无法向rancher添加节点

zhongpp · 2025 年3 月 13 日 08:07

Rancher Server 设置

Rancher 版本：Rancher 2.10.3
安装选项 (Docker install/Helm Chart): Helm Chart
- 如果是 Helm Chart 安装，需要提供 Local 集群的类型（RKE1, RKE2, k3s, EKS, 等）和版本：RKE1
在线或离线部署：在线

下游集群信息

Kubernetes 版本: v1.30.9 + rke2r1
Cluster Type (Local/Downstream): Downstream
- 如果 Downstream，是什么类型的集群?(自定义/导入或为托管等): 自定义

用户信息

登录用户的角色是什么？（管理员/集群所有者/集群成员/项目所有者/项目成员/自定义）：管理员
- 如果自定义，自定义权限集：

**主机操作系统：Rocky Linux release 8.10

**问题描述：在rancher集群中创建好新的集群后，向集群中添加节点的时候无法添加 rancher-system-agent 一直出现 ca证书错误

**重现步骤：
在节点中执行如下命令
curl --insecure -fL https://rancher.xxxx.com/system-agent-install.sh | sudo sh -s - --server https://rancher.xxxx.com --label ‘cattle.io/os=linux’ --token gh7dfsb2x289h4rrhrs9nsfh4wx6d8qqpqmbgsknhhxdk8l94fjs82 --ca-checksum 145f45746b44cb5e5a7b6cee4e0a398551cf475c5fbc09d5debeecc2a95ce6b4 --etcd --controlplane --worker

能够正常执行
**结果：

systemctl status rancher-system-agent 显示正在执行

状态信息中一直显示错误 error loading CA cert for probe (kube-scheduler)

预期结果：

截图：

其他上下文信息：

日志

bolan222 rancher-system-agent[49491]: time="2025-03-13T15:48:46+08:00" level=error msg="error while appending ca cert to pool for probe kube-controller-manager"
Mar 13 15:48:46 bolan222 rancher-system-agent[49491]: time="2025-03-13T15:48:46+08:00" level=error msg="error loading CA cert for probe (kube-scheduler) /var/lib/rancher/rke2/server/tls/kube-scheduler/kube-scheduler.crt: ope>
Mar 13 15:48:46 bolan222 rancher-system-agent[49491]: time="2025-03-13T15:48:46+08:00" level=error msg="error while appending ca cert to pool for probe kube-scheduler"
Mar 13 15:48:51 bolan222 rancher-system-agent[49491]: time="2025-03-13T15:48:51+08:00" level=error msg="error loading CA cert for probe (kube-controller-manager) /var/lib/rancher/rke2/server/tls/kube-controller-manager/kube->
Mar 13 15:48:51 bolan222 rancher-system-agent[49491]: time="2025-03-13T15:48:51+08:00" level=error msg="error while appending ca cert to pool for probe kube-controller-manager"
Mar 13 15:48:51 bolan222 rancher-system-agent[49491]: time="2025-03-13T15:48:51+08:00" level=error msg="error loading x509 client cert/key for probe kube-apiserver (/var/lib/rancher/rke2/server/tls/client-kube-apiserver.crt/>
Mar 13 15:48:51 bolan222 rancher-system-agent[49491]: time="2025-03-13T15:48:51+08:00" level=error msg="error loading CA cert for probe (kube-scheduler) /var/lib/rancher/rke2/server/tls/kube-scheduler/kube-scheduler.crt: ope>
Mar 13 15:48:51 bolan222 rancher-system-agent[49491]: time="2025-03-13T15:48:51+08:00" level=error msg="error while appending ca cert to pool for probe kube-scheduler"
Mar 13 15:48:51 bolan222 rancher-system-agent[49491]: time="2025-03-13T15:48:51+08:00" level=error msg="error loading CA cert for probe (kube-apiserver) /var/lib/rancher/rke2/server/tls/server-ca.crt: open /var/lib/rancher/r>
Mar 13 15:48:51 bolan222 rancher-system-agent[49491]: time="2025-03-13T15:48:51+08:00" level=error msg="error while appending ca cert to pool for probe kube-apiserver"

ksd · 2025 年3 月 14 日 00:54

你仔细找找 rancher-system-agent 的日志，是不是有 pull 镜像相关的日志，十有八九是因为镜像没拉下来导致