开发者社区> 问答> 正文

Worker节点无法在kubernetes中加入主节点

k8s小能手 2019-02-22 15:40:20 715

我的主节点中有两个网络接口 -

192.168.56.118

10.0.3.15

在主节点上执行kubeadm init时,我得到以下命令来添加worker

kubeadm join --token qr1czu.5lh1nt34ldiauc1u 192.168.56.118:6443 --discovery-token-ca-cert-hash sha256:e5d90dfa0fff67589551559c443762dac3f1e5c7a5d2b4a630e4c0156ad0e16c
如您所见,它显示从工作人员连接的192.168.56.118 IP。但是在工作节点上执行相同的操作时,我遇到了以下错误。

[root@k8s-worker ~]# kubeadm join --token qr1czu.5lh1nt34ldiauc1u 192.168.56.118:6443 --discovery-token-ca-cert-hash sha256:e5d90dfa0fff67589551559c443762dac3f1e5c7a5d2b4a630e4c0156ad0e16c
[preflight] Running pre-flight checks
[discovery] Trying to connect to API Server "192.168.56.118:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://192.168.56.118:6443"
[discovery] Requesting info from "https://192.168.56.118:6443" again to validate TLS against the pinned public key
[discovery] Failed to request cluster info, will try again: [Get https://192.168.56.118:6443/api/v1/namespaces/kube-public/configmaps/cluster-info: x509: certificate is valid for 10.96.0.1, 10.0.3.15, not 192.168.56.118]
我试过其他IP - 10.0.3.15。但它会返回连接拒绝错误,尽管防火墙在master中被禁用。

[root@k8s-worker ~]# kubeadm join --token qr1czu.5lh1nt34ldiauc1u 10.0.3.15:6443 --discovery-token-ca-cert-hash sha256:e5d90dfa0fff67589551559c443762dac3f1e5c7a5d2b4a630e4c0156ad0e16c
[preflight] Running pre-flight checks

[discovery] Trying to connect to API Server "10.0.3.15:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://10.0.3.15:6443"
[discovery] Failed to request cluster info, will try again: [Get https://10.0.3.15:6443/api/v1/namespaces/kube-public/configmaps/cluster-info: dial tcp 10.0.3.15:6443: connect: connection refused]
如何强制证书使192.168.56.118有效?或任何想法我该如何解决这个问题?

Kubernetes 网络协议 API 网络安全 容器
分享到
取消 提交回答
全部回答(1)
  • k8s小能手
    2019-07-17 23:29:08

    您需要在使用初始化群集时提供额外的apiserver证书SAN(--apiserver-cert-extra-sans )和api服务器通告地址(--apiserver-advertise-address)kubeadm init。您的kubeadm init命令如下所示:

    kubeadm init --apiserver-cert-extra-sans 192.168.56.118 --apiserver-advertise-address 192.168.56.118
    一旦使用上面的命令初始化集群,您在加入集群时将不会遇到证书问题

    0 0
+ 订阅

云原生时代,是开发者最好的时代

推荐文章
相似问题
推荐课程