尝试在 Ubuntu 22 上从头设置 K8 集群,但 kubelet 无法注册节点

尝试在 Ubuntu 22 上从头设置 K8 集群,但 kubelet 无法注册节点

kubelet 服务显示以下错误

Apr 05 14:13:06 estk8worker0 kubelet[90209]: E0405 14:13:06.863258   90209 kubelet_node_status.go:92] "Unable to register node with API server" err="Post \"https://:6443/api/v1/nodes\": dial tcp :6443: connect: connection refused" node="estk8worker0"
Apr 05 14:13:07 estk8worker0 kubelet[90209]: I0405 14:13:07.372642   90209 csi_plugin.go:913] Failed to contact API server when waiting for CSINode publishing: Get "https://:6443/apis/storage.k8s.io/v1/csinodes/estk8worker0": dial tcp :6443: connect: connection refused
Apr 05 14:13:08 estk8worker0 kubelet[90209]: I0405 14:13:08.372057   90209 csi_plugin.go:913] Failed to contact API server when waiting for CSINode publishing: Get "https://:6443/apis/storage.k8s.io/v1/csinodes/estk8worker0": dial tcp :6443: connect: connection refused

The apiserver is up and running 
kube-apiserver.service - Kubernetes API Server
     Loaded: loaded (/etc/systemd/system/kube-apiserver.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2024-04-04 17:22:40 UTC; 21h ago
       Docs: https://github.com/kubernetes/kubernetes
   Main PID: 119721 (kube-apiserver)
      Tasks: 11 (limit: 19072)
     Memory: 484.5M
        CPU: 42min 37.863s
     CGroup: /system.slice/kube-apiserver.service
             └─119721 /usr/local/bin/kube-apiserver --advertise-address=10.38.200.196 --allow-privileged=true --apiserver-count=3 --audit-policy-file=/etc/ku>

Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: I0405 08:43:14.611060  119721 trace.go:219] Trace[2100452031]: "List(recursive=true) etcd3" audit-id:,ke>
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: Trace[2100452031]: [1.170976436s] [1.170976436s] END
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: W0405 08:43:14.611216  119721 lease.go:251] Resetting endpoints for master service "kubernetes" to [10.3>
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: I0405 08:43:14.613173  119721 trace.go:219] Trace[1477411480]: "Get" accept:application/vnd.kubernetes.p>
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: Trace[1477411480]: ---"About to write a response" 3369ms (08:43:14.612)
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: Trace[1477411480]: [3.369766256s] [3.369766256s] END
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: I0405 08:43:15.444195  119721 trace.go:219] Trace[1657227180]: "Update" accept:application/vnd.kubernete>
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: Trace[1657227180]: ["GuaranteedUpdate etcd3" audit-id:6318bde0-93c0-4538-9756-47bbfa78a573,key:/services>
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: Trace[1657227180]:  ---"Txn call completed" 830ms (08:43:15.444)]
Apr 05 08:43:15 estk8master0 kube-apiserver[119721]: Trace[1657227180]: [831.732132ms] [831.732132ms] END

 below is the kubelet config file 


kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
  anonymous:
    enabled: false
  webhook:
    enabled: true
  x509:
    clientCAFile: "/var/lib/kubernetes/ca.pem"
authorization:
  mode: Webhook
clusterDomain: "cluster.local"
clusterDNS:
  - "10.32.0.10"
podCIDR: "10.200.x.0/24"
resolvConf: "/run/systemd/resolve/resolv.conf"
runtimeRequestTimeout: "15m"
tlsCertFile: "/var/lib/kubelet/estk8worker0.pem"
tlsPrivateKeyFile: "/var/lib/kubelet/estk8worker0-key.pem"

apiServer:
  server: 
    - "https://10.38.200.196:6443"
    - "https://10.38.200.191:6443"
    - "https://10.38.200.198:6443"

Apiserver systemd 文件如下

Documentation=https://github.com/kubernetes/kubernetes
[Service]
ExecStart=/usr/local/bin/kube-apiserver \
  --advertise-address=10.38.200.196 \
  --allow-privileged=true \
  --apiserver-count=3 \
  --audit-policy-file=/etc/kubernetes/audit-policy.yaml \
  --audit-log-maxage=30 \
  --audit-log-maxbackup=3 \
  --audit-log-maxsize=100 \
  --audit-log-path=/var/log/audit.log \
  --authorization-mode=Node,RBAC \
  --bind-address=0.0.0.0 \
  --client-ca-file=/var/lib/kubernetes/ca.pem \
  --enable-admission-plugins=NamespaceLifecycle,NodeRestriction,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota \
  --etcd-cafile=/var/lib/kubernetes/ca.pem \
  --etcd-certfile=/var/lib/kubernetes/kubernetes.pem \
  --etcd-keyfile=/var/lib/kubernetes/kubernetes-key.pem \
  --etcd-servers=https://10.38.200.196:2379,https://10.38.200.191:2379,https://10.38.200.198:2379 \
  --event-ttl=1h \
  --encryption-provider-config=/var/lib/kubernetes/encryption-config.yaml \
  --kubelet-certificate-authority=/var/lib/kubernetes/ca.pem \
  --kubelet-client-certificate=/var/lib/kubernetes/kubernetes.pem \
  --kubelet-client-key=/var/lib/kubernetes/kubernetes-key.pem \
  --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname \
  --proxy-client-cert-file=/var/lib/kubernetes/front-proxy.pem \
  --proxy-client-key-file=/var/lib/kubernetes/front-proxy-key.pem \
  --requestheader-allowed-names=front-proxy-client \
  --requestheader-client-ca-file=/var/lib/kubernetes/ca.pem\
  --requestheader-extra-headers-prefix=X-Remote-Extra- \
  --requestheader-group-headers=X-Remote-Group \
  --requestheader-username-headers=X-Remote-User \
  --runtime-config='api/all=true' \
  --secure-port=6443 \
  --service-account-issuer=https://:6443 \
  --service-account-key-file=/var/lib/kubernetes/service-account.pem \
  --service-account-signing-key-file=/var/lib/kubernetes/service-account-key.pem \
  --service-cluster-ip-range=10.32.0.0/24 \
  --service-node-port-range=30000-32767 \
  --tls-cert-file=/var/lib/kubernetes/kubernetes.pem \
  --tls-private-key-file=/var/lib/kubernetes/kubernetes-key.pem \
  --v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target

相关内容