安装HA master的时候报证书错误

[sunnyguohua]

我是全离线安装，脚本下载到本地运行，安装HA master的时候报错： [discovery] Created cluster-info discovery client, requesting info from "https://192.168.240.200:6443" [discovery] Failed to request cluster info, will try again: [Get https://192.168.240.200:6443/api/v1/namespaces/kube-public/configmaps/cluster-info: dial tcp 192.168.240.200:6443: connect: connection refused]

本地curl 发现证书错误: If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).

[root@localhost ~]# cat cluster-info

CP0_IP=192.168.240.201 CP1_IP=192.168.240.202 CP2_IP=192.168.240.203 VIP=192.168.240.200 NET_IF=ens33 CIDR=10.244.0.0/16

可能是什么原因？

[lentil1016]

请检查三台master节点的主机时间是否相同

[sunnyguohua]

设置了ntpd；手动访问，报证书错误: curl https://192.168.240.200:6443/api/v1/namespaces/kube-public/configmaps/cluster-info curl: (60) Peer's Certificate issuer is not recognized. More details here: http://curl.haxx.se/docs/sslcerts.html

[lentil1016]

curl -Lk https://192.168.240.200:6443/api/v1/namespaces/kube-public/configmaps/cluster-info

如果依然有问题，请在确保时间相同的情况下重新执行脚本建立集群

[sunnyguohua]

curl -Lk https://192.168.240.200:6443/api/v1/namespaces/kube-public/configmaps/cluster-info 没有问题； 此问题可能是VIP设置和时间同步引起的。

通过修改时间同步和设置VIP锚定master1（临时），该问题已解决，谢谢！