Unable to connect to the server: x509: certificate is valid for kubernetes, kubernetes.default, kube...
阿新 • • 發佈:2021-01-13
技術標籤:問題解決kubernetesetcdjsondockerjava
k8s部署問題簡記
Unable to connect to the server: x509: certificate is valid for kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster, kubernetes.default.svc.cluster.local., not kube-master
看到這個錯誤,請注意最後not後的引數,我這裡是 kube-master
,請將這個值新增到 kubernetes-csr.json
cat > kubernetes-csr.json <<EOF { "CN": "kubernetes-master", "hosts": [ "127.0.0.1", "kube-master", ##這裡加上master節點的名稱對映 "192.168.87.143", "192.168.87.144", "192.168.87.145", "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster", "kubernetes.default.svc.cluster.local." ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "BeiJing", "L": "BeiJing", "O": "k8s", "OU": "opsnull" } ] } EOF
重新生成 kubernets證書和金鑰,舉例
cfssl gencert -ca=/opt/k8s/work/ca.pem \
-ca-key=/opt/k8s/work/ca-key.pem \
-config=/opt/k8s/work/ca-config.json \
-profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes
ls kubernetes*pem
cp kubernetes*pem /etc/kubernetes/cert
重啟 kube-apiserver
systemctl restart kube-apiserver
測試
kubectl cluster-info
出現下圖說明正常了