通过一键方式安装的kubesphere,kubesphere版本是2.1,k8s版本是1.16.7
问题如下:
5.14号由于1年的证书时间到期,通过kubeadm alpha certs renew all更新的证书,目前证书情况如下:
[root@master ~]# openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ‘ Not ’
Not Before: May 13 13:02:45 2020 GMT
Not After : May 14 03:04:46 2022 GMT
更新证书后,业务正常,但是在master或者node上无法查看容器日志或者登陆容器,详细日志如下:
[root@node1 ~]# kubectl logs -f redis-6fd6c6d6f9-v6w8f -n kubesphere-system
error: You must be logged in to the server (the server has asked for the client to provide credentials ( pods/log redis-6fd6c6d6f9-v6w8f))
[root@node1 ~]# kubectl exec -it redis-6fd6c6d6f9-v6w8f -n kubesphere-system – /bin/bash
error: unable to upgrade connection: Unauthorized
但是可以通过查看node情况
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 371d v1.16.7
node1 Ready worker 371d v1.16.7
node2 Ready worker 371d v1.16.7