rocky-8.9 使用 kubeadm 部署 1.26 版本 kubernetes 问题汇总

文章目录

• • @[toc]
  • 内核模块加载报错
  • 内核参数报错
  • 以 master 身份加入集群报错

整体部署流程可以参照我之前的博客：

kubeadm + containerd 部署 k8s-v1.23.3 (含证书升级)

内核模块加载报错

rocky-8.9 是 4.18.0-513.5.1.el8_9.x86_64 版本的内核，已经没有 nf_conntrack_ipv4 这个内核参数了，执行 modprobe nf_conntrack_ipv4 会有如下的报错

modprobe: FATAL: Module nf_conntrack_ipv4 not found in directory /lib/modules/4.18.0-513.5.1.el8_9.x86_64

这个问题不影响，只需要执行 modprobe nf_conntrack 这个就行了，我的部署文档里面有这一步，可以把 modprobe nf_conntrack_ipv4 这一步删了就行

内核参数报错

同上，net.ipv4.tcp_tw_recycle 执行 sysctl -p 有如下报错

sysctl: cannot stat /proc/sys/net/ipv4/tcp_tw_recycle: No such file or directory

这是从 4.12 内核版本开始移除了 tcp_tw_recycle 配置，有兴趣的，可以看看这个博客：Linux 从 4.12 内核版本开始移除了 tcp_tw_recycle 配置。 tcp_max_tw_buckets TIME-WAIT 稳定值 time wait

以 master 身份加入集群报错

其他 master 节点没有 ca 证书，导致加入节点有以下报错（worker 节点加入不会有异常）

[preflight] Running pre-flight checks
        [WARNING FileExisting-tc]: tc not found in system path
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
error execution phase preflight:
One or more conditions for hosting a new control plane instance is not satisfied.

[failure loading certificate for CA: couldn't load the certificate file /etc/kubernetes/pki/ca.crt: open /etc/kubernetes/pki/ca.crt: no such file or directory, failure loading key for service account: couldn't load the private key file /etc/kubernetes/pki/sa.key: open /etc/kubernetes/pki/sa.key: no such file or directory, failure loading certificate for front-proxy CA: couldn't load the certificate file /etc/kubernetes/pki/front-proxy-ca.crt: open /etc/kubernetes/pki/front-proxy-ca.crt: no such file or directory, failure loading certificate for etcd CA: couldn't load the certificate file /etc/kubernetes/pki/etcd/ca.crt: open /etc/kubernetes/pki/etcd/ca.crt: no such file or directory]

Please ensure that:
* The cluster has a stable controlPlaneEndpoint address.
* The certificates that must be shared among control plane instances are provided.


To see the stack trace of this error execute with --v=5 or higher

把对应的证书分发到其他 master 节点，重新加入节点即可

ssh k8s-master-2 "mkdir -p /etc/kubernetes/pki/etcd"
scp /etc/kubernetes/pki/{ca.crt,ca.key,sa.key,sa.pub,front-proxy-ca.crt,front-proxy-ca.key} k8s-master-2:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/etcd/{ca.crt,ca.key} k8s-master-2:/etc/kubernetes/pki/etcd/