Kubernetes 错误汇总(持续更新)

2021-05-12 00:28

阅读:382

标签:pac   login   err   auth   ash   cer   没有权限   sel   policy   

问题一、unable to fetch the kubeadm-config ConfigMap: failed to get config map: Unauthorized
[root@k8s-store01 ~]# kubeadm join 10.0.0.31:6443 --token 1euadv.48cjve19biy33b9m     --discovery-token-ca-cert-hash sha256:295acb22b65296410968d040cfbb326642d2e3b177ccbc3626765a0ada6fa9ff 
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.5. Latest validated version: 18.09
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with ‘kubectl -n kube-system get cm kubeadm-config -oyaml‘
error execution phase preflight: unable to fetch the kubeadm-config ConfigMap: failed to get config map: Unauthorized

解决办法是: token已经过期了,该token默认是24小时内有效果的,所以需要在master节点重新生成token

[root@k8s-master01 ~]#  kubeadm  token create
ottwfk.al3ksj32yeqogk9y
[root@k8s-master01 ~]# kubeadm token list
TOKEN                     TTL         EXPIRES                     USAGES                   DESCRIPTION   EXTRA GROUPS
1euadv.48cjve19biy33b9m      2019-12-08T16:17:03+08:00   authentication,signing           system:bootstrappers:kubeadm:default-node-token
ottwfk.al3ksj32yeqogk9y   23h         2019-12-10T13:20:57+08:00   authentication,signing           system:bootstrappers:kubeadm:default-node-token

问题二:repository does not exist or may require ‘docker login‘: denied: requested access to the resource is denied

[root@k8s-master01 ~]# kubectl describe pod nginx-demo
  Normal   Scheduled  15m                   default-scheduler    Successfully assigned default/nginx-demo to k8s-node03
  Normal   BackOff    14m (x6 over 15m)     kubelet, k8s-node03  Back-off pulling image "10.0.0.33/base_images/nginx:1.13"
  Normal   Pulling    13m (x4 over 15m)     kubelet, k8s-node03  Pulling image "10.0.0.33/base_images/nginx:1.13"
  Warning  Failed     13m (x4 over 15m)     kubelet, k8s-node03  Failed to pull image "10.0.0.33/base_images/nginx:1.13": rpc error: code = Unknown desc = Error response from daemon: pull access denied for 10.0.0.33/base_images/nginx, repository does not exist or may require ‘docker login‘: denied: requested access to the resource is denied
  Warning  Failed     13m (x4 over 15m)     kubelet, k8s-node03  Error: ErrImagePull
  Warning  Failed     4m56s (x43 over 15m)  kubelet, k8s-node03  Error: ImagePullBackOff

解决方法是:node节点没有权限从harbor拉取镜像,所以需要在master节点进行授权

[root@k8s-master01 ~]# kubectl create secret docker-registry harbor-secret --namespace=default --docker-server=10.0.0.33 --docker-username=admin  --docker-password=Harbor12345

// 添加授权
[root@k8s-master01 ~]# cat web-demo.yaml
apiVersion: v1
kind: Pod
metadata:
  name: nginx-demo
  labels:
    env: test
spec:
  containers:
  - name: nginx
    image: 10.0.0.33/base_images/nginx:1.13
    imagePullPolicy: Always
  imagePullSecrets:
  - name: harbor-secret 
  nodeSelector:
    app: k8s-node03

Kubernetes 错误汇总(持续更新)

标签:pac   login   err   auth   ash   cer   没有权限   sel   policy   

原文地址:https://blog.51cto.com/12643266/2457137


评论


亲,登录后才可以留言!