K3s server Unable to authenticate the request

xiayun · 2024 年3 月 18 日 09:19

环境信息:
K3s 版本:

k3s version v1.23.7+k3s1 (ec61c667)
go version go1.17.5
节点 CPU 架构、操作系统和版本：:

Linux ht-datasimba-master-01 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
集群配置:

3 servers, 3 agents
问题描述:

k3s server报错，且coredns无法正常解析

复现步骤:

安装 K3s 的命令:

预期结果:

实际结果:

附加上下文/日志:

日志

k3s[1227]: E0318 16:50:27.475100    1227 authentication.go:63] "Unable to authenticate the request" err="[x509: certificate has expired or is not yet valid: current time 2024-03-18T16:50:27+08:00 is after 2024-02-15T12:05:56Z, verifying certificate SN=680221949267836089, SKID=, AKID=4F:36:D6:C0:B2:FA:95:4A:E3:6C:D3:63:B6:90:61:C1:6B:0C:BD:8F failed: x509: certificate has expired or is not yet valid: current time 2024-03-18T16:50:27+08:00 is after 2024-02-15T12:05:56Z]"
Mar 18 16:50:30 ht-datasimba-master-01 k3s[1227]: time="2024-03-18T16:50:30+08:00" level=info msg="Stopped tunnel to 10.6.24.92:6443"
Mar 18 16:50:31 ht-datasimba-master-01 k3s[1227]: I0318 16:50:31.818142    1227 leaderelection.go:258] successfully acquired lease kube-system/cloud-controller-manager
Mar 18 16:50:31 ht-datasimba-master-01 k3s[1227]: I0318 16:50:31.818292    1227 event.go:294] "Event occurred" object="kube-system/cloud-controller-manager" kind="Lease" apiVersion="coordination.k8s.io/v1" type="Normal" reason="LeaderElection" message="ht-datasimba-master-01_7f04fcea-93b4-4db4-8069-e529f9368d72 became leader"
Mar 18 16:50:32 ht-datasimba-master-01 k3s[1227]: I0318 16:50:32.272777    1227 node_controller.go:116] Sending events to api server.
Mar 18 16:50:32 ht-datasimba-master-01 k3s[1227]: I0318 16:50:32.272902    1227 controllermanager.go:298] Started "cloud-node"
Mar 18 16:50:32 ht-datasimba-master-01 k3s[1227]: I0318 16:50:32.272994    1227 node_controller.go:155] Waiting for informer caches to sync
Mar 18 16:50:32 ht-datasimba-master-01 k3s[1227]: I0318 16:50:32.273074    1227 node_lifecycle_controller.go:77] Sending events to api server
Mar 18 16:50:32 ht-datasimba-master-01 k3s[1227]: I0318 16:50:32.273094    1227 controllermanager.go:298] Started "cloud-node-lifecycle"
Mar 18 16:50:39 ht-datasimba-master-01 k3s[1227]: E0318 16:50:39.230900    1227 authentication.go:63] "Unable to authenticate the request" err="[x509: certificate has expired or is not yet valid: current time 2024-03-18T16:50:39+08:00 is after 2024-02-15T12:05:56Z, verifying certificate SN=8622530701620344978, SKID=, AKID=4F:36:D6:C0:B2:FA:95:4A:E3:6C:D3:63:B6:90:61:C1:6B:0C:BD:8F failed: x509: certificate has expired or is not yet valid: current time 2024-03-18T16:50:39+08:00 is after 2024-02-15T12:05:56Z]"

xiayun · 2024 年3 月 18 日 09:27

去看了一下k3s tls的证书过期时间也没有是2024-02-15过期的

ksd · 2024 年3 月 19 日 01:16

在每个 k3s server 节点分别执行下面的命令，看看是否恢复正常：


rm -rf /var/lib/rancher/k3s/server/tls/dynamic-cert.json
kubectl --insecure-skip-tls-verify delete secret k3s-serving -n kube-system

service k3s restart