FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
error execution phase preflight: unable to fetch the kubeadm-config ConfigMap: failed to get component configs: could not download the kubelet configuration from ConfigMap "kubelet-config": configmaps "kubelet-config" is forbidden: User "system:bootstrap:y89j06" cannot get resource "configmaps" in API group "" in the namespace "kube-system
出现原因:
kubeadm和kubelet版本与集群不一致。
解决方法:
卸载cri-tools和kubelet,并重新安装kubeadm和kubelet正确的版本,版本应依据master的版本来安装,不应高于master的版本。(如果kubelet版本高于kubeadm,则加入节点成功之后会一直处于NotReady状态)
————————————————
检查集群的版本:
[root@master01 kube-controller-manager]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.3", GitCommit:"ca643a4d1f7bfe34773c74f79527be4afd95bf39", GitTreeState:"clean", BuildDate:"2021-07-15T21:03:28Z", GoVersion:"go1.16.6", Compiler:"gc", Platform:"linux/amd64"}
node1:
[root@node1 ~]# yum list installed|grep kubeadm
kubeadm.x86_64 1.25.2-0 @kubernetes
删除1.25这个版本的kubeadm
yum remove kubeadm
yum remove kubelet
再安装与集群同样的版本:
[root@node1 ~]# systemctl enable kubelet && systemctl start kubelet
检查kubelet状态:
[root@node1 ~]# systemctl status kubelet
[root@node1 ~]#
最后再加入集群:
[root@node1 ~]# yum install kubeadm-1.21.3
确认已经安装:
[root@node2 ~]# yum list installed|grep kubeadm
kubeadm.x86_64 1.21.3-0 @kubernetes
但加入集群又报错:[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connect: connection refused.
[root@node1 etc]# tail -f /var/log/messages
failed to parse kubelet flag: unknown flag: --network-plugin
kube出现unknown flag: --network-plugin
这个问题是kubelet的版本与master节点不一致。
master节点和node节点修改统一:
修改:vi /etc/docker/daemon.json ,添加以下内容:
{
"exec-opts": ["native.cgroupdriver=systemd"]
}
再重启Docker
[root@node1 etc]# systemctl stop docker.service
Warning: Stopping docker.service, but it can still be activated by:
docker.socket
[root@node1 etc]# systemctl start docker.service
再来重新添加集群:
kubeadm join 192.168.10.11:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:171372e7f2cc19d81a2a390345dbf52e8508b868c9fbd4cae1e645f5bb9198e7
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)