as well as worker ). By default the the CNI always takes the eth0 but i our case it should be eth1

1: lo: <LOOPBACK,UP,LOWER_UP>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:bb:14:75 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:fb:48:77 brd ff:ff:ff:ff:ff:ff
    inet 100.0.0.1
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP>

Mistake 2- The way i was initializing the my kubeadm without --apiserver-advertise-address and --pod-network-cidr

So here is kubeadm command which i used -

[vagrant@master ~]$ sudo kubeadm init --apiserver-advertise-address=100.0.0.1 --pod-network-cidr=10.244.0.0/16

Mistake 3 - - Since we have mulitple ethernet adapter in our VMs so i coudln't find the a way to set up extra args to switch from eth0 to eth1 in calico.yml configuration.

So i used flannel CNI*

[vagrant@master ~]$ wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

and in the args section added - --iface=eth1

- --iface=eth1
        args:
        - --ip-masq
        - --kube-subnet-mgr
        - --iface=eth1

And it worked after that

这篇关于kubernetes-无法加入主节点-错误执行阶段预检:无法验证API服务器的身份的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！