国产无码综合区,色欲AV无码国产永久播放,无码天堂亚洲国产AV,国产日韩欧美女同一区二区

<ol id="pjly9"><strong id="pjly9"><td id="pjly9"></td></strong></ol>

<noscript id="pjly9"><ins id="pjly9"><var id="pjly9"></var></ins></noscript>

<big id="pjly9"><strong id="pjly9"><rp id="pjly9"></rp></strong></big>

K8S異常之Unable to connect to the server: x509: certificate has expired or is not yet valid

2年前作者：一掬凈土分類：Toy博客閱讀(98)違法舉報(bào)

這篇具有很好參考價(jià)值的文章主要介紹了K8S異常之Unable to connect to the server: x509: certificate has expired or is not yet valid。希望對大家有所幫助。如果存在錯(cuò)誤或未考慮完全的地方，請大家不吝賜教，您也可以點(diǎn)擊"舉報(bào)違法"按鈕提交疑問。

一、問題：k8s證書過期

[root@nb001 ~]# kubectl get node
Unable to connect to the server: x509: certificate has expired or is not yet valid: current time 2022-12-10T10:26:21+08:00 is after 2022-12-10T01:55:52Z

二、解決方案：

2.1 處理步驟

# 備份 kubernetes配置
cp -r /etc/kubernetes  /etc/kubernetes_bak
# 檢測證書過期
kubeadm certs check-expiration
# 更新證書
kubeadm certs renew all

2.2 處理步驟詳細(xì)情況

[root@nb001 ~]# kubeadm  certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[check-expiration] Error reading configuration from the Cluster. Falling back to default configuration

CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
admin.conf                 Dec 10, 2022 01:55 UTC   <invalid>                               no      
apiserver                  Dec 10, 2022 01:55 UTC   <invalid>       ca                      no      
apiserver-etcd-client      Dec 10, 2022 01:55 UTC   <invalid>       etcd-ca                 no      
apiserver-kubelet-client   Dec 10, 2022 01:55 UTC   <invalid>       ca                      no      
controller-manager.conf    Dec 10, 2022 01:55 UTC   <invalid>                               no      
etcd-healthcheck-client    Dec 10, 2022 01:55 UTC   <invalid>       etcd-ca                 no      
etcd-peer                  Dec 10, 2022 01:55 UTC   <invalid>       etcd-ca                 no      
etcd-server                Dec 10, 2022 01:55 UTC   <invalid>       etcd-ca                 no      
front-proxy-client         Dec 10, 2022 01:55 UTC   <invalid>       front-proxy-ca          no      
scheduler.conf             Dec 10, 2022 01:55 UTC   <invalid>                               no      

CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
ca                      Dec 08, 2031 01:55 UTC   8y              no      
etcd-ca                 Dec 08, 2031 01:55 UTC   8y              no      
front-proxy-ca          Dec 08, 2031 01:55 UTC   8y              no

如上，發(fā)現(xiàn)很多證書都是<invalid>的狀態(tài)，接著更新證書：

[root@nb001 .kube]# kubeadm certs renew all
[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[renew] Error reading configuration from the Cluster. Falling back to default configuration

certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healthcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed

Done renewing certificates. You must restart the kube-apiserver, kube-controller-manager, kube-scheduler and etcd, so that they can use the new certificates.
[root@nb001 .kube]# kubectl get node
Unable to connect to the server: x509: certificate has expired or is not yet valid: current time 2022-12-10T10:33:16+08:00 is after 2022-12-10T01:55:52Z

如下，更新證書后，證書過期時(shí)間已經(jīng)更新為365d


[root@nb001 .kube]# kubeadm certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[check-expiration] Error reading configuration from the Cluster. Falling back to default configuration

CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
admin.conf                 Dec 10, 2023 02:33 UTC   364d                                    no      
apiserver                  Dec 10, 2023 02:33 UTC   364d            ca                      no      
apiserver-etcd-client      Dec 10, 2023 02:33 UTC   364d            etcd-ca                 no      
apiserver-kubelet-client   Dec 10, 2023 02:33 UTC   364d            ca                      no      
controller-manager.conf    Dec 10, 2023 02:33 UTC   364d                                    no      
etcd-healthcheck-client    Dec 10, 2023 02:33 UTC   364d            etcd-ca                 no      
etcd-peer                  Dec 10, 2023 02:33 UTC   364d            etcd-ca                 no      
etcd-server                Dec 10, 2023 02:33 UTC   364d            etcd-ca                 no      
front-proxy-client         Dec 10, 2023 02:33 UTC   364d            front-proxy-ca          no      
scheduler.conf             Dec 10, 2023 02:33 UTC   364d                                    no      

CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
ca                      Dec 08, 2031 01:55 UTC   8y              no      
etcd-ca                 Dec 08, 2031 01:55 UTC   8y              no      
front-proxy-ca          Dec 08, 2031 01:55 UTC   8y              no

三、新的問題①及解決方案

3.1 再次查看kubectl get node，發(fā)現(xiàn)有新的錯(cuò)誤：`error: You must be logged in to the server (Unauthorized)`


[root@nb001 .kube]# kubectl get node
error: You must be logged in to the server (Unauthorized)

3.2 上述錯(cuò)誤解決方案

備份配置文件 cp -rp $HOME/.kube/config $HOME/.kube/config.bak ，并生成新的配置文件sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
執(zhí)行kubectl get node查看解決結(jié)果

詳情如下：

[root@nb001 .kube]# cd /etc/kubernetes
[root@nb001 kubernetes]# ls
admin.conf  controller-manager.conf  kubelet.conf  manifests  pki  scheduler.conf
[root@nb001 kubernetes]# cd $HOME/.kube/
[root@nb001 .kube]# ls
cache  config
[root@nb001 .kube]# cp -rp config  config.bak
[root@nb001 .kube]# ls
cache  config  config.bak
[root@nb001 .kube]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
cp: overwrite ‘/root/.kube/config’? y
[root@nb001 .kube]# ls -lrth
total 20K
-rw------- 1 root root 5.5K Dec 10  2021 config.bak
drwxr-x--- 4 root root 4.0K Dec 10  2021 cache
-rw------- 1 root root 5.5K Dec 10 10:35 config
[root@nb001 .kube]# kubectl get node
NAME    STATUS   ROLES                  AGE    VERSION
nb001   Ready    control-plane,master   365d   v1.21.5
nb002   Ready    <none>                 365d   v1.21.5
nb003   Ready    <none>                 241d   v1.21.5

四、新的問題②及解決方案

4.1 上述問題解決后，執(zhí)行kubectl apply、kubectl create命令可以正常執(zhí)行，但無法實(shí)際操作資源

換句話說：就是執(zhí)行了，但沒生效
舉例： 比如你更新 service-user.yaml 調(diào)整了鏡像版本，想重新部署下user服務(wù)。執(zhí)行kubectl apply -f service-user.yaml ，但實(shí)際pod還是上次部署的pod，并沒有重新部署。其余不生效的情況類似。

此外：在kuboard上的表現(xiàn)如下圖，都是空的：
K8S異常之Unable to connect to the server: x509: certificate has expired or is not yet valid

4.2 解決方案

重啟kubelet

systemctl restart kubelet

重啟kube-apiserver、kube-controller-manage、kube-scheduler

# 如果是docker作為容器的話，可執(zhí)行如下命令。其余容器方法類似
docker ps |grep kube-apiserver|grep -v pause|awk '{print $1}'|xargs -i docker restart {}
docker ps |grep kube-controller-manage|grep -v pause|awk '{print $1}'|xargs -i docker restart {}
docker ps |grep kube-scheduler|grep -v pause|awk '{print $1}'|xargs -i docker restart {}

重新部署user服務(wù)即可

至此，由于k8s證書過期引起的問題得到徹底解決。文章來源地址http://www.zghlxwxcb.cn/news/detail-435908.html

End

到了這里，關(guān)于K8S異常之Unable to connect to the server: x509: certificate has expired or is not yet valid的文章就介紹完了。如果您還想了解更多內(nèi)容，請?jiān)谟疑辖撬阉鱐OY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！

本文來自互聯(lián)網(wǎng)用戶投稿，該文觀點(diǎn)僅代表作者本人，不代表本站立場。本站僅提供信息存儲空間服務(wù)，不擁有所有權(quán)，不承擔(dān)相關(guān)法律責(zé)任。如若轉(zhuǎn)載，請注明出處：如若內(nèi)容造成侵權(quán)/違法違規(guī)/事實(shí)不符，請點(diǎn)擊違法舉報(bào)進(jìn)行投訴反饋，一經(jīng)查實(shí)，立即刪除！

分享到：

領(lǐng)支付寶紅包贊助服務(wù)器費(fèi)用

K8s ? The connection to the server 報(bào)錯(cuò)localhost:8080 was refused
現(xiàn)象描述 K8s集群初始化成功后，kubectl get nodes 查看節(jié)點(diǎn)信息時(shí)報(bào)錯(cuò)：報(bào)錯(cuò)信息：解決辦法：執(zhí)行以下命令
2024年02月11日
瀏覽(45)
【k8s】Error from server (ServiceUnavailable): the server is currently unable to handle the request
安裝metrics-server后，pod啟動(dòng)時(shí)成功的就是一直報(bào)這個(gè)錯(cuò)。網(wǎng)上找了很多放法，不管用，可以試試。 ?解決方法：新增 hostNetwork: true 到metries-server.yaml: 參考地址：kubernetes - Error from server (ServiceUnavailable): the server is currently unable to handle the request (get nodes.metrics.k8s.io) - Stack Overflow
2024年02月11日
瀏覽(27)
K8s 重設(shè)解決 “The connection to the server xxx:6443 was refused” 問題
有時(shí) kubectl 執(zhí)行命令時(shí)出現(xiàn)問題，無法連接 kube-apiserver，報(bào)錯(cuò)如下：初步判斷，kubelet 沒有將 apiserver 拉起來。上面報(bào)錯(cuò)說明 kubelet 沒有正常啟動(dòng)。日志如下：注意，在生產(chǎn)環(huán)境謹(jǐn)慎執(zhí)行，在測試環(huán)境可以考慮使用。注意，在 master 節(jié)點(diǎn)上操作。這部分詳細(xì)的可以參考 K8s
2024年02月04日
瀏覽(27)
K8S之Kuboard顯示已導(dǎo)入【創(chuàng)建 X509KeyPair 失敗】 tls: failed to find any PEM data in certificate input
kuboard用著用著，突然發(fā)現(xiàn)，只是已導(dǎo)入狀態(tài)，而不是已就緒的狀態(tài)，且重新導(dǎo)入kubeconfig顯示【創(chuàng)建 X509KeyPair 失敗】 tls: failed to find any PEM data in certificate input 的提示。具體問題截圖如下：發(fā)現(xiàn)集群狀態(tài)正常發(fā)現(xiàn)pod狀態(tài)也是運(yùn)行正常的也是OK的既然都看上去正常，那么，
2024年02月04日
瀏覽(76)
k8s kubectl 啟動(dòng)成功，但執(zhí)行命令時(shí)報(bào)錯(cuò)：The connection to the server localhost:8080 was refused - did you specify
node2 systemctl start kubectl 后可以正常啟動(dòng)服務(wù)，systemctl ststus kubectl 也顯示running。但是執(zhí)行?kubectl cluster-info 或??kubectl get pod?均報(bào)錯(cuò)：The connection to the server localhost:8080 was refused - did you specify the right host or port 懷疑是重啟服務(wù)之前 ~/.kube/config 被測試進(jìn)行修改后導(dǎo)致報(bào)錯(cuò) 首先查看
2024年03月12日
瀏覽(22)
k8s--重啟后報(bào)錯(cuò)：The connection to the server lb.kubesphere.local:6443 was refused - did you specify the r
執(zhí)行這個(gè)命令報(bào)錯(cuò)：The connection to the server lb.kubesphere.local:6443 was refused - did you specify the r kubectl get pod -A 如果你之前是正常運(yùn)行的話，只用等待就行了，因?yàn)檫@個(gè)錯(cuò)是k8s主節(jié)點(diǎn)的kubectl還沒啟動(dòng)的原因，所以會(huì)報(bào)這個(gè)錯(cuò)??！一般等個(gè)2分鐘左右在執(zhí)行命令：
2024年02月11日
瀏覽(22)
記一次k8s報(bào)錯(cuò)：The connection to the server ip:6443 was refused - did you specify the right host or port?
敲擊kubectl任意命令提示無法連接到10.75.78.212 的6443端口 kube-apiserver 默認(rèn)端口無法連接，初步判斷 kube-apiserver 服務(wù)出現(xiàn)問題這里簡單總結(jié)下kube-apiserver組件： kube-apiserver 是 Kubernetes 控制平面的樞紐，負(fù)責(zé)處理所有的 API 調(diào)用，包括集群管理、應(yīng)用部署和維護(hù)、用戶交互等，并
2024年04月10日
瀏覽(68)
【k8s】Unable to restart cluster, will reset it: apiserver healthz異常
問題描述該問題在執(zhí)行 minikube start 命令后出現(xiàn)的無法啟動(dòng)的異常完整異常描述: 翻譯：無法重新啟動(dòng)群集，將重置它：apiserver healthz:apiserver進(jìn)程從未出現(xiàn) 問題解決辦法問題分析：未構(gòu)建成功服務(wù)，并由于存在國內(nèi)墻的困擾，哪怕指定了阿里云的鏡像庫依舊失敗，這可能是由
2023年04月10日
瀏覽(22)
EKS 解決Unable to connect to the server 問題
報(bào)錯(cuò)內(nèi)容如下 1、先配置日志查詢我們的eks所屬用戶 2、查詢?nèi)罩?執(zhí)行以下查詢語句 3、查詢當(dāng)前主機(jī)aws configure 4、執(zhí)行操作遠(yuǎn)程k8s 報(bào)錯(cuò)如下 5、降低kubectl版本各版本下載地址 https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html
2024年02月12日
瀏覽(98)
K8S異常之Unable to update cni config err=no vaild network found in /etc/cni/net.d
我們在初始化k8s節(jié)點(diǎn)的時(shí)候，可能會(huì)遇到類似如下問題 Unable to update cni config err=no vaild network found in /etc/cni/net.d ，一般表示網(wǎng)絡(luò)不通。網(wǎng)上很多方法經(jīng)過嘗試都不好使。最后出現(xiàn)了 /opt/cni/bin/flannel permission denied （無權(quán)限讀取flannel文件）的異常。查看kubelet的狀態(tài) systemctl sta
2024年02月17日
瀏覽(22)

<thead id="vd99s"></thead>

<td id="vd99s"><table id="vd99s"></table></td>