kubesphere:2.1.1 (在线安装)
操作系统 :centos 7.5 ×64
集群:1 master,6 node
事情经过:
1、2020年11月28日上午 kubesphere 无法提供服务,经过排查后发现是k8s证书过期了。
2、根据kubesphere论坛操作:https://kubesphere.com.cn/forum/d/2208-kubesphere-2-0-kubernetes-1-13-5-kubernetes
3、此时master的状态是ready,kubelet已经可以正常使用,但是所有node状态都是NotReady
4、登录其中一台node运行 journalctl -u kubelet -f 命令查看日志:(详细日志见附件 node-error.log)
Nov 29 03:56:37 node9 kubelet[19251]: W1129 03:56:37.817846 19251 bootstrap.go:158] Error waiting for apiserver to come up: timed out waiting to connect to apiserver
Nov 29 03:56:37 node9 kubelet[19251]: F1129 03:56:37.825227 19251 server.go:273] failed to run Kubelet: cannot create certificate signing request: Post https://172.17.0.7:6443/apis/certificates.k8s.io/v1beta1/certificatesigningrequests: x509: certificate signed by unknown authority (possibly because of “crypto/rsa: verification error” while trying to verify candidate authority certificate “kubernetes”)
5、从日志上看是 apiserver 的证书没有更新导致,请问怎么解决?
