search

rootsongjc / kubernetes-handbook

Kubernetes中文指南/云原生应用架构实战手册
https://jimmysong.io/book/kubernetes-handbook
Creative Commons Attribution 4.0 International
11.11k stars 2.95k forks source link

csr请求重复的问题 #311

Closed ghost closed 5 years ago

ghost commented 5 years ago

环境

版本和配置信息

kubectl get csr出现许多csr请求

y7q8nh1btqm0 o8ryat10r

使用kubectl get nodes可以看到node已经是ready _ ozl7 42e3 b59 8x 6h 9

master的三个组件也是健康的 rd v ie_ao 9 kv w08o3l 下面是apiserver的配置:

OPTIONS="--advertise-address=0.0.0.0 
--external-hostname=master.pengjinyi.com
--bind-address=0.0.0.0
 --tls-cert-file=/etc/kubernetes/pki/kube-apiserver.pem
--tls-private-key-file=/etc/kubernetes/pki/kube-apiserver-key.pem
 --enable-swagger-ui
 --client-ca-file=/etc/kubernetes/pki/ca.pem
  --service-account-key-file=/etc/kubernetes/pki/service.key 
-authorization-mode=RBAC,Node  
--enable-admission-plugins=Initializers,NamespaceLifecycle,NodeRestriction,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
 --allow-privileged=true 
--kubelet-certificate-authority=/etc/kubernetes/pki/ca.pem 
--kubelet-client-certificate=/etc/kubernetes/pki/kube-apiserver-kubelet-client.pem 
--kubelet-client-key=/etc/kubernetes/pki/kube-apiserver-kubelet-client-key.pem 
 --service-cluster-ip-range=10.0.0.0/16 
--insecure-port=0 
--token-auth-file=/etc/kubernetes/token.csv"
ETCD_SERVERS="--etcd-servers=\"https://172.18.1.91:2379,https://172.18.1.92:2379,https://172.18.1.93:2379\""
ETCD_CERT="--etcd-cafile=/etc/kubernetes/pki/etcd/ca.pem --etcd-certfile=/etc/kubernetes/pki/etcd/etcd-client.pem 
--etcd-keyfile=/etc/kubernetes/pki/etcd/etcd-client-key.pem"

kube-controller-manager的配置:

OPTIONS="--v=4 --use-service-account-credentials  
--cluster-name=default-cluster 
--controllers=*,bootstrapsigner,tokencleaner 
--client-ca-file=/etc/kubernetes/pki/ca.pem
--cluster-signing-cert-file=/etc/kubernetes/pki/ca.pem 
--cluster-signing-key-file=/etc/kubernetes/pki/ca-key.pem
 --service-account-private-key-file=/etc/kubernetes/pki/service.key 
--kubeconfig=/etc/kubernetes/controller-manager.kube 
--leader-elect=false"

kubelet的配置:

OPTIONS="--bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig 
--cert-dir=/var/lib/kubelet/pki 
--client-ca-file=/etc/kubernetes/pki/ca.pem 
--cluster-dns=10.0.0.2
 --cluster-domain=cluster.local 
--kubeconfig=/etc/kubernetes/schedule.kube --logtostderr
 --rotate-certificates
 --rotate-server-certificates 
--v=4 
--pod-infra-container-image=k8s.gcr.io/pause:3.1"

三台节点的时间服务chronyd也启动了

ghost commented 5 years ago

昨天也使用ntpdate手动同步过时间

ghost commented 5 years ago

kube-controller-manager服务不能开机启动 2018-11-14 15-38-41 2018-11-14 15-39-14

ghost commented 5 years ago

但是使用systemctl start kube-controller-manager是没有问题的,日志也没有报错 2018-11-14 15-41-25

ghost commented 5 years ago

我把新生成的csr请求approve后,知道现在也没有生成csr请求,但是第二天早上看又会出现

llussy commented 5 years ago

我也遇到了同样的问题,请问您的是怎么解决的?