我有点困惑为什么我的rancher-agent不再能够连接到集群服务器.这是为我工作了很长一段时间,但它似乎已经打破了自己. DNS和网络混淆我.
我的设置:
- 操作系统:
Ubuntu 20.04.6 LTS - Docker:
Docker version 23.0.1 - 牧场主:
v2.6.5
我已经将集群配置为运行单个节点,作为specified here,然后我按照advanced setup instructions在同一节点上运行rancher/rancher和rancher/rancher-agent。
问题
一切都启动和运行。我可以从https://homelab.local访问我集群中的所有应用程序,一切都加载和运行。我的牧场主管理员UI在https://homelab.local:8443/dashboard/home上启动。问题是我根本无法管理集群。
我在Cluster Management下看到以下两个错误:Unsupported Docker version found [23.0.1] on host [192.168.0.75], supported versions are [1.13.x 17.03.x 17.06.x 17.09.x 18.06.x 18.09.x 19.03.x 20.10.x]
和[Disconnected] Cluster agent is not connected
所以看起来我无意中升级了Docker,这会破坏我的集群?
当我运行kubectl get pods时,我得到了一些cert错误:
kubectl get nodes
E0326 19:56:23.504726 70231 memcache.go:265] couldn't get current server API group list: Get "https://localhost:8443/api?timeout=32s": x509: certificate signed by unknown authority
E0326 19:56:23.506701 70231 memcache.go:265] couldn't get current server API group list: Get "https://localhost:8443/api?timeout=32s": x509: certificate signed by unknown authority
E0326 19:56:23.508357 70231 memcache.go:265] couldn't get current server API group list: Get "https://localhost:8443/api?timeout=32s": x509: certificate signed by unknown authority
E0326 19:56:23.510425 70231 memcache.go:265] couldn't get current server API group list: Get "https://localhost:8443/api?timeout=32s": x509: certificate signed by unknown authority
E0326 19:56:23.513743 70231 memcache.go:265] couldn't get current server API group list: Get "https://localhost:8443/api?timeout=32s": x509: certificate signed by unknown authority
Unable to connect to the server: x509: certificate signed by unknown authority如何使群集恢复到良好状态?
更新
我卸载了最新的Docker:sudo apt-get remove docker-ce docker-ce-cli docker-ce-rootless-extras docker-compose-plugin docker-scan-plugin docker-buildx-plugin并安装Rancher的支持版本如下:
x1米11米1x
这修复了不受支持的Docker版本的问题,但rancher-agent镜像仍然无法启动。当我查看容器的日志时,我看到了以下内容:
time="2023-03-27T03:20:59Z" level=fatal msg="Certificate chain is not complete, please check if all needed intermediate certificates are included in the server certificate (in the correct order) and if the cacerts setting in Rancher either contains the correct CA certificate (in the case of using self signed certificates) or is empty (in the case of using a certificate signed by a recognized CA). Certificate information is displayed above. error: Get \"https://192.168.0.75:8443\": x509: certificate signed by unknown authority"
1条答案
按热度按时间2q5ifsrm1#
如本官方文档所述
以下错误“无法连接到服务器:x509:certificate signed by unknown authority”表示证书可能不匹配。
当你跑的时候
无法连接到服务器:x509:证书由未知授权机构签名
要解决此错误,请尝试以下故障排除方法:
1)验证$HOME/.kube/config文件是否包含有效的证书,并在必要时重新生成证书。kubeconfig文件中的证书是base64编码的。可以使用base64 --decode命令对证书进行解码,可以使用openssl x509 -text -noout查看证书信息。
2)使用以下命令取消设置KUBECONFIG环境变量:
或者将其设置为默认的KUBECONFIG位置:
3)另一种解决方法是覆盖“admin”用户的现有kubeconfig:
请参阅官方doc以获取更多信息。