我正在尝试在 ubutnu(裸机安装)上安装 kubernetes。
我安装了一个主节点和一个节点,看起来不错。
我安装了 ui 插件没有问题,但是当我尝试安装 dns 插件时,pod 会不断重启。
在 kube-apiserver 日志中,我得到:
E1218 12:56:15.298118 5 handlers.go:37] Unable to authenticate the request due to an error: crypto/rsa: verification error
I1218 12:56:15.298220 5 handlers.go:131] GET /api/v1/services: (534.467µs) 401 [[kube2sky/v0.20.2 (linux/amd64) kubernetes/unknown] 172.27.35.39:33013]
E1218 12:56:15.298396 5 handlers.go:37] Unable to authenticate the request due to an error: crypto/rsa: verification error
I1218 12:56:15.298469 5 handlers.go:131] GET /api/v1/endpoints: (493.5µs) 401 [[kube2sky/v0.20.2 (linux/amd64) kubernetes/unknown] 172.27.35.39:33014]
I1218 12:56:16.001321 5 handlers.go:131] GET /healthz: (83.326µs) 0 [[Go 1.1 package http] 127.0.0.1:42096]
E1218 12:56:16.303274 5 handlers.go:37] Unable to authenticate the request due to an error: crypto/rsa: verification error
E1218 12:56:16.303274 5 handlers.go:37] Unable to authenticate the request due to an error: crypto/rsa: verification error
在 kube2sky 容器日志中,我收到以下错误:
E1218 12:57:51.713651 1 reflector.go:136] Failed to list *api.Service: the server has asked for the client to provide credentials (get services)
E1218 12:57:51.713850 1 reflector.go:136] Failed to list *api.Endpoints: the server has asked for the client to provide credentials (get endpoints)
在我看来,我的服务帐户和 token 有问题,但我查看了 kube2sky 实例,发现/tmp/secrets/kubernetes.io/serviceaccount 目录中有一个 token ,并且 ca.crt 是正确的 ca集群
我在用:
Ubuntu 14.04
Kubernetes 1.1.2
添加我尝试从kubernetes 1.1.2的插件目录创建dns插件
最佳答案
更新 api-server 的证书和 key 后,我遇到了同样的问题。删除 secret 后,我修复了 DNS 服务:
# Search the secret name
kubectl get pod --namespace=kube-system -l k8s-app=kube-dns -o yaml | grep -A1 serviceaccount
# Delete the current secret
kubectl delete secret/<name-of-the-secret> --namespace=kube-system
我还需要重启整个POD,不知道有没有更好的办法:
kubectl delete svc/kube-dns rc/kube-dns-v9 --namespace=kube-system
kubectl create -f dns-addon.yaml
关于kubernetes - 无法启动skydns,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34356694/