kube-apiserver
2 分钟阅读
简要概述
记录 kube-apiserver 相关问题。
无法启动类
“dial tcp 127.0.0.1:8080: connect: connection refused”
- 关键日志
root@k8s/etc/kubernetes/manifests# kubectl get nodes
E0803 10:01:41.668372 300010 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
E0803 10:01:41.669287 300010 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
E0803 10:01:41.671326 300010 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
E0803 10:01:41.672078 300010 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
E0803 10:01:41.674043 300010 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
The connection to the server localhost:8080 was refused - did you specify the right host or port?
root@k8s/etc/kubernetes/manifests#
- 问题原因
新版不在开放本地的 “127.0.0.1:8080” 端口,需配置下 kubeconfig 路径,如:$HOME/.kube/config
“failed to verify certificate: x509”
- 关键日志
root@k8s/etc/kubernetes/manifests# kubectl get nodes
E0803 10:27:46.079494 300470 memcache.go:265] couldn't get current server API group list: Get "https://10.49.2.108:6443/api?timeout=32s": tls: failed to verify certificate: x509: certificate signed by unknown authority
E0803 10:27:46.094227 300470 memcache.go:265] couldn't get current server API group list: Get "https://10.49.2.108:6443/api?timeout=32s": tls: failed to verify certificate: x509: certificate signed by unknown authority
E0803 10:27:46.105654 300470 memcache.go:265] couldn't get current server API group list: Get "https://10.49.2.108:6443/api?timeout=32s": tls: failed to verify certificate: x509: certificate signed by unknown authority
E0803 10:27:46.117784 300470 memcache.go:265] couldn't get current server API group list: Get "https://10.49.2.108:6443/api?timeout=32s": tls: failed to verify certificate: x509: certificate signed by unknown authority
E0803 10:27:46.127952 300470 memcache.go:265] couldn't get current server API group list: Get "https://10.49.2.108:6443/api?timeout=32s": tls: failed to verify certificate: x509: certificate signed by unknown authority
Unable to connect to the server: tls: failed to verify certificate: x509: certificate signed by unknown authority
root@k8s/etc/kubernetes/manifests#
- 问题原因
在 “$HOME/.kube/config” 中内嵌的 ca 证书不对,检查方式:
- 获取 “$HOME/.kube/config” 中 “certificate-authority-data” 内容,使用
base64反解:
echo -n '${certificate-authority-data}' | base64 -d
最后修改 2024.05.06: docs: 独立常见问题处理 (96c4309)