当前位置: 首页 > article >正文

openshift node NotReady kubelet http: TLS handshake error

在这里插入图片描述

文章目录

  • 问题现象
  • 解决方法

问题现象

openshift 集群 node 节点 notready

$ oc get node
NAME                        STATUS     ROLES                  AGE     VERSION
master1.ocp4.demo.com   Ready      control-plane,master   4d14h   v1.29.7+6abe8a1
master2.ocp4.demo.com   Ready      control-plane,master   4d15h   v1.29.7+6abe8a1
master3.ocp4.demo.com   Ready      control-plane,master   4d14h   v1.29.7+6abe8a1
worker1.ocp4.demo.com   Ready      worker                 4d14h   v1.29.7+6abe8a1
worker2.ocp4.demo.com   NotReady   worker                 4d14h   v1.29.7+6abe8a1
worker3.ocp4.demo.com   Ready      worker                 4d14h   v1.29.7+6abe8a1

登陆worker2.ocp4.demo.com 检查 kubelet 日志

$ ssh core@worker2.ocp4.demo.com 
$ journalctl -b -f -u kubelet.service

输出:

Aug 27 06:51:56 worker2.ocp4.demo.com kubenswrapper[1562807]: I0827 06:51:56.776626 1562807 kubelet_node_status.go:402] "Setting node annotation to enable volume controller attach/detach"
Aug 27 06:51:56 worker2.ocp4.demo.com kubenswrapper[1562807]: I0827 06:51:56.777600 1562807 kubelet_node_status.go:729] "Recording event message for node" node="worker2.ocp4.demo.com" event="NodeHasSufficientMemory"
Aug 27 06:51:56 worker2.ocp4.demo.com kubenswrapper[1562807]: I0827 06:51:56.777630 1562807 kubelet_node_status.go:729] "Recording event message for node" node="worker2.ocp4.demo.com" event="NodeHasNoDiskPressure"
Aug 27 06:51:56 worker2.ocp4.demo.com kubenswrapper[1562807]: I0827 06:51:56.777640 1562807 kubelet_node_status.go:729] "Recording event message for node" node="worker2.ocp4.demo.com" event="NodeHasSufficientPID"
Aug 27 06:51:57 worker2.ocp4.demo.com kubenswrapper[1562807]: I0827 06:51:57.172065 1562807 log.go:245] http: TLS handshake error from 10.129.2.16:35748: no serving certificate available for the kubelet
Aug 27 06:51:57 worker2.ocp4.demo.com kubenswrapper[1562807]: E0827 06:51:57.734731 1562807 transport.go:123] "No valid client certificate is found but the server is not responsive. A restart may be necessary to retrieve new initial credentials." lastCertificateAvailabilityTime="2024-08-27 05:50:01.73440836 +0000 UTC m=+0.036890907" shutdownThreshold="5m0s"
Aug 27 06:51:57 worker2.ocp4.demo.com kubenswrapper[1562807]: I0827 06:51:57.766598 1562807 csi_plugin.go:880] Failed to contact API server when waiting for CSINode publishing: csinodes.storage.k8s.io "worker2.ocp4.demo.com" is forbidden: User "system:anonymous" cannot get resource "csinodes" in API group "storage.k8s.io" at the cluster scope
Aug 27 06:51:58 worker2.ocp4.demo.com kubenswrapper[1562807]: E0827 06:51:58.735454 1562807 transport.go:123] "No valid client certificate is found but the server is not responsive. A restart may be necessary to retrieve new initial credentials." lastCertificateAvailabilityTime="2024-08-27 05:50:01.73440836 +0000 UTC m=+0.036890907" shutdownThreshold="5m0s


$ oc login -u ocpadmin -p ocpadmin
Login successful.

You have access to 74 projects, the list has been suppressed. You can list all projects with 'oc projects'

Using project "default".

$ for i in `oc get nodes -o jsonpath=$'{range .items[*]}{.metadata.name}\n{end}'`; do oc get --raw /api/v1/nodes/$i/proxy/healthz; echo -e "\t$i"; done
ok      master1.ocp4.demo.com
ok      master2.ocp4.demo.com
ok      master3.ocp4.demo.com
ok      worker1.ocp4.demo.com
Error from server (ServiceUnavailable): error trying to reach service: remote error: tls: internal error
        worker2.ocp4.demo.com
ok      worker3.ocp4.demo.com

解决方法

执行证书批准多次,直到所有pending 全部消失。

$ oc get csr | grep -i pending
$ oc get csr -o go-template='{{range .items}}{{if not .status}}{{.metadata.name}}{{"\n"}}{{end}}{{end}}' | xargs oc adm certificate approve

参考:

  • https://access.redhat.com/solutions/3951691

http://www.kler.cn/a/284604.html

相关文章:

  • [前端]NodeJS常见面试题目
  • 普通电脑上安装属于自己的Llama 3 大模型和对话客户端
  • Ubuntu安装MySQL8
  • 系统架构设计师论文
  • R语言机器学习与临床预测模型77--机器学习预测常用R语言包
  • Java项目实战II基于微信小程序的个人行政复议在线预约系统微信小程序(开发文档+数据库+源码)
  • SAP 有趣的‘bug‘ 选择屏幕输入框没了
  • 应用案例|亚克力板CNC加工自动化上下料
  • (四)进入MySQL 【事务】
  • 私有ip(介绍,地址范围),私网和公网的关系(访问外部网站的过程,NAT技术)
  • 三种评估金融风险的方法的具体Python实现:Stress Testing、Scenario Analysis和Sensitivity Analysis
  • 乐凡三防:工业界的硬核产品——重新定义三防平板的极限
  • Scrcpy手机投屏投屏到电脑上(windows/mac)
  • Python实现t-分布随机邻域嵌入(t-SNE)降维算法
  • 手机FM LNA方案设计
  • 【IEEE独立出版 | 往届快至会后2个月检索】2024年第四届电子信息工程与计算机科学国际会议(EIECS 2024,9月27-29)
  • vue-echarts :知识图谱可视化,动态更新 动态赋值series,更新options
  • GESP C++ 四级 编程题 洛谷习题集
  • 【JavaScript】JavaScript模块化开发:ES6模块与CommonJs的对比与应用
  • macos 10.15 Catalina 可用docker最新版本 Docker Desktop 4.15.0 (93002) 下载地址与安装方法
  • 5W爆了,建议紧盯这个方向!!
  • OWOD环境配置和训练细节
  • 「OC」初识MVC —— 简单学习UITableView的解耦
  • opencv之阈值处理
  • 网优学习干货:2.6G仿真操作(2)
  • 信息安全--(四)网络安全体系与安全模型(二)