error execution phase preflight: couldn't validate the identity of the API Server.. x509: certificate has expired or is not yet valid:...
错误:
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
error execution phase preflight: couldn't validate the identity of the API Server: Get "https://10.10.102.155:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s": x509: certificate has expired or is not yet valid: current time 2022-06-24T10:13:50+08:00 is before 2022-06-24T03:06:38Z
To see the stack trace of this error execute with --v=5 or higher
Error: exec command failed 10.10.102.197 [cat /etc/hosts |grep '10.10.102.155 sea.hub' || echo '10.10.102.155 sea.hub' >> /etc/hosts seautil certs --node-ip 10.10.102.197 --node-name node197 --service-cidr 10.96.0.0/22 --alt-names 127.0.0.1 --alt-names apiserver.cluster.local --alt-names 10.103.97.2 --alt-names 10.10.102.155 --alt-names 10.10.102.156 --alt-names 10.10.102.197 --alt-names 127.0.0.1 --alt-names apiserver.cluster.local --alt-names 10.103.97.2 --alt-names 172.16.0.181 --alt-names apiserver.cluster.local cat /etc/hosts |grep '10.10.102.155 apiserver.cluster.local' || echo '10.10.102.155 apiserver.cluster.local' >> /etc/hosts kubeadm join --config=/var/lib/sealer/data/my-cluster/rootfs/etc/kubeadm.yml -v 0 --ignore-preflight-errors=SystemVerification sed "s/10.10.102.155 apiserver.cluster.local/10.10.102.197 apiserver.cluster.local/g" < /etc/hosts > hosts && cp -f hosts /etc/hosts rm -rf .kube/config && mkdir -p /root/.kube && cp /etc/kubernetes/admin.conf /root/.kube/config] failed to execute command(kubeadm join --config=/var/lib/sealer/data/my-cluster/rootfs/etc/kubeadm.yml -v 0 --ignore-preflight-errors=SystemVerification) on host(10.10.102.197): error(Process exited with status 1)
出现该问题可能有多种原因:
1. token 过期
此时需要通过 kubedam 重新生成 token
kubeadm token create --print-join-command
2. k8s apiserver 不可达
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
systemctl disable firewalld --now
3. 这几台虚拟机的时间不同步
查看时间,分别在这几台虚拟机中执行:
date
查看时间是否相同,如果不同,则要进行同步。
时间同步:分别在这几台虚拟机中执行:
yum -y install ntp
ntpdate -u cn.pool.ntp.org
出了其他问题可以重启看看