kubernetes问题解答专栏
kubernetes1.13.x报错
kubelet启动报错, 检查kubelet配置文件及kubelet.service中的变量是否正确
failed to run Kubelet: no client provided, cannot use webhook authentication
检查apiserver 准入控制器是否开启ValidatingAdmissionWebhook
W0604 10:11:06.884549 1 authentication.go:245] Unable to get configmap/extension-apiserver-authentication in kube-system. Usually fixed by ‘kubectl create rolebinding -n kube-system ROLE_NAME –role=extension-apiserver-authentication-reader –serviceaccount=YOUR_NS:YOUR_SA’
Error: configmaps “extension-apiserver-authentication” not found
检查master节点是否可以正常访问metrics-server pod ip地址, 如master未安装cni网络插件可能会导致该问题。
如果kube-proxy没有在Master上面运行,还需要配置–enable-aggregator-routing=true
couldn’t get resource list for metrics.k8s.io/v1beta1: the server is currently unable to handle the request
available_controller.go:316] v1beta1.metrics.k8s.io failed with: Get https://172.20.61.7:443: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
I0606 15:32:35.723004 8021 controller.go:105] OpenAPI AggregationController: Processing item v1beta1.metrics.k8s.io
E0606 15:32:35.723119 8021 controller.go:111] loading OpenAPI spec for “v1beta1.metrics.k8s.io” failed with: failed to retrieve openAPI spec, http error: ResponseCode: 503, Body: service unavailable
, Header: map[X-Content-Type-Options:[nosniff] Content-Type:[text/plain; charset=utf-8]]
I0606 15:32:35.723128 8021 controller.go:119] OpenAPI AggregationController: action for item v1beta1.metrics.k8s.io: Rate Limited Requeue.
E0606 15:32:37.115403 8021 available_controller.go:316] v1beta1.metrics.k8s.io failed with: Get https://192.168.188.220:443: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
E0606 15:32:42.121065 8021 available_controller.go:316] v1beta1.metrics.k8s.io failed with: Get https://192.168.188.220:443: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
E0606 15:33:02.914933 8021 memcache.go:135] couldn’t get resource list for metrics.k8s.io/v1beta1: the server is currently unable to handle the request
E0606 15:33:07.116376 8021 available_controller.go:316] v1beta1.metrics.k8s.io failed with: Get https://192.168.188.220:443: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
E0606 15:33:17.126683 8021 available_controller.go:316] v1beta1.metrics.k8s.io failed with: Get https://192.168.188.220:443: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
BOOTSTRAP_TOKEN未生成, 检查kubelet-bootstrap.kueconfig文件中的token值是否正确
kubectl config use-context default --kubeconfig=kubelet-bootstrap.kueconfig --user=kubelet-bootstrap error: no context exists with the name: "default".
kubectl top node提示无权限, 如果metrics-server使用的是10255端口, 该端口为只读端口, 需要用以下命令创建匿名认证
Error from server (Forbidden): nodes.metrics.k8s.io is forbidden: User “system:anonymous” cannot list nodes.metrics.k8s.io at the cluster scope
vi anonymous.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: view-metrics
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: view-metrics
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: view-metrics
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:anonymous
NetworkPlugin cni failed to set up pod xxxx network: no podCidr for node yyyy
请使用–pod-network-cidr=10.88.99.0/24指定pod子网信息
failed to register network: failed to acquire lease: node “xxxxxx” pod cidr not assigned