k8s join 集群报错之error execution phase kubelet-start: error uploading crisocket:

已于 2022-03-09 17:47:41 修改
阅读量6.9k 收藏 13
点赞数 1
CC 4.0 BY-SA版权
分类专栏: K8s 文章标签: kubernetes docker 容器
于 2022-03-02 12:40:09 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/red_sky_blue/article/details/123225583

【问题描述1】

主节点上误删了/etc/kubernetes下的文件,当做kubeadm init的时候,找不到对应的key文件

invalid or incomplete external CA: failure loading key for apiserver: couldn't load the private key file /etc/kubernetes/pki/apiserver.key: open /etc/kubernetes/pki/apiserver.key: no such file or directory

【解决方案1】

删除“$HOME/.kube/config”文件并执行kubeadm reset命令方可解除

然后提示还有没有清除的,没关系,在执行kubeadm init

kubeadm init \
--apiserver-advertise-address=10.1.1.2 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.23.4 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16

执行结果如下

# kubeadm init \
> --apiserver-advertise-address=10.1.1.2 \
> --image-repository registry.aliyuncs.com/google_containers \
> --kubernetes-version v1.23.4 \
> --service-cidr=10.96.0.0/12 \
> --pod-network-cidr=10.244.0.0/16
[init] Using Kubernetes version: v1.23.4
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [host-10-19-83-151 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 10.1.1.2]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [host-10-19-83-151 localhost] and IPs [10.1.1.2 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [host-10-19-83-151 localhost] and IPs [10.1.1.2 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 17.013797 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.23" in namespace kube-system with the configuration for the kubelets in the cluster
NOTE: The "kubelet-config-1.23" naming of the kubelet ConfigMap is deprecated. Once the UnversionedKubeletConfigMap feature gate graduates to Beta the default name will become just "kubelet-config". Kubeadm upgrade will handle this transition transparently.
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node host-10-19-83-151 as control-plane by adding the labels: [node-role.kubernetes.io/master(deprecated) node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node host-10-19-83-151 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: 03gvkq.6yrna2idj2ohf6kp
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.1.1.2:6443 --token 03gvkq.6yrna2idj2ohf6kp \
        --discovery-token-ca-cert-hash sha256:0259526fb22e1503cb64c2df3f278cc421f33bf5fb9c918f43f94f49f2f13bf1 

[root@host-10-19-83-151 foot]# kubectl apply -f kube-flannel.yml 
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/psp.flannel.unprivileged created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
Warning: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key: beta.kubernetes.io/os is deprecated since v1.14; use "kubernetes.io/os" instead
Warning: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[1].key: beta.kubernetes.io/arch is deprecated since v1.14; use "kubernetes.io/arch" instead
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created
[root@host-10-19-83-151 foot]#

 【问题描述2】集群删除后再加入时,报错入截图

 【解决方案2】

执行以下命令

swapoff -a
kubeadm reset
rm /etc/cni/net.d/* -f
systemctl daemon-reload
systemctl restart kubelet
iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X

执行结果如下,执行完后,在重新join 

[root@host-10-19-83-154 kubernetes]# swapoff -a
[root@host-10-19-83-154 kubernetes]# kubeadm reset
[reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted.
[reset] Are you sure you want to proceed? [y/N]: y
[preflight] Running pre-flight checks
W0302 12:27:49.302069     664 removeetcdmember.go:80] [reset] No kubeadm config, using etcd pod spec to get data directory
[reset] No etcd config found. Assuming external etcd
[reset] Please, manually reset etcd to prevent further issues
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]
[reset] Deleting contents of stateful directories: [/var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni]

The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d

The reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually by using the "iptables" command.

If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your system's IPVS tables.

The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.
[root@host-10-19-83-154 kubernetes]# rm /etc/cni/net.d/* -f
[root@host-10-19-83-154 kubernetes]# systemctl daemon-reload
[root@host-10-19-83-154 kubernetes]# systemctl restart kubelet
[root@host-10-19-83-154 kubernetes]# iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
[root@host-10-19-83-154 kubernetes]# 
[root@host-10-19-83-154 kubernetes]# kubeadm join 10.1.1.2:6443 --token 03gvkq.6yrna2idj2ohf6kp \
>         --discovery-token-ca-cert-hash sha256:0259526fb22e1503cb64c2df3f278cc421f33bf5fb9c918f43f94f49f2f13bf1 
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

在master上验证下,kubectl get nodes ,已加入集群

# kubectl  get nodes
NAME                STATUS   ROLES                  AGE     VERSION
master   Ready    control-plane,master   26m     v1.23.4
node1    Ready    <none>                 10m     v1.23.4
node2    Ready    <none>                 9m58s   v1.23.4

node重新加入error execution phase kubelet-start: error uploading crisocket: Unauthorized
云深海阔专栏
05-12 2865
报错内容如下 [root@k8s-node1 ~]# swapoff -a [root@k8s-node1 ~]# kubeadm reset [reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted. [reset] Are you sure you want to proceed? [y/N]: y [preflight] Running pre-flight chec
hadoop:运行时报错“No such file or directory”...如何解决?
最新发布
**My Coding Family**
04-27 765
🏆 本文收录于《全栈Bug调优(实战版)》专栏,致力于分享我在项目实战过程中遇到的各类Bug及其原因,并提供切实有效的解决方案。无论你是初学者还是经验丰富的开发者,本文将为你指引出一条更高效的Bug修复之路,助你早日登顶,迈向财富自由的梦想🚀!同时,欢迎大家关注、收藏、订阅本专栏,更多精彩内容正在持续更新中。让我们一起进步,Up!Up!Up!    备注: 部分问题/难题源自互联网,但经过精心筛选和整理,保证每一条解决方案都经过实战验证,真实可靠。
error execution phase kubelet-start: error uploading crisocket:nodes “node02” not found:
qq_55262911的博客
12-14 539
重新加入master节点。
kubeadm join 集群报错 error execution phase kubelet-start 处理
临江仙我亦是行人
02-16 3488
error execution phase kubelet-start: error uploading crisocket: timed out waiting for the condition
error execution phase kubelet-start: error uploading crisocket: timed out waiting for the condition
hedao0515的专栏
09-18 2482
k8s 1.15.0版本添加node节点报错error execution phase kubelet-start: error uploading crisocket: timed out waiting for the condition
kubeadm join 超时报错 error execution phase kubelet-start: error uploading crisocket: timed out waiting
500Error
07-21 1733
解决: swapoff -a kubeadm reset systemctl daemon-reload systemctl restart kubelet iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
K8S中遇到的问题
NiuXL的编程技术网络日志
06-10 2130
文章目录1. error execution phase kubelet-start: error uploading crisocket: timed out waiting for the condition2. error execution phase preflight: couldn’t validate the identity of the API Server: abort connecting to API servers after timeout of 5m0s3. Error f.
k8s节点加入master节点时超时:Initial timeout of 40s passed
u012034742的专栏
11-14 1万+
今天误操作,执行yum update时将kubeadm kubectl 跨版本升级了;由1.17.4升级到1.22.3,从而导致集群部分节点不可用。还好是自己电脑上搭建的测试集群。 解决该问题花了很长时间,现在对遇到的问题进行总结。 在master节点下执行,kubectl version 可以看到客户端和服务端的版本不一致。 Client Version: version.Info{Major:"1", Minor:"22", GitVersion:"v1.22.3", GitCommit:"c9
K8S实战部署系列-kubeadman安装K8Sv1.23.1(Ubuntu18.04)
梧桐翁的博客
01-11 1528
使用初始化完成系统 root@minikube:~# cat /proc/version Linux version 5.4.0-92-generic (buildd@lcy01-amd64-026) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #103~18.04.2-Ubuntu SMP Wed Dec 1 16:50:36 UTC 2021 1、系统环境 名称 ip 主机名 操作系统 master节点 192.168.3.22 master01
【ubutnu24.04】k8s部署3:重新安装1.31.0并init成功
突围
08-15 831
#!/bin/sh sudo systemctl restart containerd sudo systemctl status containerd
基于docker-k8s的web集群
weixin_47226172的博客
03-15 570
master+ansible  192.168.2.72       # 使用pod      4核4G 20Gi node1                192.168.2.73 &nb.
k8s问题汇总
08-16 3834
本文章为记录使用k8s遇到的问题和解决方法,文章持续更新中…
k8s-error execution phase upload-config/kubelet: Error writing Crisocket...
q_hsolucky的博客
04-19 2798
k8s之前部署过,由于安装harbor的时候导致k8s服务都挂掉了,采用了粗暴的方法将集群reset了,重新初始化k8s集群的时候遇到了上面的问题,参考https://blog.youkuaiyun.com/weixin_41831919/article/details/118713869 得到了解决,可以多加参看原博主的文章,在这里觉得一样方便地话,也可以尝试解决: swapoff -a kubeadm reset systemctl daemon-reload systemctl restart kub...
k8s入门系列---- Node Affinity--use
justlpf的专栏
08-17 544
K8S 跟POD调度相关的三个概念:Node Affinity(节点亲和性),Taints(污点),Tolerations(容忍度),这节先讲下Node Affinity(节点亲和性)。Affinity中文意思 ”亲和性” ,跟nodeSelect 类似,根据节点上的标签来调度 POD 在哪些节点上创建。硬策略表示POD 必须部署到满足条件的节点上,如果没有满足条件的节点,就不停重试。
Kubernetes集群环境搭建(简单易懂)
weixin_44411385的博客
04-30 1858
本次Kubernetes集群环境搭建使用的是一主两从的环境,即一个master节点和两个node节点。准备好三台虚拟机。硬件环境的要求:CPU:2核;Memory:2G;软件环境的要求:使用CentOS 7版本的操作系统。
k8s安装遇到错误: failed to load Kubelet config file /var/lib/kubelet/config.yaml, error failed to read kub
热门推荐
yuxuan89814的专栏
06-25 5万+
安装完kube后启动一直启动失败 安装: yum install docker-ce kubelet-1.11.1 kubeadm-1.11.1 kubectl-1.11.1 kubernetes-cni 启动kubelet失败 sysemctl status kubelet.service bash: sysemctl: command not found... [root@localhost rpm]# systemctl status kubelet.service ● kubelet.
K8s部署部署遇到问题及解决方法
你的微笑乱了夏天
05-27 6160
问题1:To see the stack trace of this error execute with --v=5 or higher 这是因为服务器的内存及处理器内核总数配置过低导致,需要提升配置 问题2:/proc/sys/net/bridge/bridge-nf-call-iptables does not exist 解决方法 modprobe br_netfilter echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables e
couldn‘t load private key(unable to open file)
weixin_45440502的博客
08-22 3372
选择在启动实例时指定的密钥对的 .pem 文件,然后选择 Open (打开)。PuTTYgen 会显示一个通知,指示已成功导入 .pem 文件。选择 OK。。。。但是我这里选了pem文件,说的还是couldn’t load private key AWS官方Window环境用Putty连接 实例: 把pem文件用ASCII编码方式保存到桌面,即可 ...
no such file or directory
爱吃鱼的小明的博客
11-18 1092
pod启动一分钟了 还是出去未创建的状态,发现是无法下载镜像, [root@k8s-m01 pod]# kubectl get pod NAME READY STATUS RESTARTS AGE nginx 0/1 ContainerCreating 0 1m [root@k8s-m01 pod]# kubectl describe pod nginx FirstSeen LastSeen Count From
error execution phase upload-config/kubelet: Error writing Crisocket information for the control-plane node: nodes "k8s231" not found
03-10
这个错误是在上传配置文件时出现的,具体是kubelet执行阶段的错误。错误信息显示无法写入控制平面节点的Crisocket信息,原因是找不到名为"k8s231"的节点。 可能的原因是: 1. 节点名称输入错误:请确保节点名称正确,与实际的节点名称一致。 2. 节点不存在:检查集群中是否存在名为"k8s231"的节点,如果不存在,请创建该节点或者使用正确的节点名称。 如果以上解决方法无效,请提供更多详细信息,以便我能够更准确地帮助您解决问题。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值