Comments (7)
-
Aggregation Layer 必须开启的,metrics-server 部署好了可以查询 metrics API 看看是否有数据,比如
kubectl get --raw apis/metrics.k8s.io/v1beta1/pods
-
证书要事先生成,然后修改到正确的路径
from kubernetes-handbook.
@hechuan73 不需要执行 kubectl apply,等着 kubelet 重新创建 kube-apiserver 即可
from kubernetes-handbook.
@feiskyer
您好,我今天按照这里面的指南,在搭好集群之后,修改了/etc/kubernetes/manifests/kube-apiserver.yaml 这个文件,将其中对应的几个参数修改成了我生成的证书的路径,然后我尝试执行以下命令:
# kubectl apply -f kube-apiserver.yaml
error: unable to recognize "kube-apiserver.yaml": Get https://10.141.211.179:6443/api?timeout=32s: dial tcp 10.141.211.179:6443: connect: connection refused
获取pods信息:
kubectl get pods
The connection to the server 10.141.211.179:6443 was refused - did you specify the right host or port?
发现kubectl 无法和apiserver通信了。请问下是不是我修改的方式有问题,我在官网查,官网说“在部署 metrics-server 之前,需要在 kube-apiserver 中开启 API Aggregation,即增加以下配置”,也没说具体的方式,感觉我修改的方式错了,请教下正确的修改以及让它生效的方式应该是怎样的?
另外,我只是修改了这个文件,按理来说,还没让它生效,已经生成的apiserver这个pod不应该受到影响,但是后面发现kubectl 已经不能和apiserver通信了。请教下这是为什么呢?非常感谢!!!
from kubernetes-handbook.
@feiskyer 好的。您的意思应该是先delete掉 apiserver这个pod,然后kubeadm会重新创建kube-apiserver对吧,如下:
# kubectl delete pod -n kube-system kube-apiserver-k8s-master
pod "kube-apiserver-k8s-master" deleted
我刚才测试了,确实会马上重新创建,很感谢!
from kubernetes-handbook.
不需要手动删除,修改了 manifests 之后 kubelet 会自动重新创建
from kubernetes-handbook.
@feiskyer
您好,很抱歉再次打扰。我之前生成证书修改后,一直报如下错误:
The connection to the server 10.141.211.179:6443 was refused - did you specify the right host or port?
然后我今天安装官网教程(生成证书),利用cfssl重新生成了"ca.pem,ca-key.pem,server.pem,server-key.pem"四个文件,然后更新了系统的证书库,并且更新了kube-apiserver.yaml相关字段如下:
- --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
#- --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
- --proxy-client-cert-file=/etc/kubernetes/cert/server.pem
#- --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
- --proxy-client-key-file=/etc/kubernetes/cert/server-key.pem
#- --requestheader-allowed-names=front-proxy-client
- --requestheader-allowed-names=aggregator
#- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
- --requestheader-client-ca-file=/etc/kubernetes/cert/ca.pem
- --requestheader-extra-headers-prefix=X-Remote-Extra-
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
结果还是报如下错误:
The connection to the server 10.141.211.179:6443 was refused - did you specify the right host or port?
生成证书的json文件如下:
# cat ca-config.json
{
"signing": {
"default": {
"expiry": "8760h"
},
"profiles": {
"kubernetes": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "8760h"
}
}
}
}
# cat ca-csr.json
{
"CN": "kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names":[{
"C": "CN",
"ST": "ShangHai",
"L": "ShangHai",
"O": "k8s",
"OU": "System"
}]
}
# cat server-csr.json
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"10.141.211.179",
"10.96.0.1",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [{
"C": "CN",
"ST": "ShangHai",
"L": "ShangHai",
"O": "k8s",
"OU": "System"
}]
}
然后使用如下命令更新的证书库:
# cp ca.pem /etc/pki/ca-trust/source/anchors/kubernetes.pem
# update-ca-trust extract
麻烦您帮忙看下会是哪一个环境出了错,谢谢!
from kubernetes-handbook.
看起来是 apiserver 没起来,可以 docker ps -a 找到容器,查查啥容器日志里是不是有报错
from kubernetes-handbook.
Related Issues (20)
- 关于最新版本的pdf HOT 6
- hostPath 和 Local Storage 持久化有什么区别? HOT 6
- Dynamic和Static Persistent Volume的区别? HOT 4
- gluster 持久存储的问题 HOT 1
- Update Kubernetes The Hard Way to v1.12.0
- 关于cAdvisor HOT 2
- 国内镜像阿里云已经不能直接使用 HOT 1
- 关于自定义指标 HOT 1
- Azure 的chart 镜像很不稳定,有办法给他们反馈吗? HOT 4
- Missing "apiVersion" in file kubernetes-handbook/examples/projected-volume.yaml HOT 1
- kubelet 未监听 10255 端口
- kubelet启动失败 HOT 5
- pdf无法下载了
- 在openstack虚拟机上部署k8s集群 添加service导致 节点崩溃 HOT 1
- kube-proxy通信问题 HOT 2
- Azure China镜像已经不再开放使用了
- Kubernetes 101章节-ngxin无法访问 HOT 2
- k8s
- kataconda playground is no longer available HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes-handbook.