自建k8s集群安装kubesphere mini版 account 容器启动失败

[root@ecs0-57 certs]# kubectl  logs -fn500 ks-account-dd4bdf8b-ksc7g  -n kubesphere-system
W0611 07:18:03.790718       1 client_config.go:549] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
E0611 07:18:05.206685       1 kubeconfig.go:62] create client certificate failed: <nil>
E0611 07:18:05.206709       1 im.go:1030] create user kubeconfig failed sonarqube create client certificate failed: <nil>
E0611 07:18:05.206719       1 im.go:197] user init failed sonarqube create client certificate failed: <nil>
E0611 07:18:05.206725       1 im.go:87] create default users user sonarqube init failed: create client certificate failed: <nil>

Error: user sonarqube init failed: create client certificate failed: <nil>

Usage:
  ks-iam [flags]

Flags:
      --add-dir-header                            If true, adds the file directory to the header
      --admin-email string                        default administrator's email (default "admin@kubesphere.io")
      --admin-password string                     default administrator's password (default "passw0rd")
      --alsologtostderr                           log to standard error as well as files
      --auth-rate-limit string                    specifies the maximum number of authentication attempts permitted and time interval,valid time units are "s","m","h" (default "5/30m")
      --bind-address string                       server bind address (default "0.0.0.0")
      --enable-multi-login                        allow one account to have multiple sessions
      --generate-kubeconfig                       generate kubeconfig for new users, kubeconfig is required in devops pipeline, set to false if you don't need devops. (default true)
  -h, --help                                      help for ks-iam
      --insecure-port int                         insecure port number (default 9090)
      --jwt-secret string                         jwt secret
      --kubeconfig string                         Path for kubernetes kubeconfig file, if left blank, will use in cluster way.
      --ldap-group-search-base string             Ldap group search base. (default "ou=Groups,dc=example,dc=org")
      --ldap-host string                          Ldap service host, if left blank, all of the following ldap options will be ignored and ldap will be disabled.
      --ldap-manager-dn string                    Ldap manager account domain name. (default "cn=admin,dc=example,dc=org")
      --ldap-manager-password string              Ldap manager account password.
      --ldap-user-search-base string              Ldap user search base. (default "ou=Users,dc=example,dc=org")
      --log-backtrace-at traceLocation            when logging hits line file:N, emit a stack trace (default :0)
      --log-dir string                            If non-empty, write log files in this directory
      --log-file string                           If non-empty, use this log file
      --log-file-max-size uint                    Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
      --logtostderr                               log to standard error instead of files (default true)
      --master string                             Used to generate kubeconfig for downloading, if not specified, will use host in kubeconfig.
      --mysql-host string                         MySQL service host address. If left blank, the following related mysql options will be ignored.
      --mysql-max-connection-life-time duration   Maximum connection life time allowed to connecto to mysql. (default 10s)
      --mysql-max-idle-connections int            Maximum idle connections allowed to connect to mysql. (default 100)
      --mysql-max-open-connections int            Maximum open connections allowed to connect to mysql. (default 100)
      --mysql-password string                     Password for access to mysql, should be used pair with password.
      --mysql-username string                     Username for access to mysql service.
      --redis-url string                          Redis connection URL. If left blank, means redis is unnecessary, redis will be disabled. e.g. redis://:password@host:port/db
      --secure-port int                           secure port number
      --skip-headers                              If true, avoid header prefixes in the log messages
      --skip-log-headers                          If true, avoid headers when opening log files
      --stderrthreshold severity                  logs at or above this threshold go to stderr (default 2)
      --tls-cert-file string                      tls cert file
      --tls-private-key string                    tls private key
      --token-idle-timeout duration               tokens that are idle beyond that time will expire,0s means the token has no expiration time. valid time units are "ns","us","ms","s","m","h" (default 30m0s)
  -v, --v Level                                   number for the log level verbosity
      --vmodule moduleSpec                        comma-separated list of pattern=N settings for file-filtered logging

2020/06/11 07:18:05 user sonarqube init failed: create client certificate failed: <nil>

[root@ecs0-57 certs]# 
[root@ecs0-57 certs]# 
[root@ecs0-57 certs]# 
[root@ecs0-57 certs]# kubectl -n kubesphere-system describe sts openldap
Name:               openldap
Namespace:          kubesphere-system
CreationTimestamp:  Thu, 11 Jun 2020 14:29:30 +0800
Selector:           app.kubernetes.io/instance=ks-openldap,app.kubernetes.io/name=openldap-ha
Labels:             app.kubernetes.io/instance=ks-openldap
                    app.kubernetes.io/managed-by=Tiller
                    app.kubernetes.io/name=openldap-ha
                    app.kubernetes.io/version=1.0
                    helm.sh/chart=openldap-ha-0.1.0
Annotations:        <none>
Replicas:           1 desired | 1 total
Update Strategy:    RollingUpdate
  Partition:        824636302844
Pods Status:        1 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
  Labels:  app.kubernetes.io/instance=ks-openldap
           app.kubernetes.io/name=openldap-ha
  Containers:
   openldap-ha:
    Image:      osixia/openldap:1.3.0
    Port:       389/TCP
    Host Port:  0/TCP
    Args:
      --copy-service
      --loglevel=warning
    Liveness:   tcp-socket :389 delay=30s timeout=1s period=15s #success=1 #failure=3
    Readiness:  tcp-socket :389 delay=30s timeout=1s period=15s #success=1 #failure=3
    Environment:
      LDAP_ORGANISATION:               kubesphere
      LDAP_DOMAIN:                     kubesphere.io
      LDAP_CONFIG_PASSWORD:            admin
      LDAP_ADMIN_PASSWORD:             admin
      LDAP_REPLICATION:                false
      LDAP_TLS:                        false
      LDAP_REMOVE_CONFIG_AFTER_SETUP:  true
      MY_POD_NAME:                      (v1:metadata.name)
      HOSTNAME:                        $(MY_POD_NAME).openldap
    Mounts:
      /etc/ldap/slapd.d from openldap-pvc (rw,path="ldap-config")
      /var/lib/ldap from openldap-pvc (rw,path="ldap-data")
  Volumes:
   openldap-pvc:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  openldap-pvc
    ReadOnly:   false
Volume Claims:
  Name:          openldap-pvc
  StorageClass:  
  Labels:        <none>
  Annotations:   <none>
  Capacity:      2Gi
  Access Modes:  [ReadWriteOnce]
Events:
  Type    Reason            Age   From                    Message
  ----    ------            ----  ----                    -------
  Normal  SuccessfulCreate  51m   statefulset-controller  create Claim openldap-pvc-openldap-0 Pod openldap-0 in StatefulSet openldap success
  Normal  SuccessfulCreate  51m   statefulset-controller  create Pod openldap-0 in StatefulSet openldap successful
[root@ecs0-57 certs]# 
[root@ecs0-57 certs]# 
[root@ecs0-57 certs]# 
[root@ecs0-57 certs]# 
[root@ecs0-57 certs]# 
[root@ecs0-57 certs]# kubectl  get pods -n kubesphere-system 
NAME                                     READY   STATUS             RESTARTS   AGE
ks-account-dd4bdf8b-ksc7g                0/1     CrashLoopBackOff   8          20m
ks-apigateway-c5d9f7546-6jw7s            1/1     Running            0          20m
ks-apiserver-5b65457c64-fvzw8            1/1     Running            0          20m
ks-console-69d4bf9df4-hhrvr              1/1     Running            0          20m
ks-controller-manager-5b5cf58d7f-l7jsh   1/1     Running            0          20m
ks-installer-59fb465b7-lzlwr             1/1     Running            0          25m
openldap-0                               1/1     Running            0          52m
redis-5d4844b947-9gcn8                   1/1     Running            0          64m
[root@ecs0-57 certs]# kubectl  logs -f redis-5d4844b947-9gcn8  -n kubesphere-system 
1:C 11 Jun 2020 06:17:47.854 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
1:C 11 Jun 2020 06:17:47.854 # Redis version=5.0.5, bits=64, commit=00000000, modified=0, pid=1, just started
1:C 11 Jun 2020 06:17:47.854 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
1:M 11 Jun 2020 06:17:47.856 * Running mode=standalone, port=6379.
1:M 11 Jun 2020 06:17:47.856 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
1:M 11 Jun 2020 06:17:47.856 # Server initialized
1:M 11 Jun 2020 06:17:47.856 * Ready to accept connections
1:M 11 Jun 2020 07:17:48.078 * 1 changes in 3600 seconds. Saving...
1:M 11 Jun 2020 07:17:48.079 * Background saving started by pid 13
13:C 11 Jun 2020 07:17:48.082 * DB saved on disk
13:C 11 Jun 2020 07:17:48.083 * RDB: 0 MB of memory used by copy-on-write
1:M 11 Jun 2020 07:17:48.179 * Background saving terminated with success