kubelet 服务显示以下错误
Apr 05 14:13:06 estk8worker0 kubelet[90209]: E0405 14:13:06.863258 90209 kubelet_node_status.go:92] "Unable to register node with API server" err="Post \"https://:6443/api/v1/nodes\": dial tcp :6443: connect: connection refused" node="estk8worker0"
Apr 05 14:13:07 estk8worker0 kubelet[90209]: I0405 14:13:07.372642 90209 csi_plugin.go:913] Failed to contact API server when waiting for CSINode publishing: Get "https://:6443/apis/storage.k8s.io/v1/csinodes/estk8worker0": dial tcp :6443: connect: connection refused
Apr 05 14:13:08 estk8worker0 kubelet[90209]: I0405 14:13:08.372057 90209 csi_plugin.go:913] Failed to contact API server when waiting for CSINode publishing: Get "https://:6443/apis/storage.k8s.io/v1/csinodes/estk8worker0": dial tcp :6443: connect: connection refused
The apiserver is up and running
kube-apiserver.service - Kubernetes API Server
Loaded: loaded (/etc/systemd/system/kube-apiserver.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2024-04-04 17:22:40 UTC; 21h ago
Docs: https://github.com/kubernetes/kubernetes
Main PID: 119721 (kube-apiserver)
Tasks: 11 (limit: 19072)
Memory: 484.5M
CPU: 42min 37.863s
CGroup: /system.slice/kube-apiserver.service
└─119721 /usr/local/bin/kube-apiserver --advertise-address=10.38.200.196 --allow-privileged=true --apiserver-count=3 --audit-policy-file=/etc/ku>
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: I0405 08:43:14.611060 119721 trace.go:219] Trace[2100452031]: "List(recursive=true) etcd3" audit-id:,ke>
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: Trace[2100452031]: [1.170976436s] [1.170976436s] END
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: W0405 08:43:14.611216 119721 lease.go:251] Resetting endpoints for master service "kubernetes" to [10.3>
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: I0405 08:43:14.613173 119721 trace.go:219] Trace[1477411480]: "Get" accept:application/vnd.kubernetes.p>
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: Trace[1477411480]: ---"About to write a response" 3369ms (08:43:14.612)
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: Trace[1477411480]: [3.369766256s] [3.369766256s] END
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: I0405 08:43:15.444195 119721 trace.go:219] Trace[1657227180]: "Update" accept:application/vnd.kubernete>
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: Trace[1657227180]: ["GuaranteedUpdate etcd3" audit-id:6318bde0-93c0-4538-9756-47bbfa78a573,key:/services>
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: Trace[1657227180]: ---"Txn call completed" 830ms (08:43:15.444)]
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: Trace[1657227180]: [831.732132ms] [831.732132ms] END
below is the kubelet config file
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
anonymous:
enabled: false
webhook:
enabled: true
x509:
clientCAFile: "/var/lib/kubernetes/ca.pem"
authorization:
mode: Webhook
clusterDomain: "cluster.local"
clusterDNS:
- "10.32.0.10"
podCIDR: "10.200.x.0/24"
resolvConf: "/run/systemd/resolve/resolv.conf"
runtimeRequestTimeout: "15m"
tlsCertFile: "/var/lib/kubelet/estk8worker0.pem"
tlsPrivateKeyFile: "/var/lib/kubelet/estk8worker0-key.pem"
apiServer:
server:
- "https://10.38.200.196:6443"
- "https://10.38.200.191:6443"
- "https://10.38.200.198:6443"
Apiserver systemd 文件如下
Documentation=https://github.com/kubernetes/kubernetes
[Service]
ExecStart=/usr/local/bin/kube-apiserver \
--advertise-address=10.38.200.196 \
--allow-privileged=true \
--apiserver-count=3 \
--audit-policy-file=/etc/kubernetes/audit-policy.yaml \
--audit-log-maxage=30 \
--audit-log-maxbackup=3 \
--audit-log-maxsize=100 \
--audit-log-path=/var/log/audit.log \
--authorization-mode=Node,RBAC \
--bind-address=0.0.0.0 \
--client-ca-file=/var/lib/kubernetes/ca.pem \
--enable-admission-plugins=NamespaceLifecycle,NodeRestriction,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota \
--etcd-cafile=/var/lib/kubernetes/ca.pem \
--etcd-certfile=/var/lib/kubernetes/kubernetes.pem \
--etcd-keyfile=/var/lib/kubernetes/kubernetes-key.pem \
--etcd-servers=https://10.38.200.196:2379,https://10.38.200.191:2379,https://10.38.200.198:2379 \
--event-ttl=1h \
--encryption-provider-config=/var/lib/kubernetes/encryption-config.yaml \
--kubelet-certificate-authority=/var/lib/kubernetes/ca.pem \
--kubelet-client-certificate=/var/lib/kubernetes/kubernetes.pem \
--kubelet-client-key=/var/lib/kubernetes/kubernetes-key.pem \
--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname \
--proxy-client-cert-file=/var/lib/kubernetes/front-proxy.pem \
--proxy-client-key-file=/var/lib/kubernetes/front-proxy-key.pem \
--requestheader-allowed-names=front-proxy-client \
--requestheader-client-ca-file=/var/lib/kubernetes/ca.pem\
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \
--runtime-config='api/all=true' \
--secure-port=6443 \
--service-account-issuer=https://:6443 \
--service-account-key-file=/var/lib/kubernetes/service-account.pem \
--service-account-signing-key-file=/var/lib/kubernetes/service-account-key.pem \
--service-cluster-ip-range=10.32.0.0/24 \
--service-node-port-range=30000-32767 \
--tls-cert-file=/var/lib/kubernetes/kubernetes.pem \
--tls-private-key-file=/var/lib/kubernetes/kubernetes-key.pem \
--v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target