search

flannel-io / flannel

flannel is a network fabric for containers, designed for Kubernetes
Apache License 2.0
8.6k stars 2.87k forks source link

flannel log: failed to verify certificate: x509: certificate signed by unknown authority #1936

Closed jiangxiaobin96 closed 1 month ago

jiangxiaobin96 commented 2 months ago

Applying kube-flannel pod failed.
The cni of this cluster has been built by calico. After i got this cluster, run kubeadm reset to clear cluster and rebuild it again. But flannel cannot work, here is the output:

  1. node information 
    $ sudo kubectl get nodes --kubeconfig ~/.kube/config 
NAME          STATUS   ROLES           AGE   VERSION
work10   Ready    control-plane   23h   v1.28.2
  2. pod information 
    $ sudo kubectl get all -A --kubeconfig ~/.kube/config 
NAMESPACE      NAME                                      READY   STATUS             RESTARTS          AGE
kube-flannel   pod/kube-flannel-ds-mhqg7                 0/1     CrashLoopBackOff   273 (4m31s ago)   22h
kube-system    pod/coredns-66f779496c-m88kk              0/1     Running            0                 23h
kube-system    pod/coredns-66f779496c-mqlvm              0/1     Running            0                 23h
  3. pod/kube-flannel-ds-mhqg7 log 
    $ sudo kubectl logs pod/kube-flannel-ds-mhqg7 -n kube-flannel --kubeconfig ~/.kube/config 
Defaulted container "kube-flannel" out of: kube-flannel, install-cni-plugin (init), install-cni (init)
I0411 15:33:29.805563       1 main.go:209] CLI flags config: {etcdEndpoints:http://127.0.0.1:4001,http://127.0.0.1:2379 etcdPrefix:/coreos.com/network etcdKeyfile: etcdCertfile: etcdCAFile: etcdUsername: etcdPassword: version:false kubeSubnetMgr:true kubeApiUrl: kubeAnnotationPrefix:flannel.alpha.coreos.com kubeConfigFile: iface:[] ifaceRegex:[] ipMasq:true ifaceCanReach: subnetFile:/run/flannel/subnet.env publicIP: publicIPv6: subnetLeaseRenewMargin:60 healthzIP:0.0.0.0 healthzPort:0 iptablesResyncSeconds:5 iptablesForwardRules:true netConfPath:/etc/kube-flannel/net-conf.json setNodeNetworkUnavailable:true}
W0411 15:33:29.805639       1 client_config.go:617] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
E0411 15:33:29.814160       1 main.go:226] Failed to create SubnetManager: error retrieving pod spec for 'kube-flannel/kube-flannel-ds-mhqg7': Get "https://10.96.0.1:443/api/v1/namespaces/kube-flannel/pods/kube-flannel-ds-mhqg7": tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")

Your Environment