k8s 报错总结
1. kubeadm join 报错
错误信息:
error execution phase preflight: couldn't validate the identity of the API Server: abort connecting to API servers after timeout of 5m0s
错误原因:token 过期导致
解决办法: 主节点创建新 token
1 [root@k8s-master ~]# kubeadm token create //重新生成 token 2 xapc7r.w9y47e7vpvdbanzy 3 [root@k8s-master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' 4 e717a1a7f6184f186c2999457e2d4eff1b5f66c5c3a4a2a770d5fab9be4f9769 5 [root@localhost ~]# kubeadm join 192.168.243.134:6443 --token xapc7r.w9y47e7vpvdbanzy \ //重新 nodeJoin 6 > --discovery-token-ca-cert-hash sha256:e717a1a7f6184f186c2999457e2d4eff1b5f66c5c3a4a2a770d5fab9be4f9769 7 [preflight] Running pre-flight checks 8 [preflight] Reading configuration from the cluster... 9 [preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml' 10 [kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.15" ConfigMap in the kube-system namespace 11 [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" 12 [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" 13 [kubelet-start] Activating the kubelet service 14 [kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap... 15 16 This node has joined the cluster: 17 * Certificate signing request was sent to apiserver and a response was received. 18 * The Kubelet was informed of the new secure connection details. 19 20 Run 'kubectl get nodes' on the control-plane to see this node join the cluster. 21 22 [root@localhost ~]#
