首页 > 其他分享> > 搭建k8s时可能遇到的异常

搭建k8s时可能遇到的异常

2022-02-16 18:31:33 作者：互联网

kubeadm初始化时报错

error execution phase couldn‘t initialize a Kubernetes cluster

这个问题一般是由虚拟机或软件包配置错误错误引起的，需要修改 Docker Cgroup 的驱动程序：

$ vi /etc/docker/daemon.json

{
  "exec-opts": [
      "native.cgroupdriver=systemd"
  ],
  "log-driver": "json-file",
  "log-opts": {
      "max-size": "100m"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
      "overlay2.override_kernel_check=true"
  ],
  "registry-mirrors" : [
      "https://ot2k4d59.mirror.aliyuncs.com/"
  ],
  "graph": "/data/docker"
}

#将 Docker Cgroup 驱动程序修改为 systemd 然后加载配置，重新启动 Docker 服务
$ systemctl daemon-reload
$ systemctl restart docker

kubectl get nodes 查看节点信息时报错

错误：

The connection to the server localhost:8080 was refused - did you specify the right host or port?

解决办法：

//执行以下命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

node加入master时报错

[root@node1 ~]# kubeadm join 192.168.254.100:6443 --token 7r3l16.5yzfksso5ty2zzie     --discovery-token-ca-cert-hash sha256:56281a8be264fa334bb98cac5206aa190527a03180c9f397c253ece41d997e8a 
W0604 10:35:39.924306   13660 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
error execution phase preflight: couldn't validate the identity of the API Server: abort connecting to API servers after timeout of 5m0s
To see the stack trace of this error execute with --v=5 or higher

出现该问题的原因有很多，但主要有两个：

1、Token过期，重新生成token

//重新生成新的token
[root@walker-1 kubernetes]# kubeadm token create
[kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --ttl 0)
aa78f6.8b4cafc8ed26c34f
[root@walker-1 kubernetes]# kubeadm token list
TOKEN                     TTL       EXPIRES                     USAGES                   DESCRIPTION   EXTRA GROUPS
aa78f6.8b4cafc8ed26c34f   23h       2017-12-26T16:36:29+08:00   authentication,signing   <none>        system:bootstrappers:kubeadm:default-node-token

//获取ca证书sha256编码hash值
[root@walker-1 kubernetes]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
0fd95a9bc67a7bf0ef42da968a0d55d92e52898ec37c971bd77ee501d845b538

//节点加入集群
[root@walker-4 nodes]# kubeadm join --token aa78f6.8b4cafc8ed26c34f --discovery-token-ca-cert-hash sha256:0fd95a9bc67a7bf0ef42da968a0d55d92e52898ec37c971bd77ee501d845b538  172.16.6.79:6443 --skip-preflight-checks

2、k8s api server不可达，此时需要检查和关闭所有服务器的firewalld和selinux

[root@master ~]#setenforce 0
[root@master ~]#sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
[root@master ~]#systemctl disable firewalld --now

标签：sha256,kubernetes,遇到,--,token,kubeadm,k8s,root,搭建
来源： https://www.cnblogs.com/Ao0216/p/15901565.html