操作系统信息
例如:虚拟机,Ubuntu20.04,8C/16G
Kubernetes版本信息
v19.9
容器运行时
Client: Docker Engine - Community
Version: 20.10.0
API version: 1.41
Go version: go1.13.15
Git commit: 7287ab3
Built: Tue Dec 8 18:59:40 2020
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.0
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: eeddea2
Built: Tue Dec 8 18:57:45 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.9
GitCommit: 1c90a442489720eec95342e1789ee8a5e1b9536f
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
KubeSphere版本信息
v3.2.1,使用kk进行离线安装。
问题是什么
单节点集群,迁移机器后,IP变更了,尝试使用了kubeadm 重新生成了证书,但是apiserver报连接etcd失败,报错信息如下。
ection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 127.0.0.1, 172.16.104.231, 172.16.104.232, not 172.16.104.158". Reconnecting...
W0421 06:38:35.345519 1 clientconn.go:1223] grpc: addrConn.createTransport failed to connect to {https://172.16.104.158:2379 <nil> 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 127.0.0.1, 172.16.104.231, 172.16.104.232, not 172.16.104.158". Reconnecting...
W0421 06:38:35.778006 1 clientconn.go:1223] grpc: addrConn.createTransport failed to connect to {https://172.16.104.158:2379 <nil> 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 127.0.0.1, 172.16.104.231, 172.16.104.232, not 172.16.104.158". Reconnecting...
W0421 06:38:36.753543 1 clientconn.go:1223] grpc: addrConn.createTransport failed to connect to {https://172.16.104.158:2379 <nil> 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for 127.0.0.1, 172.16.104.231, 172.16.104.232, not 172.16.104.158". Reconnecting...
^C
看日志信息,好像是证书的IP范围不包括迁移后的新IP。
后,看到etcd使用的外置方式,etcd使用的证书文件在/etc/ssl/etcd 目录。该目录的证书似乎不会被kubeadm生成证书的命令覆盖。
是需要单独生成etcd的证书吗?
