安装成功后登陆报错：Internal error occurred: account is not active

Zzxiaozhou · 2020年9月4日

ks-controller-manager 日志记录，有明显报错:

I0904 12:43:16.655170       1 clusterrolebinding_controller.go:186] Successfully synced key:admin-cluster-admin
I0904 12:43:16.655188       1 event.go:281] Event(v1.ObjectReference{Kind:"ClusterRoleBinding", Namespace:"", Name:"admin-cluster-admin", UID:"310dcb37-7b28-4339-a55f-4058c7bb36cc", APIVersion:"rbac.authorization.k8s.io/v1", ResourceVersion:"37630", FieldPath:""}): type: 'Normal' reason: 'Synced' ClusterRoleBinding synced successfully
I0904 12:43:16.655205       1 event.go:281] Event(v1.ObjectReference{Kind:"WorkspaceTemplate", Namespace:"", Name:"system-workspace", UID:"bcf3fb64-610a-488f-87bd-c5fd206cc2a0", APIVersion:"tenant.kubesphere.io/v1alpha2", ResourceVersion:"35155", FieldPath:""}): type: 'Normal' reason: 'Synced' WorkspaceTemplate synced successfully
2020/09/04 12:43:16 http: TLS handshake error from 10.244.0.1:46782: remote error: tls: bad certificate
2020/09/04 12:43:16 http: TLS handshake error from 10.244.0.1:23646: remote error: tls: bad certificate
E0904 12:43:16.786943       1 user_controller.go:332] Internal error occurred: failed calling webhook "validating-user.kubesphere.io": Post "https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2-user?timeout=30s": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0
E0904 12:43:16.786990       1 user_controller.go:226] error syncing 'admin': Internal error occurred: failed calling webhook "validating-user.kubesphere.io": Post "https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2-user?timeout=30s": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0, requeuing
2020/09/04 12:43:16 http: TLS handshake error from 10.244.0.1:33747: remote error: tls: bad certificate
2020/09/04 12:43:16 http: TLS handshake error from 10.244.0.1:37933: remote error: tls: bad certificate
E0904 12:43:16.914911       1 user_controller.go:332] Internal error occurred: failed calling webhook "validating-user.kubesphere.io": Post "https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2-user?timeout=30s": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0
E0904 12:43:16.914952       1 user_controller.go:226] error syncing 'admin': Internal error occurred: failed calling webhook "validating-user.kubesphere.io": Post "https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2-user?timeout=30s": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0, requeuing
2020/09/04 12:43:17 http: TLS handshake error from 10.244.0.1:20875: remote error: tls: bad certificate
2020/09/04 12:43:17 http: TLS handshake error from 10.244.0.1:47016: remote error: tls: bad certificate
E0904 12:43:17.039459       1 user_controller.go:332] Internal error occurred: failed calling webhook "validating-user.kubesphere.io": Post "https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2-user?timeout=30s": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0
E0904 12:43:17.039501       1 user_controller.go:226] error syncing 'admin': Internal error occurred: failed calling webhook "validating-user.kubesphere.io": Post "https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2-user?timeout=30s": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0, requeuing
2020/09/04 12:43:17 http: TLS handshake error from 10.244.0.1:19576: remote error: tls: bad certificate
2020/09

2020/09/04 12:52:42 http: TLS handshake error from 10.244.0.1:1196: remote error: tls: bad certificate
2020/09/04 12:52:42 http: TLS handshake error from 10.244.0.1:20030: remote error: tls: bad certificate
E0904 12:52:42.884678       1 user_controller.go:332] Internal error occurred: failed calling webhook "validating-user.kubesphere.io": Post "https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2-user?timeout=30s": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0
E0904 12:52:42.884705       1 user_controller.go:226] error syncing 'admin': Internal error occurred: failed calling webhook "validating-user.kubesphere.io": Post "https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2-user?timeout=30s": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0, requeuing
2020/09/04 12:54:13 http: TLS handshake error from 10.244.0.1:60502: remote error: tls: bad certificate
2020/09/04 12:54:13 http: TLS handshake error from 10.244.0.1:6172: remote error: tls: bad certificate
E0904 12:54:13.595493       1 user_controller.go:332] Internal error occurred: failed calling webhook "validating-user.kubesphere.io": Post "https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2-user?timeout=30s": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0
E0904 12:54:13.595535       1 user_controller.go:226] error syncing 'admin': Internal error occurred: failed calling webhook "validating-user.kubesphere.io": Post "https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2-user?timeout=30s": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0, requeuing

不正常pod只有这几个

Jeff · 2020年9月4日

zxiaozhou 你的k8s版本是多少？

Zzxiaozhou · 2020年9月4日

Jeff v1.19.0，是不是太高了

Jeff · 2020年9月4日

zxiaozhou 不支持1.19的

Zzxiaozhou · 2020年9月4日

Jeff 那我重新安装你们支持最高的版本再试下，，走个全过程，正常了再在正式服务器安装

errorcode7 · 2020年9月8日

Jeff
TASK [ks-core/prepare : Kubesphere | Init account] ***************************** fatal: [localhost]: FAILED! => {"changed": true, "cmd": "/usr/local/bin/kubectl apply -f /kubesphere/kubesphere/ks-init/admin.yaml\n", "delta": "0:00:00.228769", "end": "2020-09-08 10:38:09.398313", "msg": "non-zero return code", "rc": 1, "start": "2020-09-08 10:38:09.169544", "stderr": "Error from server (InternalError): error when creating \"/kubesphere/kubesphere/ks-init/admin.yaml\": Internal error occurred: failed calling webhook \"validating-user.kubesphere.io\": Post https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2-user?timeout=30s: service \"ks-controller-manager\" not found", "stderr_lines": ["Error from server (InternalError): error when creating \"/kubesphere/kubesphere/ks-init/admin.yaml\": Internal error occurred: failed calling webhook \"validating-user.kubesphere.io\": Post https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2-user?timeout=30s: service \"ks-controller-manager\" not found"], "stdout": "", "stdout_lines": []}
`[root@master1 ks3]# helm version
version.BuildInfo{Version:“v3.3.0″, GitCommit:“8a4aeec08d67a7b84472007529e8097ec3742105”, GitTreeState:“dirty”, GoVersion:“go1.14.7”}

[root@master1 ks3]# kubectl version
Client Version: version.Info{Major:“1”, Minor:“18″, GitVersion:“v1.18.4″, GitCommit:“c96aede7b5205121079932896c4ad89bb93260af”, GitTreeState:“clean”, BuildDate:“2020-06-17T11:41:22Z”, GoVersion:“go1.13.9”, Compiler:“gc”, Platform:“linux/amd64”}
Server Version: version.Info{Major:“1”, Minor:“18”, GitVersion:“v1.18.0”, GitCommit:“9e991415386e4cf155a24b1da15becaa390438d8″, GitTreeState:“clean”, BuildDate:“2020-03-25T14:50:46Z”, GoVersion:“go1.13.8”, Compiler:“gc”, Platform:“linux/amd64″}
`
老哥我这个安葬过程中就中断了，我这版本也不高阿。

Llisy09 · 2020年9月27日

@zxiaozhou 遇到同样问题，已测试 k8s 1.19下通过https://github.com/kubesphere/ks-installer/pull/1090 安装后手动进行这个pr的修改即可。

kubectl -n kubesphere-system get ValidatingWebhookConfiguration users.iam.kubesphere.io -o yaml >> users.iam.kubesphere.io.yaml
kubectl -n kubesphere-system get secret ks-controller-manager-webhook-cert -o yaml >> ks-controller-manager-webhook-cert.yaml
// edit ca as pr
kubectl -n kubesphere-system apply -f ks-controller-manager-webhook-cert.yaml
kubectl -n kubesphere-system apply -f users.iam.kubesphere.io.yaml

dinfer · 2020年10月29日

lisy09 修改证书后需要重启哪个服务么？

hongming · 2020年10月29日

dinfer

kubectl -n kubesphere-system rollout restart deploy ks-controller-manager

Ssundoctor · 2020年12月24日

lisy09 edit ca as pr 是什么意思，怎么修改证书

flypiggy-stack · 2021年2月7日

Jeff 现在支持了吗？

RolandMa1986 · 2021年2月7日

flypiggy-stack 3.1 版会支持。3.0 版本可以部署后，手动修复。参考：https://kubesphere.com.cn/forum/d/2217-account-is-not-active

安装成功后登陆报错：Internal error occurred: account is not active

Zzxiaozhou

JeffK零SK壹S

Zzxiaozhou

JeffK零SK壹S

Zzxiaozhou

errorcode7

Llisy09

dinfer

hongmingK零SK壹S

Ssundoctor

flypiggy-stack

RolandMa1986K零S