Rancher导入外部k8s集群(v1.28)报错

rancher版本:v2.5.15
外部k8s版本:v1.28

在外部k8s集群上执行导入命令:
curl --insecure -sfL https://192.168.0.11:8443/v3/import/q4tjmmvln9qlq29frwdn7pwk6pts4nl4d2hjhk45ltnc97dkwsk8vj_c-r6srw.yaml | kubectl apply -f -
首先发现镜像拉取失败,然后用kubectl edit 命令编辑deployment,将镜像从别的服务器下载下来推送到阿里云(registry.cn-chengdu.aliyuncs.com/wangyunan_images_public/rancher-agent:v2.5.15),然后删除pod重建后,pod状态变成CrashLoopBackOff,查看日志:
root@k8s-master01:/etc/containerd# kubectl logs -f cattle-cluster-agent-57c488d9fd-n6984 -n cattle-system
INFO: Environment: CATTLE_ADDRESS=10.244.85.207 CATTLE_CA_CHECKSUM=8bc715585ce97271eb553e8f3266f98366910c798754b5cb3f82274fcdd702fa CATTLE_CLUSTER=true CATTLE_CLUSTER_REGISTRY= CATTLE_FEATURES= CATTLE_INGRESS_IP_DOMAIN=sslip.io CATTLE_INSTALL_UUID=a6ea9cd1-d1d2-4bfa-9683-4bb45a36bb8f CATTLE_INTERNAL_ADDRESS= CATTLE_IS_RKE=false CATTLE_K8S_MANAGED=true CATTLE_NODE_NAME=cattle-cluster-agent-57c488d9fd-n6984 CATTLE_SERVER=https://192.168.0.11:8443 CATTLE_SERVER_VERSION=v2.5.15
INFO: Using resolv.conf: search cattle-system.svc.cluster.local svc.cluster.local cluster.local nameserver 10.96.0.10 options ndots:5
INFO: https://192.168.0.11:8443/ping is accessible
INFO: Value from https://192.168.0.11:8443/v3/settings/cacerts is an x509 certificate
time=“2024-07-13T16:39:43Z” level=info msg=“Listening on /tmp/log.sock”
time=“2024-07-13T16:39:43Z” level=info msg=“Rancher agent version f10640542-dirty is starting”
time=“2024-07-13T16:39:43Z” level=fatal msg=“looking up cattle-system/cattle ca/token: no secret exists for service account cattle-system/cattle”


root@k8s-master01:/etc/containerd#
看报错日志像是sa不存在,于是查看sa:
root@k8s-master01:/etc/containerd# kubectl get sa -n cattle-system
NAME SECRETS AGE
cattle 0 5m19s
default 0 5m19s
是有的,然后查看secret:
kubectl get secrets -n cattle-system
NAME TYPE DATA AGE
cattle-credentials-e881318 Opaque 3 5m49s
都有,请问是什么原因呢,期初我以为是集群问题,然后我用另外的k8s可视化工具尝试导入,能导入成功,截图如下:


有大佬帮忙分析下什么原因吗?谢谢!

level=fatal msg=“looking up cattle-system/cattle ca/token: no secret exists for service account cattle-system/cattle”已解决,secret没有跟service account关联上,现在pod状态处于Running,但没有就绪,继续查看日志,日志报错如下:
time=“2024-07-13T17:07:08Z” level=info msg=“Connecting to wss://192.168.0.11:8443/v3/connect/register with token q4tjmmvln9qlq29frwdn7pwk6pts4nl4d2hjhk45ltnc97dkwsk8vj”
time=“2024-07-13T17:07:08Z” level=info msg=“Connecting to proxy” url=“wss://192.168.0.11:8443/v3/connect/register”
time=“2024-07-13T17:07:08Z” level=error msg=“Failed to connect to proxy. Response status: 400 - 400 Bad Request. Response body: invalid input, caCert empty” error=“websocket: bad handshake”
time=“2024-07-13T17:07:08Z” level=error msg=“Remotedialer proxy error” error=“websocket: bad handshake”

rancher 2.5.15 不支持 v1.28 的 K8s,你可以参考 支持矩阵:https://www.suse.com/en-us/suse-rancher/support-matrix/all-supported-versions/

1 个赞