search

kubesphere / kubesphere

The container platform tailored for Kubernetes multi-cloud, datacenter, and edge management ⎈ 🖥 ☁️
https://kubesphere.io
Other
15.21k stars 2.16k forks source link

kubesphere v.3.1.0host集群升级3.2.1出现如下问题 #4654

Closed vak80-ai closed 2 years ago

vak80-ai commented 2 years ago

Waiting for all tasks to be completed ... task alerting status is successful (1/10) task network status is successful (2/10) task openpitrix status is successful (3/10) task auditing status is successful (4/10) task logging status is successful (5/10) task kubeedge status is successful (6/10) task events status is successful (7/10) task devops status is successful (8/10) task monitoring status is successful (9/10) task multicluster status is failed (10/10)

Collecting installation results ...

Task 'multicluster' failed:

{ "counter": 65, "created": "2022-02-06T04:06:25.908961", "end_line": 67, "event": "runner_on_failed", "event_data": { "duration": 753.149276, "end": "2022-02-06T04:06:25.907925", "event_loop": null, "host": "localhost", "ignore_errors": null, "play": "localhost", "play_pattern": "localhost", "play_uuid": "aacea4ce-7a7e-ee0f-b9ff-000000000005", "playbook": "/kubesphere/playbooks/multicluster.yaml", "playbook_uuid": "0e3766c3-7320-4712-805d-3a94464bb48a", "remote_addr": "127.0.0.1", "res": { "_ansible_no_log": false, "attempts": 10, "changed": true, "cmd": "/usr/local/bin/helm upgrade --install kubefed /kubesphere/kubesphere/kubefed/kubefed -f /kubesphere/kubesphere/kubefed/custom-values-kubefed.yaml --namespace kube-federation-system --wait --timeout 1800s\n", "delta": "0:00:05.566455", "end": "2022-02-06 12:06:25.842822", "invocation": { "module_args": { "_raw_params": "/usr/local/bin/helm upgrade --install kubefed /kubesphere/kubesphere/kubefed/kubefed -f /kubesphere/kubesphere/kubefed/custom-values-kubefed.yaml --namespace kube-federation-system --wait --timeout 1800s\n", "_uses_shell": true, "argv": null, "chdir": null, "creates": null, "executable": null, "removes": null, "stdin": null, "stdin_add_newline": true, "strip_empty_ends": true, "warn": true } }, "msg": "non-zero return code", "rc": 1, "start": "2022-02-06 12:06:20.276367", "stderr": "Error: UPGRADE FAILED: failed to create resource: Internal error occurred: failed calling webhook \"federatedtypeconfigs.core.kubefed.io\": Post \"https://kubefed-admission-webhook.kube-federation-system.svc:443/validate-federatedtypeconfigs?timeout=30s\": x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"kubefed-admission-webhook-ca\")", "stderr_lines": [ "Error: UPGRADE FAILED: failed to create resource: Internal error occurred: failed calling webhook \"federatedtypeconfigs.core.kubefed.io\": Post \"https://kubefed-admission-webhook.kube-federation-system.svc:443/validate-federatedtypeconfigs?timeout=30s\": x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"kubefed-admission-webhook-ca\")" ], "stdout": "", "stdout_lines": [] }, "role": "ks-multicluster", "start": "2022-02-06T03:53:52.758649", "task": "Kubefed | Initing kube-federation-system", "task_action": "command", "task_args": "", "task_path": "/kubesphere/installer/roles/ks-multicluster/tasks/main.yml:51", "task_uuid": "aacea4ce-7a7e-ee0f-b9ff-00000000001f", "uuid": "3d395d9a-401f-4e36-a1ef-55985483a1ed" }, "parent_uuid": "aacea4ce-7a7e-ee0f-b9ff-00000000001f", "pid": 7083, "runner_ident": "multicluster", "start_line": 66, "stdout": "fatal: [localhost]: FAILED! => {\"attempts\": 10, \"changed\": true, \"cmd\": \"/usr/local/bin/helm upgrade --install kubefed /kubesphere/kubesphere/kubefed/kubefed -f /kubesphere/kubesphere/kubefed/custom-values-kubefed.yaml --namespace kube-federation-system --wait --timeout 1800s\n\", \"delta\": \"0:00:05.566455\", \"end\": \"2022-02-06 12:06:25.842822\", \"msg\": \"non-zero return code\", \"rc\": 1, \"start\": \"2022-02-06 12:06:20.276367\", \"stderr\": \"Error: UPGRADE FAILED: failed to create resource: Internal error occurred: failed calling webhook \\"federatedtypeconfigs.core.kubefed.io\\": Post \\"https://kubefed-admission-webhook.kube-federation-system.svc:443/validate-federatedtypeconfigs?timeout=30s\\": x509: certificate signed by unknown authority (possibly because of \\"crypto/rsa: verification error\\" while trying to verify candidate authority certificate \\"kubefed-admission-webhook-ca\\")\", \"stderr_lines\": [\"Error: UPGRADE FAILED: failed to create resource: Internal error occurred: failed calling webhook \\"federatedtypeconfigs.core.kubefed.io\\": Post \\"https://kubefed-admission-webhook.kube-federation-system.svc:443/validate-federatedtypeconfigs?timeout=30s\\": x509: certificate signed by unknown authority (possibly because of \\"crypto/rsa: verification error\\" while trying to verify candidate authority certificate \\"kubefed-admission-webhook-ca\\")\"], \"stdout\": \"\", \"stdout_lines\": []}", "uuid": "3d395d9a-401f-4e36-a1ef-55985483a1ed"

oldthreefeng commented 2 years ago

大佬解决了么? 我这边直接部署3.2.1 出了这个问题。 卸载重装还有这个问题。

Minor:"20+", GitVersion:"v1.20.11-aliyun.1", GitCommit:"744267e4d2463f6e8a46e174166f387c65e6ea7d",

xiaoping378 commented 2 years ago

很诡异的问题,我也遇到了, 这个现象不知道怎么导致的,可以如下修复

validatingwebhookconfiguraitons里的caBundle和 secret里的tls.crt明明是一致的

修改向apiserver注册的根证书,和webhook里secret使用的保持一致

把tls.crt复制覆盖掉这两处的caBundle,重启 ns/kube-federation-system里的controller-manager,即可解决问题

xiaoping378 commented 2 years ago

可能上游已经修了这个问题, https://github.com/kubernetes-sigs/kubefed/pull/1490

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

stale[bot] commented 2 years ago

This issue is being automatically closed due to inactivity.