我正在尝试在 HA 中创建一个 K8S 集群。我创建了 2 个虚拟机,一个用作负载均衡器,另一个用作主节点。
负载均衡器有一个简单的 NGINX 服务器,其配置如下
events {}
http {
upstream backend {
server <master ip>:6443;
}
# This server accepts all traffic to port 80 and passes it to the upstream.
# Notice that the upstream name and the proxy_pass need to match.
server {
listen 6443 ssl;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
location / {
proxy_pass https://backend;
}
}
}
已由server.crt
我公司CA签署的证书ca.crt
我ca.crt
从负载均衡器复制到主节点下/usr/share/ca-certificates
并尝试kubeadm init
sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --control-plane-endpoint <my-domain-name>
但 kubeadm 仍然无法识别 CA 证书。它显示
"Unable to register node with API server" err="Post \"https://<my-domain-name>:6443/api/v1/nodes\": x509: certificate signed by unknown authority" node="master01"
有什么线索吗?谢谢