Unable to connect to the server: x509: certificate is valid for kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster, kubernetes.default.svc.cluster.local., not xxx

k8s部署问题简记

Unable to connect to the server: x509: certificate is valid for kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster, kubernetes.default.svc.cluster.local., not kube-master

看到这个错误,请注意最后not后的参数,我这里是 kube-master,请将这个值添加到 kubernetes-csr.json 中,举例:

cat > kubernetes-csr.json <<EOF
{
  "CN": "kubernetes-master",
  "hosts": [
    "127.0.0.1",
    "kube-master", ##这里加上master节点的名称映射
    "192.168.87.143",
    "192.168.87.144",
    "192.168.87.145",
    "kubernetes",
    "kubernetes.default",
    "kubernetes.default.svc",
    "kubernetes.default.svc.cluster",
    "kubernetes.default.svc.cluster.local."
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "BeiJing",
      "L": "BeiJing",
      "O": "k8s",
      "OU": "opsnull"
    }
  ]
}
EOF

重新生成 kubernets证书和密钥,举例

cfssl gencert -ca=/opt/k8s/work/ca.pem \
  -ca-key=/opt/k8s/work/ca-key.pem \
  -config=/opt/k8s/work/ca-config.json \
  -profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes
ls kubernetes*pem
cp kubernetes*pem /etc/kubernetes/cert

重启 kube-apiserver

systemctl restart kube-apiserver

测试

kubectl cluster-info

出现下图说明正常了

引用书籍:https://s.itho.me/day/2017/k8s/1020-1100 All The Troubles You Get Into When Setting Up a Production-ready Kubernetes Cluster.pdf

posted @ 2020-03-26 16:17  东北小狐狸  阅读(5240)  评论(0编辑  收藏  举报