Shulou(Shulou.com)06/03 Report--

Introduction to Kubelet

The Kubelet component runs on the Node node, maintains the running Pods and provides the kuberntes runtime environment, mainly accomplishing the following tasks:

1. Monitor the pods assigned to the Node node

2. Mount the volumes required for pod

3. Download the secret of pod

4. Run the container in pod through docker/rkt

5. Cycle execution liveness probe defined for the container in pod

6. Report the status of pod to other components of the system

7. Report the status of Node

Phenomenon

An internal error occurred in the harbor image platform server and the request could not be completed

Investigation

Log in to dashboard to find that the status of node nodes is notready, and then log in to node nodes to see that they are indeed notready. The instinctive reaction is to repeat the kubelet and kube-proxy services, and then the state is still notready.

At this time, if you take a closer look at the nodes node status age of 368d, I feel that what should have expired. Before, I specially applied for a certificate for 10 years, which should not be a certificate problem. Later, I checked the deployment document and found that kubelet also needs certificate authorization.

Solve

In the end, kubectl get csr found that all node-csr are in Pending state and need to be re-kubectl certificate approve to take effect.

It is found that the certificate signed by default is only valid for one year. If you want to adjust the certificate validity period, you can set the-experimental-cluster-signing-duration parameter of kube-controller-manager. The default value of this parameter is 8760h0m0s. For more information on how to increase the default certificate signing time and automatic certificate rotation, please refer to kubernetes authentication and authorization mechanism.

Steps

[root@k8s01 bin] # kubectl get nodesNAME STATUS ROLES AGE VERSION192.168.88.34 NotReady 368d v1.13.1192.168.88.65 NotReady 368d v1.13.1 [root@k8s01 bin] # kubectl get csrNAME AGE REQUESTOR CONDITIONnode-csr-d8End93rQqSFRHpV65KA2yL-4CnYHT4te6D85lzO5QA 18m kubelet-bootstrap Pendingnode-csr-iuBw7qxuiCeyiQ1x5WqTASgqVheII-KpTX0L -S8Md8Y 10m kubelet-bootstrap Pending [root@k8s01 bin] # kubectl certificate approve node-csr-d8End93rQqSFRHpV65KA2yL-4CnYHT4te6D85lzO5QA certificatesigningrequest.certificates.k8s.io/node-csr-d8End93rQqSFRHpV65KA2yL-4CnYHT4te6D85lzO5QA approved [root@k8s01 bin] # kubectl certificate approve node-csr-iuBw7qxuiCeyiQ1x5WqTASgqVheII-KpTX0L-S8Md8Ycertificatesigningrequest.certificates.k8s.io/node-csr-iuBw7qxuiCeyiQ1x5WqTASgqVheII-KpTX0L-S8Md8Y approved [root@k8s01 bin] # kubectl get csrNAME AGE REQUESTOR CONDITIONnode-csr-d8End93rQqSFRHpV65KA2yL-4CnYHT4te6D85lzO5QA 19m kubelet-bootstrap Approved Issuednode-csr-iuBw7qxuiCeyiQ1x5WqTASgqVheII-KpTX0L-S8Md8Y 11m kubelet-bootstrap Approved,Issued [root@k8s01 bin] # kubectl get nodesNAME STATUS ROLES AGE VERSION192.168.88.34 Ready 368d v1.13.1192.168.88.65 Ready 368d v1.13.1

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.