[当我将新节点作为主节点加入群集时。我得到了错误。我的集群版本是1.17.0。我在节点上执行的命令是:kubeadm join 192.168.1.120:6443 --token 5hbl78.99jlbgerstlkecss --discovery-token-ca-cert-hash sha256:0beb43185fa6a346fe57bd97cbb22afb128e6267bb80403ba2e7f388588e3256 --control-plane --certificate-key a056ad6f0ba73e736401027a1f078d7195b1aadaf2ac2eca6d773edc98d01483
我收到以下错误:
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
error execution phase preflight:
One or more conditions for hosting a new control plane instance is not satisfied.
unable to add a new control plane instance a cluster that doesn't have a stable controlPlaneEndpoint address
Please ensure that:
* The cluster has a stable controlPlaneEndpoint address.
* The certificates that must be shared among control plane instances are provided.
To see the stack trace of this error execute with --v=5 or higher
主节点上的kubeadm配置为:
root@k8s-master01:kubernetes#kubectl -n kube-system get cm kubeadm-config -oyaml
apiVersion: v1
data:
ClusterConfiguration: |
apiServer:
certSANs:
- 192.168.1.120
- 192.168.1.121
- 192.168.1.122
extraArgs:
authorization-mode: Node,RBAC
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
external:
caFile: /work/deploy/kubernetes/security/ca.pem
certFile: /work/deploy/kubernetes/security/etcd.pem
endpoints:
- https://192.168.1.120:2379
- https://192.168.1.121:2379
- https://192.168.1.122:2379
keyFile: /work/deploy/kubernetes/security/etcd.key
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.17.0
networking:
dnsDomain: cluster.local
podSubnet: 192.168.0.0/16
serviceSubnet: 10.10.0.0/16
scheduler: {}
ClusterStatus: |
apiEndpoints:
k8s-master01:
advertiseAddress: 192.168.1.120
bindPort: 6443
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterStatus
kind: ConfigMap
metadata:
creationTimestamp: "2020-02-20T05:27:10Z"
name: kubeadm-config
namespace: kube-system
resourceVersion: "8315"
selfLink: /api/v1/namespaces/kube-system/configmaps/kubeadm-config
uid: a32b2f9b-41c3-4822-b8cb-c30c922fbddb
此问题已在StackOverflow中提及,但尚未解决
我重置了集群,并清理了etcd数据。然后,我用keepalive配置了VIP,然后通过haproxy将VIP负载平衡配置到了两个节点(我打算作为两个主节点)。之后,我配置了kubeadm-config.yaml。修改controlPlaneEndpoint值为LB的VIP:PORT。然后我执行“ kubeadm init --config kubeadm.conf --upload-certs”。我收到以下错误:
[control-plane] Creating static Pod manifest for "kube-scheduler"
W0221 10:58:26.827277 18370 manifests.go:214] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.
Unfortunately, an error has occurred:
timed out waiting for the condition
This error is likely caused by:
- The kubelet is not running
- The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)
If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
- 'systemctl status kubelet'
- 'journalctl -xeu kubelet'
Additionally, a control plane component may have crashed or exited when started by the container runtime.
To troubleshoot, list all containers using your preferred container runtimes CLI, e.g. docker.
Here is one example how you may list all Kubernetes containers running in docker:
- 'docker ps -a | grep kube | grep -v pause'
Once you have found the failing container, you can inspect its logs with:
- 'docker logs CONTAINERID'
error execution phase wait-control-plane: couldn't initialize a Kubernetes cluster
To see the stack trace of this error execute with --v=5 or higher
**root@k8s-master01:kubernetes#journalctl -xeu kubelet**
2月 21 11:05:04 k8s-master01 kubelet[22546]: E0221 11:05:04.698260 22546 reflector.go:156] k8s.io/kubernetes/pkg/kubelet/kubelet.go:449: Failed to list *v1.Service: Get https://192.168.1.121:6443/api/v1/services?limit=500&resour
2月 21 11:05:04 k8s-master01 kubelet[22546]: E0221 11:05:04.781676 22546 kubelet.go:2263] node "k8s-master01" not found
2月 21 11:05:04 k8s-master01 kubelet[22546]: E0221 11:05:04.881928 22546 kubelet.go:2263] node "k8s-master01" not found
2月 21 11:05:04 k8s-master01 kubelet[22546]: E0221 11:05:04.895805 22546 reflector.go:156] k8s.io/kubernetes/pkg/kubelet/kubelet.go:458: Failed to list *v1.Node: Get https://192.168.1.121:6443/api/v1/nodes?fieldSelector=metadata
2月 21 11:05:04 k8s-master01 kubelet[22546]: E0221 11:05:04.983615 22546 kubelet.go:2263] node "k8s-master01" not found
2月 21 11:05:05 k8s-master01 kubelet[22546]: E0221 11:05:05.084247 22546 kubelet.go:2263] node "k8s-master01" not found
2月 21 11:05:05 k8s-master01 kubelet[22546]: E0221 11:05:05.106561 22546 reflector.go:156] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:46: Failed to list *v1.Pod: Get https://192.168.1.121:6443/api/v1/pods?fieldSelector=sp
2月 21 11:05:05 k8s-master01 kubelet[22546]: E0221 11:05:05.184665 22546 kubelet.go:2263] node "k8s-master01" not found
2月 21 11:05:05 k8s-master01 kubelet[22546]: E0221 11:05:05.284792 22546 kubelet.go:2263] node "k8s-master01" not found
其他信息:我的VIP的端点是:192.168.1.200:6001。而haproxy LB VIP'端点到两个主apiserver端点(192.168.1.120:6443,192.168.1.121:6443)
当您使用kubeadm设置第一个主节点时,您应该在以下命令下运行:
sudo kubeadm init --config kubeadm-config.yaml --upload-certs
检查kubeadm-config.yaml
文件的内容。它应该有controlPlaneEndpoint
。该值应为LOAD_BALANCER_DNS:LOAD_BALANCER_PORT
。
现在,如果您在Kubernetes API服务器之前没有Loadabalancer,建议您将其设置为主节点的公共IP。
--upload-certs
标志应注意与证书有关的错误。
还可以编辑ConfigMap并添加controlPlaneEndpoint
。
Kubeadm-config.yaml的内容应类似于
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: stable
controlPlaneEndpoint: "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT"
etcd:
external:
endpoints:
- https://ETCD_0_IP:2379
- https://ETCD_1_IP:2379
- https://ETCD_2_IP:2379
caFile: /etc/kubernetes/pki/etcd/ca.crt
certFile: /etc/kubernetes/pki/apiserver-etcd-client.crt
keyFile: /etc/kubernetes/pki/apiserver-etcd-client.key