从节点上的日志中的错误消息显示,这来自kube-proxy.log:
观看失败*v1beta1.EndpointSlice:服务器请求客户端提供凭据。
集群是通过自动KOPS实用程序生成的。这两个群集在AWS上的EC2示例上已经正常运行了18个月。有谁对这可能是什么有什么建议吗?
以下是日志中的相关片段:
I0913 02:36:28.918119 1 proxier.go:826] syncProxyRules took 120.360802ms
I0913 02:36:29.918644 1 proxier.go:871] Syncing iptables rules
I0913 02:36:29.989692 1 proxier.go:826] syncProxyRules took 71.416518ms
E0913 02:37:24.345615 1 reflector.go:138] k8s.io/client-go/informers/factory.go:134: Failed to watch *v1beta1.EndpointSlice: the server has asked for the client to provide credentials (get endpointslices.discovery.k8s.io)
E0913 02:37:25.260072 1 reflector.go:138] k8s.io/client-go/informers/factory.go:134: Failed to watch *v1beta1.EndpointSlice: failed to list *v1beta1.EndpointSlice: Unauthorized
E0913 02:37:27.280699 1 reflector.go:138] k8s.io/client-go/informers/factory.go:134: Failed to watch *v1beta1.EndpointSlice: failed to list *v1beta1.EndpointSlice: Unauthorized
E0913 02:37:30.846798 1 reflector.go:138] k8s.io/client-go/informers/factory.go:134: Failed to watch *v1beta1.EndpointSlice: failed to list *v1beta1.EndpointSlice: Unauthorized
E0913 02:37:39.239017 1 reflector.go:138] k8s.io/client-go/informers/factory.go:134: Failed to watch *v1beta1.EndpointSlice: failed to list *v1beta1.EndpointSlice: Unauthorized
E0913 02:37:57.653121 1 reflector.go:138] k8s.io/client-go/informers/factory.go:134: Failed to watch *v1beta1.EndpointSlice: failed to list *v1beta1.EndpointSlice: Unauthorized
E0913 02:38:04.190383 1 reflector.go:138] k8s.io/client-go/informers/factory.go:134: Failed to watch *v1.Service: the server has asked for the client to provide credentials (get services)
E
1条答案
按热度按时间vm0i2vca1#
节点证书的有效期为~18个月+/-随机偏差。之后,K8的大部分核心组件都将失效。从外观上看,您的节点比这更老。解决方案是旋转节点。
这应该很少发生,因为Kop和K8都只支持3个版本的追溯,这意味着您的集群应该已经大约一年至少更新一次。