多集群启动失败

shunxiang

创建部署问题时，请参考下面模板，你提供的信息越多，越容易及时获得解答。
你只花一分钟创建的问题，不能指望别人花上半个小时给你解答。
发帖前请点击发表主题右边的预览(👀) 按钮，确保帖子格式正确。

操作系统信息
虚拟机(阿里云ECS)，Centos7.9，4C/8G

Kubernetes版本信息
阿里云ack集群 v1.20 多节点。

容器运行时
使用 docker，19.03.15

KubeSphere版本信息
例如：v3.3.1。已有K8s安装最小化

问题是什么: 最小化安装后可正常启动。启用多集群管理功能时报错

ks-install 日志信息:

Start installing monitoring

Start installing multicluster

Start installing openpitrix

Start installing network

**************************************************

Waiting for all tasks to be completed ...

task openpitrix status is successful  (1/4)

task network status is successful  (2/4)

task monitoring status is successful  (3/4)

task multicluster status is failed  (4/4)

**************************************************

Collecting installation results ...

Task 'multicluster' failed:

******************************************************************************************************************************************************

{

"counter": 65,

"created": "2023-01-12T08:03:07.959399",

"end_line": 67,

"event": "runner_on_failed",

"event_data": {

"duration": 660.901876,

"end": "2023-01-12T08:03:07.959264",

"event_loop": null,

"host": "localhost",

"ignore_errors": null,

"play": "localhost",

"play_pattern": "localhost",

"play_uuid": "e2ff8aef-b552-4f63-19a3-000000000005",

"playbook": "/kubesphere/playbooks/multicluster.yaml",

"playbook_uuid": "7b45e9c2-d824-47e6-8986-0472ed53a97a",

"remote_addr": "127.0.0.1",

"res": {

  "_ansible_no_log": false,

  "attempts": 10,

  "changed": true,

  "cmd": "/usr/local/bin/helm upgrade --install kubefed /kubesphere/kubesphere/kubefed/kubefed -f /kubesphere/kubesphere/kubefed/custom-values-kubefed.yaml --namespace kube-federation-system --wait --timeout 1800s\\n",

  "delta": "0:00:05.073906",

  "end": "2023-01-12 16:03:07.932329",

  "invocation": {

    "module_args": {

      "_raw_params": "/usr/local/bin/helm upgrade --install kubefed /kubesphere/kubesphere/kubefed/kubefed -f /kubesphere/kubesphere/kubefed/custom-values-kubefed.yaml --namespace kube-federation-system --wait --timeout 1800s\\n",

      "_uses_shell": true,

      "argv": null,

      "chdir": null,

      "creates": null,

      "executable": null,

      "removes": null,

      "stdin": null,

      "stdin_add_newline": true,

      "strip_empty_ends": true,

      "warn": true

    }

  },

  "msg": "non-zero return code",

  "rc": 1,

  "start": "2023-01-12 16:03:02.858423",

  "stderr": "Error: UPGRADE FAILED: failed to create resource: Internal error occurred: failed calling webhook \\"kubefedconfigs.core.kubefed.io\\": Post \\"https://kubefed-admission-webhook.kube-federation-system.svc:443/default-kubefedconfig?timeout=10s\\": x509: certificate signed by unknown authority (possibly because of \\"crypto/rsa: verification error\\" while trying to verify candidate authority certificate \\"kubefed-admission-webhook-ca\\")",

  "stderr_lines": [

    "Error: UPGRADE FAILED: failed to create resource: Internal error occurred: failed calling webhook \\"kubefedconfigs.core.kubefed.io\\": Post \\"https://kubefed-admission-webhook.kube-federation-system.svc:443/default-kubefedconfig?timeout=10s\\": x509: certificate signed by unknown authority (possibly because of \\"crypto/rsa: verification error\\" while trying to verify candidate authority certificate \\"kubefed-admission-webhook-ca\\")"

  ],

  "stdout": "",

  "stdout_lines": []

},

"resolved_action": "command",

"role": "ks-multicluster",

"start": "2023-01-12T07:52:07.057388",

"task": "Kubefed | Initing kube-federation-system",

"task_action": "command",

"task_args": "",

"task_path": "/kubesphere/installer/roles/ks-multicluster/tasks/main.yml:51",

"task_uuid": "e2ff8aef-b552-4f63-19a3-00000000001f",

"uuid": "68e3c257-82e8-4b0d-aee4-2aaf59ab5a8b"

},

"parent_uuid": "e2ff8aef-b552-4f63-19a3-00000000001f",

"pid": 9393,

"runner_ident": "multicluster",

"start_line": 66,

"stdout": "fatal: [localhost]: FAILED! => {\"attempts\": 10, \"changed\": true, \"cmd\": \"/usr/local/bin/helm upgrade --install kubefed /kubesphere/kubesphere/kubefed/kubefed -f /kubesphere/kubesphere/kubefed/custom-values-kubefed.yaml --namespace kube-federation-system --wait --timeout 1800s\\n\", \"delta\": \"0:00:05.073906\", \"end\": \"2023-01-12 16:03:07.932329\", \"msg\": \"non-zero return code\", \"rc\": 1, \"start\": \"2023-01-12 16:03:02.858423\", \"stderr\": \"Error: UPGRADE FAILED: failed to create resource: Internal error occurred: failed calling webhook \\\"kubefedconfigs.core.kubefed.io\\\": Post \\\"https://kubefed-admission-webhook.kube-federation-system.svc:443/default-kubefedconfig?timeout=10s\\\": x509: certificate signed by unknown authority (possibly because of \\\"crypto/rsa: verification error\\\" while trying to verify candidate authority certificate \\\"kubefed-admission-webhook-ca\\\")\", \"stderr_lines\": [\"Error: UPGRADE FAILED: failed to create resource: Internal error occurred: failed calling webhook \\\"kubefedconfigs.core.kubefed.io\\\": Post \\\"https://kubefed-admission-webhook.kube-federation-system.svc:443/default-kubefedconfig?timeout=10s\\\": x509: certificate signed by unknown authority (possibly because of \\\"crypto/rsa: verification error\\\" while trying to verify candidate authority certificate \\\"kubefed-admission-webhook-ca\\\")\"], \"stdout\": \"\", \"stdout_lines\": []}",

"uuid": "68e3c257-82e8-4b0d-aee4-2aaf59ab5a8b"

}

******************************************************************************************************************************************************

kubefed-controller-manager服务没起来，报错信息:

/usr/local/go/src/crypto/tls/conn.go:776 +0x63

bytes.(*Buffer).ReadFrom(0xc0004a5af8, 0x2097b80, 0xc0003080d8, 0x40b8a5, 0x1bf21c0, 0x1dc5380)

/usr/local/go/src/bytes/buffer.go:204 +0xbe

crypto/tls.(*Conn).readFromUntil(0xc0004a5880, 0x2099ec0, 0xc0000a8328, 0x5, 0xc0000a8328, 0x38a)

/usr/local/go/src/crypto/tls/conn.go:798 +0xf3

crypto/tls.(*Conn).readRecordOrCCS(0xc0004a5880, 0x0, 0x0, 0x2)

/usr/local/go/src/crypto/tls/conn.go:605 +0x115

crypto/tls.(*Conn).readRecord(...)

/usr/local/go/src/crypto/tls/conn.go:573

crypto/tls.(*Conn).Read(0xc0004a5880, 0xc0000f7000, 0x1000, 0x1000, 0x0, 0x0, 0x0)

/usr/local/go/src/crypto/tls/conn.go:1276 +0x165

bufio.(*Reader).Read(0xc000421e60, 0xc0000e6498, 0x9, 0x9, 0xa6b74b, 0xc0007afc78, 0x406fa5)

/usr/local/go/src/bufio/bufio.go:227 +0x222

io.ReadAtLeast(0x20979c0, 0xc000421e60, 0xc0000e6498, 0x9, 0x9, 0x9, 0xc00064dc40, 0xa790b585f15b00, 0xc00064dc40)

/usr/local/go/src/io/io.go:328 +0x87

io.ReadFull(...)

/usr/local/go/src/io/io.go:347

golang.org/x/net/http2.readFrameHeader(0xc0000e6498, 0x9, 0x9, 0x20979c0, 0xc000421e60, 0x0, 0x0, 0x0, 0x0)

/go/pkg/mod/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781/http2/frame.go:237 +0x89

golang.org/x/net/http2.(*Framer).ReadFrame(0xc0000e6460, 0xc0001ce360, 0x0, 0x0, 0x0)

/go/pkg/mod/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781/http2/frame.go:492 +0xa5

golang.org/x/net/http2.(*clientConnReadLoop).run(0xc0007affa8, 0x0, 0x0)

/go/pkg/mod/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781/http2/transport.go:1819 +0xd8

golang.org/x/net/http2.(*ClientConn).readLoop(0xc0005c4180)

/go/pkg/mod/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781/http2/transport.go:1741 +0x6fby golang.org/x/net/http2.(*Transport).newClientConn

/go/pkg/mod/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781/http2/transport.go:705 +0x6c5

animelfc

您好，请问您的问题解决了吗