kubernetes问题解答专栏

kubernetes1.13.x报错

 

kubelet启动报错, 检查kubelet配置文件及kubelet.service中的变量是否正确
failed to run Kubelet: no client provided, cannot use webhook authentication

 

检查apiserver 准入控制器是否开启ValidatingAdmissionWebhook
W0604 10:11:06.884549 1 authentication.go:245] Unable to get configmap/extension-apiserver-authentication in kube-system. Usually fixed by ‘kubectl create rolebinding -n kube-system ROLE_NAME –role=extension-apiserver-authentication-reader –serviceaccount=YOUR_NS:YOUR_SA’
Error: configmaps “extension-apiserver-authentication” not found

 

检查master节点是否可以正常访问metrics-server pod ip地址, 如master未安装cni网络插件可能会导致该问题。
如果kube-proxy没有在Master上面运行,还需要配置–enable-aggregator-routing=true

couldn’t get resource list for metrics.k8s.io/v1beta1: the server is currently unable to handle the request
available_controller.go:316] v1beta1.metrics.k8s.io failed with: Get https://172.20.61.7:443: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

I0606 15:32:35.723004 8021 controller.go:105] OpenAPI AggregationController: Processing item v1beta1.metrics.k8s.io
E0606 15:32:35.723119 8021 controller.go:111] loading OpenAPI spec for “v1beta1.metrics.k8s.io” failed with: failed to retrieve openAPI spec, http error: ResponseCode: 503, Body: service unavailable
, Header: map[X-Content-Type-Options:[nosniff] Content-Type:[text/plain; charset=utf-8]]
I0606 15:32:35.723128 8021 controller.go:119] OpenAPI AggregationController: action for item v1beta1.metrics.k8s.io: Rate Limited Requeue.
E0606 15:32:37.115403 8021 available_controller.go:316] v1beta1.metrics.k8s.io failed with: Get https://192.168.188.220:443: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
E0606 15:32:42.121065 8021 available_controller.go:316] v1beta1.metrics.k8s.io failed with: Get https://192.168.188.220:443: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
E0606 15:33:02.914933 8021 memcache.go:135] couldn’t get resource list for metrics.k8s.io/v1beta1: the server is currently unable to handle the request
E0606 15:33:07.116376 8021 available_controller.go:316] v1beta1.metrics.k8s.io failed with: Get https://192.168.188.220:443: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
E0606 15:33:17.126683 8021 available_controller.go:316] v1beta1.metrics.k8s.io failed with: Get https://192.168.188.220:443: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

BOOTSTRAP_TOKEN未生成, 检查kubelet-bootstrap.kueconfig文件中的token值是否正确

kubectl config use-context default --kubeconfig=kubelet-bootstrap.kueconfig --user=kubelet-bootstrap
error: no context exists with the name: "default".

 

kubectl top node提示无权限, 如果metrics-server使用的是10255端口, 该端口为只读端口, 需要用以下命令创建匿名认证
Error from server (Forbidden): nodes.metrics.k8s.io is forbidden: User “system:anonymous” cannot list nodes.metrics.k8s.io at the cluster scope

vi anonymous.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: view-metrics
rules:
- apiGroups:
    - metrics.k8s.io
  resources:
    - pods
    - nodes
  verbs:
    - get
    - list
    - watch

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: view-metrics
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: view-metrics
subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: system:anonymous

 

 

发表评论

电子邮件地址不会被公开。 必填项已用*标注

昵称 *