centos7.6 docker version 20.10.7 host集群

Waiting for all tasks to be completed …

task alerting status is successful (⅒)

task network status is successful (2/10)

task openpitrix status is successful (3/10)

task auditing status is successful (4/10)

task logging status is successful (5/10)

task kubeedge status is successful (6/10)

task events status is successful (7/10)

task devops status is successful (8/10)

task monitoring status is successful (9/10)

task multicluster status is failed (10/10)

**************************************************

Collecting installation results …

Task ‘multicluster’ failed:

******************************************************************************************************************************************************

{

“counter”: 65,

“created”: “2022-02-06T04:06:25.908961”,

“end_line”: 67,

“event”: “runner_on_failed”,

“event_data”: {

"duration": 753.149276,

"end": "2022-02-06T04:06:25.907925",

"event_loop": null,

"host": "localhost",

"ignore_errors": null,

"play": "localhost",

"play_pattern": "localhost",

"play_uuid": "aacea4ce-7a7e-ee0f-b9ff-000000000005",

"playbook": "/kubesphere/playbooks/multicluster.yaml",

"playbook_uuid": "0e3766c3-7320-4712-805d-3a94464bb48a",

"remote_addr": "127.0.0.1",

"res": {

  "_ansible_no_log": false,

  "attempts": 10,

  "changed": true,

  "cmd": "/usr/local/bin/helm upgrade --install kubefed /kubesphere/kubesphere/kubefed/kubefed -f /kubesphere/kubesphere/kubefed/custom-values-kubefed.yaml --namespace kube-federation-system --wait --timeout 1800s\\n",

  "delta": "0:00:05.566455",

  "end": "2022-02-06 12:06:25.842822",

  "invocation": {

    "module_args": {

      "_raw_params": "/usr/local/bin/helm upgrade --install kubefed /kubesphere/kubesphere/kubefed/kubefed -f /kubesphere/kubesphere/kubefed/custom-values-kubefed.yaml --namespace kube-federation-system --wait --timeout 1800s\\n",

      "_uses_shell": true,

      "argv": null,

      "chdir": null,

      "creates": null,

      "executable": null,

      "removes": null,

      "stdin": null,

      "stdin_add_newline": true,

      "strip_empty_ends": true,

      "warn": true

    }

  },

  "msg": "non-zero return code",

  "rc": 1,

  "start": "2022-02-06 12:06:20.276367",

  "stderr": "Error: UPGRADE FAILED: failed to create resource: Internal error occurred: failed calling webhook \\"federatedtypeconfigs.core.kubefed.io\\": Post \\"https://kubefed-admission-webhook.kube-federation-system.svc:443/validate-federatedtypeconfigs?timeout=30s\\": x509: certificate signed by unknown authority (possibly because of \\"crypto/rsa: verification error\\" while trying to verify candidate authority certificate \\"kubefed-admission-webhook-ca\\")",

  "stderr_lines": [

    "Error: UPGRADE FAILED: failed to create resource: Internal error occurred: failed calling webhook \\"federatedtypeconfigs.core.kubefed.io\\": Post \\"https://kubefed-admission-webhook.kube-federation-system.svc:443/validate-federatedtypeconfigs?timeout=30s\\": x509: certificate signed by unknown authority (possibly because of \\"crypto/rsa: verification error\\" while trying to verify candidate authority certificate \\"kubefed-admission-webhook-ca\\")"

  ],

  "stdout": "",

  "stdout_lines": []

},

"role": "ks-multicluster",

"start": "2022-02-06T03:53:52.758649",

"task": "Kubefed | Initing kube-federation-system",

"task_action": "command",

"task_args": "",

"task_path": "/kubesphere/installer/roles/ks-multicluster/tasks/main.yml:51",

"task_uuid": "aacea4ce-7a7e-ee0f-b9ff-00000000001f",

"uuid": "3d395d9a-401f-4e36-a1ef-55985483a1ed"

},

“parent_uuid”: “aacea4ce-7a7e-ee0f-b9ff-00000000001f”,

“pid”: 7083,

“runner_ident”: “multicluster”,

“start_line”: 66,

“stdout”: "fatal: [localhost]: FAILED! => {\“attempts\”: 10, \“changed\”: true, \“cmd\”: \“/usr/local/bin/helm upgrade –install kubefed /kubesphere/kubesphere/kubefed/kubefed -f /kubesphere/kubesphere/kubefed/custom-values-kubefed.yaml –namespace kube-federation-system –wait –timeout 1800s\\n\”, \“delta\”: \“0:00:05.566455\”, \“end\”: \“2022-02-06 12:06:25.842822\”, \“msg\”: \“non-zero return code\”, \“rc\”: 1, \“start\”: \“2022-02-06 12:06:20.276367\”, \“stderr\”: \"Error: UPGRADE FAILED: failed to create resource: Internal error occurred: failed calling webhook \\\“federatedtypeconfigs.core.kubefed.io\\\”: Post \\\“https://kubefed-admission-webhook.kube-federation-system.svc:443/validate-federatedtypeconfigs?timeout=30s\\\”: x509: certificate signed by unknown authority (possibly because of \\\“crypto/rsa: verification error\\\” while trying to verify candidate authority certificate \\\“kubefed-admission-webhook-ca\\\”)\", \“stderr_lines\”: [\"Error: UPGRADE FAILED: failed to create resource: Internal error occurred: failed calling webhook \\\“federatedtypeconfigs.core.kubefed.io\\\”: Post \\\“https://kubefed-admission-webhook.kube-federation-system.svc:443/validate-federatedtypeconfigs?timeout=30s\\\”: x509: certificate signed by unknown authority (possibly because of \\\“crypto/rsa: verification error\\\” while trying to verify candidate authority certificate \\\“kubefed-admission-webhook-ca\\\”)\"], \“stdout\”: \“\”, \“stdout_lines\”: []}",

“uuid”: “3d395d9a-401f-4e36-a1ef-55985483a1ed”

}

3 个月 后

修改向apiserver注册的根证书和webhook里secret使用的保持一致

  • validatingwebhookconfiguration/validations.core.kubefed.io里的caBundle

  • mutatingwebhookconfiguration/mutation.core.kubfefed.io里的caBundle

  • secrets/kubefed-admission-webhook-serving-cert中的tls.crt

这个现象不知道怎么导致的,把tls.crt复制覆盖掉这两处caBundle即可

6 个月 后

把这个 validations.core.kubefed.io ValidatingWebhookConfiguration 删了就好了