问题一、unable to fetch the kubeadm-config ConfigMap: failed to get config map: Unauthorized
[root@k8s-store01 ~]# kubeadm join 10.0.0.31:6443 --token 1euadv.48cjve19biy33b9m --discovery-token-ca-cert-hash sha256:295acb22b65296410968d040cfbb326642d2e3b177ccbc3626765a0ada6fa9ff
[preflight] Running pre-flight checks
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.5. Latest validated version: 18.09
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
error execution phase preflight: unable to fetch the kubeadm-config ConfigMap: failed to get config map: Unauthorized
解决办法是: token已经过期了,该token默认是24小时内有效果的,所以需要在master节点重新生成token
[root@k8s-master01 ~]# kubeadm token create
ottwfk.al3ksj32yeqogk9y
[root@k8s-master01 ~]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
1euadv.48cjve19biy33b9m <invalid> 2019-12-08T16:17:03+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
ottwfk.al3ksj32yeqogk9y 23h 2019-12-10T13:20:57+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
问题二:repository does not exist or may require 'docker login': denied: requested access to the resource is denied
[root@k8s-master01 ~]# kubectl describe pod nginx-demo
Normal Scheduled 15m default-scheduler Successfully assigned default/nginx-demo to k8s-node03
Normal BackOff 14m (x6 over 15m) kubelet, k8s-node03 Back-off pulling image "10.0.0.33/base_images/nginx:1.13"
Normal Pulling 13m (x4 over 15m) kubelet, k8s-node03 Pulling image "10.0.0.33/base_images/nginx:1.13"
Warning Failed 13m (x4 over 15m) kubelet, k8s-node03 Failed to pull image "10.0.0.33/base_images/nginx:1.13": rpc error: code = Unknown desc = Error response from daemon: pull access denied for 10.0.0.33/base_images/nginx, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
Warning Failed 13m (x4 over 15m) kubelet, k8s-node03 Error: ErrImagePull
Warning Failed 4m56s (x43 over 15m) kubelet, k8s-node03 Error: ImagePullBackOff
解决方法是:node节点没有权限从harbor拉取镜像,所以需要在master节点进行授权
[root@k8s-master01 ~]# kubectl create secret docker-registry harbor-secret --namespace=default --docker-server=10.0.0.33 --docker-username=admin --docker-password=Harbor12345
// 添加授权
[root@k8s-master01 ~]# cat web-demo.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-demo
labels:
env: test
spec:
containers:
- name: nginx
image: 10.0.0.33/base_images/nginx:1.13
imagePullPolicy: Always
imagePullSecrets:
- name: harbor-secret
nodeSelector:
app: k8s-node03