草庐IT

k8s报错收集汇总

520nobody 2023-10-02 原文

文章目录

报错信息:name: Invalid value: "openstack_controller

name: Invalid value: “openstack_controller”: a DNS-1123 subdomain must
consist of lower case alphanumeric characters, ‘-’ or ‘.’, and must
start and end with an alphanumeric character (e.g. ‘example.com’,
regex used for validation is
a-z0-9?(.a-z0-9?)*’)

执行的命令为:

kubeadm init --apiserver-advertise-address=192.168.2.111
–image-repository registry.aliyuncs.com/google_containers
–kubernetes-version v1.15.4
–service-cidr=10.1.0.0/16
–pod-network-cidr=10.244.0.0/16

解决办法:

k8s master节点需要修改主机名儿

报错:k8s-master上:执行kubectl get nodes获得的内容全是NotReady(workaroud方法)

messages报错信息:

[root@k8s-master ]# kubectl get nodes
NAME         STATUS     ROLES    AGE   VERSION
k8s-master   NotReady   master   15h   v1.15.4

[root@k8s-master root]# cat /var/log/messages| tail -100
Jun 11 16:50:45 k8s-master kubelet: W0611 16:50:45.022114    3843 cni.go:213] Unable to update cni config: No networks found in /etc/cni/net.d
Jun 11 16:50:46 k8s-master kubelet: E0611 16:50:46.182436    3843 kubelet.go:2173] Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized
Jun 11 16:50:46 k8s-master su: (to root) root on none

解决办法:

使用命令vim /var/lib/kubelet/kubeadm-flags.env编辑配置文件,删除掉–network-plugin=cni
KUBELET_KUBEADM_ARGS=–cgroup-driver=systemd --cni-bin-dir=/opt/cni/bin --cni-conf-dir=/etc/cni/net.d --network-plugin=cni
master节点和node节点都删除掉–network-plugin=cni。
systemctl restart kubelet

报错:k8s-node上:执行kubectl get nodes获得的内容全是NotReady(workaroud方法)

具体报错前操作了什么?

1)在k8s-node上执行kubeadm join xxx,成功将k8s-node加入k8s-master集群
2)在k8s-master上执行kubectl get nodes然后显示k8s-node NotReady

解决办法:

-------- 在k8s-node上执行---------------------:
1)使用命令vim /var/lib/kubelet/kubeadm-flags.env编辑配置文件,删除掉–network-plugin=cni
2) systemctl restart kubelet

报错:k8s-master上:执行kubectl get nodes获得的内容全是NotReady(根本解决)

解决办法:

下载并安装flannel资源配置清单(k8s-master)

[root@k8s-master ~]#  wget   https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
[root@k8s-master ~]# kubectl apply -f kube-flannel.yml

报错:k8s-node上:执行kubectl get nodes获得的内容全是NotReady(根本解决)

解决办法:

[root@k8s-node ~]#  wget   https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
[root@k8s-node ~]# kubectl apply -f kube-flannel.yml 

如果报错:
unable to recognize "kube-flannel.yml": Get http://localhost:8080/api?timeout=32s: dial tcp [::1]:8080: connect: connection refused

在k8s-master执行:
scp /etc/kubernetes/admin.conf k8s-node:/etc/kubernetes/
在k8s-node服务器上继续执行下面:
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile

然后继续再k8s-node上执行:[root@k8s-node ~]# kubectl apply -f kube-flannel.yml 
如果又有了新的报错:
unable to recognize "kube-flannel.yml": Get http://localhost:8080/api?timeout=32s: dial tcp [::1]:8080: connect: connection refused

继续在节点上查看日志:
journalctl -f -u kubelet.service

-- Logs begin at Sun 2022-05-22 15:56:39 CST. --
Jun 12 01:58:25 k8s-node1 kubelet[18185]: W0612 01:58:25.304325   18185 cni.go:213] Unable to update cni config: No networks found in /etc/cni/net.d  #这里是关键
Jun 12 01:58:28 k8s-node1 kubelet[18185]: E0612 01:58:28.680599   18185 kubelet.go:2173] Container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized
Jun 12 01:58:40 k8s-node1 kubelet[18185]: I0612 01:58:40.262575   18185 reconciler.go:203] operationExecutor.VerifyControllerAttachedVolume started for volume "config-volume" (UniqueName: "kubernetes.io/configmap/e044783d-f0c9-41d8-8072-e9689e183041-config-volume") pod "coredns-bccdc95cf-6nsqm" (UID: "e044783d-f0c9-41d8-8072-e9689e183041")
Jun 12 01:58:40 k8s-node1 kubelet[18185]: I0612 01:58:40.262765   18185 reconciler.go:203] operationExecutor.VerifyControllerAttachedVolume started for volume "coredns-token-crdjx" (UniqueName: "kubernetes.io/secret/e044783d-f0c9-41d8-8072-e9689e183041-coredns-token-crdjx") pod "coredns-bccdc95cf-6nsqm" (UID: "e044783d-f0c9-41d8-8072-e9689e183041")
Jun 12 01:58:40 k8s-node1 kubelet[18185]: I0612 01:58:40.362972   18185 reconciler.go:203] operationExecutor.VerifyControllerAttachedVolume started for volume "config-volume" (UniqueName: "kubernetes.io/configmap/1807838b-7ad6-4cb6-8058-06cad3b5ea95-config-volume") pod "coredns-bccdc95cf-s4j8z" (UID: "1807838b-7ad6-4cb6-8058-06cad3b5ea95")
Jun 12 01:58:40 k8s-node1 kubelet[18185]: I0612 01:58:40.363029   18185 reconciler.go:203] operationExecutor.VerifyControllerAttachedVolume started for volume "coredns-token-crdjx" (UniqueName: "kubernetes.io/secret/1807838b-7ad6-4cb6-8058-06cad3b5ea95-coredns-token-crdjx") pod "coredns-bccdc95cf-s4j8z" (UID: "1807838b-7ad6-4cb6-8058-06cad3b5ea95")
Jun 12 01:58:40 k8s-node1 kubelet[18185]: W0612 01:58:40.752013   18185 pod_container_deletor.go:75] Container "658a0cf5b5996d943d4d96001849bb5125cfa6271b537944e8215794c6820684" not found in pod's containers

解决方法,将master上/etc/cni/net.d 目录下的文件拷贝到有问题的节点上:

最后在k8-master再去执行:

[root@k8s-master ~]# kubectl get nodes

报错信息: 节点加入kubeletes的master的时候报错问题解决

错误信息:

[root@k8s-master ~]# kubeadm join --token vnjgrg.olh7ojs0x3jp4wnr 111.167.19.21:6443 --discovery-token-ca-cert-hash  sha256:ae85df1d602c969dea5a047dc04fdd3603045053df6b8e5f662472dfe4f9d017
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.14. Latest validated version: 18.09
error execution phase preflight: [preflight] Some fatal errors occurred:
        [ERROR DirAvailable--etc-kubernetes-manifests]: /etc/kubernetes/manifests is not empty
        [ERROR FileAvailable--etc-kubernetes-kubelet.conf]: /etc/kubernetes/kubelet.conf already exists
        [ERROR Port-10250]: Port 10250 is in use
        [ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`

解决办法:

在节点上先执行如下命令,清理kubeadm的操作,然后再重新执行join 命令: kubeadm reset

报错:The connection to the server 11.89.46.19:6443 was refused - did you specify the right host or port?

执行命令:

[root@k8s-master root]# kubectl get nodes

报错信息:

[---------------- 在k8s-master上执行 -----------------------]
The connection to the server 11.89.46.19:6443 was refused - did you
specify the right host or port?

解决方法:

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config #关键
chown ( i d − u ) : (id -u): (idu):(id -g) $HOME/.kube/config

报错:error execution phase preflight: couldn‘t validate the identity of the API Server: abort connecting

执行命令:

执行k8s-node加入k8s-master

报错详情:

[root@k8s-node1 root]# kubeadm join 11.17.16.13:6443 --token y7t804.giub7rn6rldhpxig     --discovery-token-ca-cert-hash sha256:1b8ad1f8e140740d325beb52e6717f44abfx4319a0baf09d10cf38695cbd5d94
[preflight] Running pre-flight checks
error execution phase preflight: couldn't validate the identity of the API Server: Get "https://11.167.169.13:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s": dial tcp 11.167.169.13:6443: connect: connection refused
To see the stack trace of this error execute with --v=5 or higher

解决办法一:

1、token 过期
此时需要通过kubedam重新生成token

[root@master ~]#kubeadm token generate #生成token
7r3l16.5yzfksso5ty2zzie #下面这条命令中会用到该结果
[root@master ~]# kubeadm token create 7r3l16.5yzfksso5ty2zzie  --print-join-command --ttl=0  #根据token输出添加命令
W0604 10:35:00.523781   14568 validation.go:28] Cannot validate kube-proxy config - no validator is available
W0604 10:35:00.523827   14568 validation.go:28] Cannot validate kubelet config - no validator is available
kubeadm join 192.168.254.100:6443 --token 7r3l16.5yzfksso5ty2zzie     --discovery-token-ca-cert-hash sha2

然后用上面输出的kubeadm join命令放到想要添加的节点中执行

解决办法二:

k8s api server不可达
此时需要检查和关闭所有服务器的firewalld和selinux

[root@master ~]#setenforce 0
[root@master ~]#sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
[root@master ~]#systemctl disable firewalld --now

报错:error execution phase preflight: unable to fetch the kubeadm-config ConfigMap: failed to get config map: Unauthorized

执行的操作:

k8s-node加入k8s-master时发生报错:

[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
error execution phase preflight: unable to fetch the kubeadm-config ConfigMap: failed to get config map: Unauthorized

原因:token令牌失效

解决:

#在master上执行
[root@k8s-master ~]# kubeadm token create       #生成新token
56ehzj.hpxea29zdu2w45hf
[root@k8s-master ~]# kubeadm token create --print-join-command         #生成加入集群的命令
kubeadm join 192.168.191.133:6443 --token wagma2.huev9ihugawippas     --discovery-token-ca-cert-hash sha256:9f90161043001c0c75fac7d61590734f844ee507526e948f3647d7b9cfc1362d 
#在node节点上执行
[root@k8s-node2 ~]# kubeadm join 192.168.191.133:6443 --token wagma2.huev9ihugawippas     --discovery-token-ca-cert-hash sha256:9f90161043001c0c75fac7d61590734f844ee507526e948f3647d7b9cfc1362d
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.14" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
#成功!

#可在master上查询node节点是否加入成功
[root@k8s-master ~]# kubectl get nodes

`

报错:error execution phase kubelet-start: configmaps “kubelet-config-1.19” is forbidden: User “system:bootstrap:xvnp3x” cannot get resource “configmaps” in API group “” in the namespace “kube-system”

node节点加入k8s集群失败

[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.19" ConfigMap in the kube-system namespace
error execution phase kubelet-start: configmaps "kubelet-config-1.19" is forbidden: User "system:bootstrap:xvnp3x" cannot get resource "configmaps" in API group "" in the namespace "kube-system"

报错:k8s-master与k8s-node上kubelet,kubeadm,kubectl版本不一致导致node加入master失败

操作了什么:

[root@k8s-node1 root]# kubeadm join 11.15.42.9:6443 --token 14wipl.w7quasjzx1um2nn3     --discovery-token-ca-cert-hash sha256:1b8ad1f8e140740d325beb52e6717f44abf34319a0baf09d10cf38695cbd5d94

报错信息:

[root@k8s-node1 root]# kubeadm join 11.15.4.19:6443 --token 14wipl.w7quasjzx1um2nn3     --discovery-token-ca-cert-hash sha256:1b8ad1f8e140740d325beb52e6717f44abf34319a0baf09d10cf38695cbd5d94
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
W0611 23:56:55.887488   26950 utils.go:69] The recommended value for "resolvConf" in "KubeletConfiguration" is: /run/systemd/resolve/resolv.conf; the provided value is: /etc/resolv.conf
error execution phase preflight: unable to fetch the kubeadm-config ConfigMap: this version of kubeadm only supports deploying clusters with the control plane version >= 1.22.0. Current version: v1.15.4
To see the stack trace of this error execute with --v=5 or higher

原因:

关键原因在于error log中的

this version of kubeadm only supports deploying clusters with the control plane version >= 1.22.0. Current version: v1.15.4

原因:

kubelet版本与master不一致(master上的版本:kubelet-1.14.0)

解决:

yum -y remove kubelet kubeadm kubectl      #卸载当前版本的kube系列
yum -y install kubelet-1.14.0
yum -y install kubectl-1.14.0
yum -y install kubeadm-1.14.0
systemctl start kubelet && systemctl enable kubelet 
kubeadm join 192.168.191.133:6443 --token xvnp3x.pl6i8ikcdoixkaf0 \
    --discovery-token-ca-cert-hash sha256:9f90161043001c0c75fac7d61590734f844ee507526e948f3647d7b9cfc1362d

报错:/etc/kubernetes/kubelet.conf already exists

[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
    [ERROR FileAvailable--etc-kubernetes-kubelet.conf]: /etc/kubernetes/kubelet.conf already exists
    [ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`

原因:

有残留文件

解决:

----------------8s-node上执行  ----------------------:
rm -rf /etc/kubernetes/kubelet.conf /etc/kubernetes/pki/ca.crt       #删除k8s配置文件和证书文件
kubeadm join 192.168.191.133:6443 --token xvnp3x.pl6i8ikcdoixkaf0 \
    --discovery-token-ca-cert-hash sha256:9f90161043001c0c75fac7d61590734f844ee507526e948f3647d7b9cfc1362d

k8s-node节点重新加入k8s-master

在使用k8s的过程中,相信很多人都遇到过使用kubeadm join命令,将node加入master时,出现error execution phase preflight: couldn’t validate the identity of the API Server: abort connecting to API servers after timeout of 5m0s错误,即节点纳入管理失败,五分钟后超时放弃连接。具体信息如下

[root@node1 ~]# kubeadm join 19.18.24.100:6443 --token 7r3l16.5yzfksxd5ty2zzie     --discovery-token-ca-cert-hash sha256:56281a8be264fa334bb98cac5206aa190527xc3180c9f397c253ece41d997e8a 
W0604 10:35:39.924306   13660 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
error execution phase preflight: couldn't validate the identity of the API Server: abort connecting to API servers after timeout of 5m0s
To see the stack trace of this error execute with --v=5 or higher

一、重置K8s node节点

[root@k8s-master root]# kubeadm reset

二、删除配置

[root@k8s-master root]# rm -rf $HOME/.kube/config
[root@k8s-master root]# rm -rf /var/lib/etcd

三、node节点重新加入k8s集群

[root@k8s-node root]# kubeadm join 12.18.26.10:16443 --token abcdef.0123456789abcdef

四、创建目录和配置

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
汇总k8sspanclasstokenkubernetes云计算运维

有关k8s报错收集汇总的更多相关文章

  1. 深度学习部署:Windows安装pycocotools报错解决方法 - 2

    深度学习部署:Windows安装pycocotools报错解决方法1.pycocotools库的简介2.pycocotools安装的坑3.解决办法更多Ai资讯:公主号AiCharm本系列是作者在跑一些深度学习实例时,遇到的各种各样的问题及解决办法,希望能够帮助到大家。ERROR:Commanderroredoutwithexitstatus1:'D:\Anaconda3\python.exe'-u-c'importsys,setuptools,tokenize;sys.argv[0]='"'"'C:\\Users\\46653\\AppData\\Local\\Temp\\pip-instal

  2. 常见网络安全产品汇总(私信发送思维导图) - 2

    安全产品安全网关类防火墙Firewall防火墙防火墙主要用于边界安全防护的权限控制和安全域的划分。防火墙•信息安全的防护系统,依照特定的规则,允许或是限制传输的数据通过。防火墙是一个由软件和硬件设备组合而成,在内外网之间、专网与公网之间的界面上构成的保护屏障。下一代防火墙•下一代防火墙,NextGenerationFirewall,简称NGFirewall,是一款可以全面应对应用层威胁的高性能防火墙,提供网络层应用层一体化安全防护。生产厂家•联想网御、CheckPoint、深信服、网康、天融信、华为、H3C等防火墙部署部署于内、外网编辑额,用于权限访问控制和安全域划分。UTM统一威胁管理(Un

  3. ruby - 在 Ruby 数组中收集重复项的最快/单行方法? - 2

    像这样转换数组的最快/单行方法是什么:[1,1,1,1,2,2,3,5,5,5,8,13,21,21,21]...进入像这样的对象数组:[{1=>4},{2=>2},{3=>1},{5=>3},{8=>1},{13=>1},{21=>3}] 最佳答案 要获得所需的格式,您可以附加一个调用以映射到您的解决方案:array.inject({}){|h,v|h[v]||=0;h[v]+=1;h}.map{|k,v|{k=>v}}虽然它仍然是单行的,但它开始变得凌乱了。 关于ruby-在Ruby

  4. ruby-on-rails - 报错 - 在 Snow Leopard 上安装 RVM - 2

    我正在尝试在我的SnowLeopard10.6.8上安装RVM,方法是:\curl-Lhttps://get.rvm.io|bash-sstable--ruby我得到这个错误:InstallingRubyfromsourceto:/Users/Villa/.rvm/rubies/ruby-2.0.0-p0,thismaytakeawhiledependingonyourcpu(s)...ruby-2.0.0-p0-#downloadingruby-2.0.0-p0,thismaytakeawhiledependingonyourconnection...ruby-2.0.0-p0-#e

  5. ruby - 符号的垃圾收集 Ruby 2.2.1 - 2

    所以从Ruby2.2+版本开始引入了符号垃圾回收。我在irb中编写了以下代码片段:before=Symbol.all_symbols.size#=>3331100_000.timesdo|i|"sym#{i}".to_symendSymbol.all_symbols.size#=>18835GC.startSymbol.all_symbols.size#=>3331因此,正如预期的那样,它收集了使用to_sym动态生成的所有符号。那么GC是如何知道收集哪些符号的呢?即使它们在程序中被引用,它会收集符号吗?符号垃圾回收是如何工作的?如果我创建的其中一个符号在程序中被引用,它还会收集它吗?

  6. ruby-on-rails - 收集 Rails 应用程序使用统计信息的最佳方式 - 2

    我有一个Rails应用程序,用户可以在其中设置他们的域并在其中发布内容。我需要收集公共(public)流量统计信息,例如网页浏览量等。此功能的一个很好的例子是我作为客户可以看到的flickr使用统计信息。问题是收集使用信息的最佳方式是什么。应该通过解析日志文件来完成还是应该在运行时收集并存储在数据库中?是否有任何工具或Rails插件已经提供了此功能?此解决方案应该可以很好地扩展,即使每月有数千个域和数百万次网页浏览。 最佳答案 GoogleAnalytics可能是您最好的选择... 关于

  7. 酷早报:10月21日全球Web3加密行业重大资讯大汇总 - 2

    2022年10月21日星期五【数据指标】加密货币总市值:$0.95万亿BTC市值占比:38.51%恐慌贪婪指数:23极度恐慌 【今日快讯】1、【政讯】1.1.1、美联储布拉德:市场预期美联储11月会加息75个基点1.1.2、美联储哈克:将维持加息一段时间1.2、美国10年期国债收益率触及4.197%,为2008年6月以来最高1.3、法国数字转型部长:政府将专注于DeFi和Web31.4、巴西ATM机将于11月3日起支持USDT1.5、美众议院副议长将于11月初加入a16zCrypto担任政府事务主管1.6、香港数字资产托管机构FirstDigitalTrust首席执行官:香港仍是安全

  8. Unity 报错No ‘git‘ executable was found. Please install Git on your system then restart - 2

    亲测可用。Anerroroccurredwhileresolvingpackages:Projecthasinvaliddependencies: com.unity.xxx:No'git'executablewasfound.PleaseinstallGitonyour  systemthenrestartUnityandUnityHub在我们使用PackageManager时,Unity允许我们使用Git上的package(点击加号,选择addpackagefromgitURL,或者是直接在Asset/Packages/manifest.json中添加包名)。但是这种操作需要我们事先装好g

  9. ruby - ActiveRecords 选择(:id). 收集与采摘(:id) methods: Why is pure AR "pluck" slower? - 2

    我正在尝试从我的文章模型中获取所有ID。我可以通过两种方式做到这一点:Article.select(:id).collect{|a|a.id}ArticleLoad(2.6ms)SELECT"articles"."id"FROM"articles"或2.2.1:006>Article.pluck(:id)(4.3ms)SELECT"articles"."id"FROM"articles"什么给了?为什么AR比Ruby版本慢?即使我对Ruby方法进行基准测试,它似乎也更快:Benchmark.measure{Article.select(:id).collect{|a|a.id}}Art

  10. ruby-on-rails - Rails/Ruby创建数据库报错: Unable to load the EventMachine C extension - 2

    更新:eventmachinegem已安装并在我的gemfile中:eventmachine(1.0.0,0.12.10)请帮忙!尝试使用以下内容创建数据库:Fitzs-MacBook-Pro:twilio_insanityFitz$rakedb:create'返回以下错误:UnabletoloadtheEventMachineCextension;Tousethepure-rubyreactor,require'em/pure_ruby'rakeaborted!cannotloadsuchfile--rubyeventmachine/Users/Fitz/.rvm/gems/ruby

随机推荐