此问题来自以下文档如何使用 Kubespray 部署 Kubernetes我逐字逐句地遵循了他们的文档,并得出了这一点:
ansible -i inventory.ini -m ping all
该文档概述了使用 Kubespray 和 Terraform 将 Kubernetes 部署到 UpCloud 的所有必要步骤。如前所述,我可以执行所有命令,直到命中命令:ansible -i inventory.ini -m ping all
Enter passphrase for key '/home/summer/.ssh/id_rsa':
kubespray-worker-2 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nubuntu@<IP address>: Permission denied (publickey).",
"unreachable": true
}
Enter passphrase for key '/home/summer/.ssh/id_rsa':
kubespray-worker-0 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nConnection closed by <IP address> port 22",
"unreachable": true
}
Enter passphrase for key '/home/summer/.ssh/id_rsa':
kubespray-worker-1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nubuntu@<IP address>: Permission denied (publickey).",
"unreachable": true
}
kubespray-master-0 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nubuntu@<IP address>: Permission denied (publickey).",
"unreachable": true
}
请注意:上图中用白色墨水隐藏的区域是分配给每个节点的公共 IP 地址。
我可以通过点击来远程访问 Ubuntu 服务器:ssh <username>@<ip_address>。以下是快照,cluster-settings.tfvars看看我是否搞砸了什么:
zone = "fe-fxfx"
username = "ubuntu"
# Prefix to use for all resources to separate them from other resources
prefix = "kubespray"
inventory_file = "inventory.ini"
# Set the operating system using UUID or exact name
template_name = "Ubuntu Server 20.04 LTS (Focal Fossa)"
ssh_public_keys = [
# Put your public SSH key here
"removed the Public Key for security reasons",
]
另外,文件中的图像cluster-settings,tfvars可供参考:
集群设置.tfvars
ping 节点的结果也是不规则的,从某种意义上说,如果master-0在一次尝试中成功 ping 了某个节点,那么在另一次尝试中,所有节点都无法 ping 通(再次尝试时)。而有时worker-2ping 通了,其他节点则无法 ping 通。
答案1
在咨询了一位前辈后,我找到了这个问题的答案。首先,SSH 密钥对需要在没有密码的情况下生成,或者如果你使用带有密码的密钥对,只需传递此命令即可禁用它:
ssh-keygyen使用选项运行-p。
ssh-keygen -p
我建议你在 SSH 密钥对所在的目录中执行此操作,或者使用以下命令指定它-f ~/<username>/.ssh/id_rsa
如果您正确完成上述步骤,系统将提示您输入现有密码:
Enter old passphrase:
之后,输入新密码[基本上留空]并确认:
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
如果成功的话,你会得到以下提示:
Your identification has been saved with the new passphrase.
笔记:这些步骤可用于删除或更改密码。
下一个
文件中cluster-settings.tfvars有两个地方"enter your SSH key here"可以输入公钥。不必同时输入两个。就我而言,我只使用了一个公钥,并确保密钥对在 SSH 代理中可用。