kubernetes - 无法向 API 服务器注册节点“节点名称”:未经授权
问题描述
我在裸机(无提供者)上使用 kubernetes 1.13.2。
我之前已经设置了一个主节点和一个工作节点,但现在我的新工作节点无法加入集群并在尝试注册时收到“未授权”消息
我已经在我的主人上更新了我的令牌,并创建了一个新的加入命令。但加入后仍然收到“未经授权”的回复
发送kubeadm join ...命令后,超时
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "node-name" as an annotation
[kubelet-check] Initial timeout of 40s passed.
error uploading crisocket: timed out waiting for the condition
这是我在journalctl -u kubelet中得到的
Apr 22 20:31:13 node-name kubelet[18567]: I0422 20:31:13.399059 18567 kubelet_node_status.go:278] Setting node annotation to enable volume controller attach/detach
Apr 22 20:31:13 node-name kubelet[18567]: I0422 20:31:13.404930 18567 kubelet_node_status.go:72] Attempting to register node node-name
Apr 22 20:31:13 node-name kubelet[18567]: E0422 20:31:13.406863 18567 kubelet_node_status.go:94] Unable to register node "node-name" with API server: Unauthorized
Apr 22 20:31:13 node-name kubelet[18567]: E0422 20:31:13.407096 18567 event.go:203] Server rejected event '&v1.Event{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"node-name.1597fce5edba5ee6", GenerateName:"", Namespace:"default", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Initializers:(*v1.Initializers)(nil), Finalizers:[]string(nil), ClusterName:""}, InvolvedObject:v1.ObjectReference{Kind:"Node", Namespace:"", Name:"node-name", UID:"node-name", APIVersion:"", ResourceVersion:"", FieldPath:""}, Reason:"NodeHasSufficientMemory", Message:"Node node-name status is now: NodeHasSufficientMemory", Source:v1.EventSource{Component:"kubelet", Host:"node-name"}, FirstTimestamp:v1.Time{Time:time.Time{wall:0xbf27bf9d2c75d6e6, ext:897526251, loc:(*time.Location)(0x71d3440)}}, LastTimestamp:v1.Time{Time:time.Time{wall:0xbf27bfa05821f203, ext:13556483910, loc:(*time.Location)(0x71d3440)}}, Count:8, Type:"Normal", EventTime:v1.MicroTime{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, Series:(*v1.EventSeries)(nil), Action:"", Related:(*v1.ObjectReference)(nil), ReportingController:"", ReportingInstance:""}': 'Unauthorized' (will not retry!)
Apr 22 20:31:13 node-name kubelet[18567]: E0422 20:31:13.409745 18567 event.go:203] Server rejected event '&v1.Event{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"node-name.1597fce5edba8b6c", GenerateName:"", Namespace:"default", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Initializers:(*v1.Initializers)(nil), Finalizers:[]string(nil), ClusterName:""}, InvolvedObject:v1.ObjectReference{Kind:"Node", Namespace:"", Name:"node-name", UID:"node-name", APIVersion:"", ResourceVersion:"", FieldPath:""}, Reason:"NodeHasSufficientPID", Message:"Node node-name status is now: NodeHasSufficientPID", Source:v1.EventSource{Component:"kubelet", Host:"node-name"}, FirstTimestamp:v1.Time{Time:time.Time{wall:0xbf27bf9d2c76036c, ext:897537648, loc:(*time.Location)(0x71d3440)}}, LastTimestamp:v1.Time{Time:time.Time{wall:0xbf27bfa0582242b8, ext:13556504573, loc:(*time.Location)(0x71d3440)}}, Count:8, Type:"Normal", EventTime:v1.MicroTime{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, Series:(*v1.EventSeries)(nil), Action:"", Related:(*v1.ObjectReference)(nil), ReportingController:"", ReportingInstance:""}': 'Unauthorized' (will not retry!)
Apr 22 20:31:13 node-name kubelet[18567]: E0422 20:31:13.476603 18567 kubelet.go:2266] node "node-name" not found
Apr 22 20:31:13 node-name kubelet[18567]: E0422 20:31:13.576911 18567 kubelet.go:2266] node "node-name" not found
Apr 22 20:31:13 node-name kubelet[18567]: E0422 20:31:13.630766 18567 reflector.go:134] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: Unauthorized
Apr 22 20:31:13 node-name kubelet[18567]: E0422 20:31:13.631616 18567 reflector.go:134] k8s.io/kubernetes/pkg/kubelet/kubelet.go:444: Failed to list *v1.Service: Unauthorized
Apr 22 20:31:13 node-name kubelet[18567]: E0422 20:31:13.632799 18567 reflector.go:134] k8s.io/kubernetes/pkg/kubelet/kubelet.go:453: Failed to list *v1.Node: Unauthorized
解决方案
该问题是由 Kubernetes 节点之间的 Docker 和/或 Kubernetes 版本不匹配引起的。
将 Docker 和 Kubernetes 重新安装到正确版本后,问题得到解决。
Kubernetesversion skew support policy描述了各种 Kubernetes 组件之间支持的最大版本偏差。有关详细信息,请参阅版本倾斜策略文档。
Kubernetes发行说明列出了哪些版本的 Docker 与该版本的 Kubernetes 兼容。例如,在CHANGELOG-1.13.md中,您可以找到经过验证的 Kubernetes 1.13 docker 版本。
推荐阅读
- javascript - 如何从快速分页中的 URL 中删除限制参数?
- asp.net-mvc - 在 tinymce 编辑器中 - 在编号列表中单击时它不起作用
- java - 如何在电子票、手机票和自助票之间进行选择以点击它
- java - 注释和异常
- html - 容器在我的 Vue Swiper 中没有内联
- delphi - E2555 无法捕获符号“Self”
- kubernetes - GKE 集群的权限
- regex - 无法在 perl6 中编写语法来解析带有特殊字符的行
- kubernetes - Istio mTLS 中的 TLS 版本和密码
- javascript - 导出前的 Ag-grid 角度格式数据