api server 暴露8080 apply报错
先修改yaml再apply报的是和edit一样的错误
[root@node-1-bak 10-statefulset]# kubectl get pod/kube-apiserver-node-1-bak -n kube-system -o yaml > kube-apiserver-node-1-bak.yaml
[root@node-1-bak 10-statefulset]#
[root@node-1-bak 10-statefulset]#
[root@node-1-bak 10-statefulset]#
[root@node-1-bak 10-statefulset]#
[root@node-1-bak 10-statefulset]# vim kube-apiserver-node-1-bak.yaml
[root@node-1-bak 10-statefulset]#
[root@node-1-bak 10-statefulset]#
[root@node-1-bak 10-statefulset]# kubectl apply -f kube-apiserver-node-1-bak.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
The Pod "kube-apiserver-node-1-bak" is invalid: spec: Forbidden: pod updates may not change fields other than `spec.containers[*].image`, `spec.initContainers[*].image`, `spec.activeDeadlineSeconds` or `spec.tolerations` (only additions to existing tolerations)
core.PodSpec{
Volumes: []core.Volume{{Name: "ca-certs", VolumeSource: core.VolumeSource{HostPath: &core.HostPathVolumeSource{Path: "/etc/ssl/certs", Type: &"DirectoryOrCreate"}}}, {Name: "etc-pki", VolumeSource: core.VolumeSource{HostPath: &core.HostPathVolumeSource{Path: "/etc/pki", Type: &"DirectoryOrCreate"}}}, {Name: "etc-pki-ca-trust", VolumeSource: core.VolumeSource{HostPath: &core.HostPathVolumeSource{Path: "/etc/pki/ca-trust", Type: &""}}}, {Name: "etc-pki-tls", VolumeSource: core.VolumeSource{HostPath: &core.HostPathVolumeSource{Path: "/etc/pki/tls", Type: &""}}}, {Name: "etcd-certs-0", VolumeSource: core.VolumeSource{HostPath: &core.HostPathVolumeSource{Path: "/etc/ssl/etcd/ssl", Type: &"DirectoryOrCreate"}}}, {Name: "k8s-certs", VolumeSource: core.VolumeSource{HostPath: &core.HostPathVolumeSource{Path: "/etc/kubernetes/ssl", Type: &"DirectoryOrCreate"}}}},
InitContainers: nil,
Containers: []core.Container{
{
Name: "kube-apiserver",
Image: "k8s.gcr.io/kube-apiserver:v1.19.7",
Command: []string{
... // 17 identical elements
"--event-ttl=1h0m0s",
- "--insecure-port=8080",
+ "--insecure-port=0",
"--kubelet-client-certificate=/etc/kubernetes/ssl/apiserver-kubelet-client.crt",
"--kubelet-client-key=/etc/kubernetes/ssl/apiserver-kubelet-client.key",
... // 17 identical elements
},
Args: nil,
WorkingDir: "",
... // 17 identical fields
},
},
EphemeralContainers: nil,
RestartPolicy: "Always",
... // 25 identical fields
}
[root@node-1-bak 10-statefulset]#
[root@node-1-bak 10-statefulset]#
[root@node-1-bak 10-statefulset]# kubectl get pod/kube-apiserver-node-1-bak -n kube-system
NAME READY STATUS RESTARTS AGE
kube-apiserver-node-1-bak 1/1 Running 184 16d
[root@node-1-bak 10-statefulset]# kubectl describe pod/kube-apiserver-node-1-bak -n kube-system
Name: kube-apiserver-node-1-bak
Namespace: kube-system
Priority: 2000001000
Priority Class Name: system-node-critical
Node: node-1-bak/192.168.0.116
Start Time: Sat, 17 Sep 2022 10:26:10 -0400
Labels: component=kube-apiserver
tier=control-plane
Annotations: kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 192.168.0.116:6443
kubernetes.io/config.hash: af9c349d0029208978fa0d77f8e2ebc9
kubernetes.io/config.mirror: af9c349d0029208978fa0d77f8e2ebc9
kubernetes.io/config.seen: 2022-09-05T00:52:46.851185429-04:00
kubernetes.io/config.source: file
Status: Running
IP: 192.168.0.116
IPs:
IP: 192.168.0.116
Controlled By: Node/node-1-bak
Containers:
kube-apiserver:
Container ID: containerd://b49798bf33c4ad27fa3a8439000a79265dd69a67daf4438109f904eacd08cd7f
Image: k8s.gcr.io/kube-apiserver:v1.19.7
Image ID: registry.cn-hangzhou.aliyuncs.com/kubernetes-kubespray/kube-apiserver@sha256:77f9f5ded0538e25d50091d18aa6e435892ac1402ab4bbc911e46e55cc40aac7
Port: <none>
Host Port: <none>
Command:
kube-apiserver
--advertise-address=192.168.0.116
--allow-privileged=true
--anonymous-auth=True
--apiserver-count=2
--authorization-mode=Node,RBAC
--bind-address=0.0.0.0
--client-ca-file=/etc/kubernetes/ssl/ca.crt
--default-not-ready-toleration-seconds=300
--default-unreachable-toleration-seconds=300
--enable-admission-plugins=NodeRestriction
--enable-aggregator-routing=False
--enable-bootstrap-token-auth=true
--endpoint-reconciler-type=lease
--etcd-cafile=/etc/ssl/etcd/ssl/ca.pem
--etcd-certfile=/etc/ssl/etcd/ssl/node-node-1-bak.pem
--etcd-keyfile=/etc/ssl/etcd/ssl/node-node-1-bak-key.pem
--event-ttl=1h0m0s
--insecure-port=0
--kubelet-client-certificate=/etc/kubernetes/ssl/apiserver-kubelet-client.crt
--kubelet-client-key=/etc/kubernetes/ssl/apiserver-kubelet-client.key
--kubelet-preferred-address-types=InternalDNS,InternalIP,Hostname,ExternalDNS,ExternalIP
--profiling=False
--proxy-client-cert-file=/etc/kubernetes/ssl/front-proxy-client.crt
--proxy-client-key-file=/etc/kubernetes/ssl/front-proxy-client.key
--request-timeout=1m0s
--requestheader-allowed-names=front-proxy-client
--requestheader-client-ca-file=/etc/kubernetes/ssl/front-proxy-ca.crt
--requestheader-extra-headers-prefix=X-Remote-Extra-
--requestheader-group-headers=X-Remote-Group
--requestheader-username-headers=X-Remote-User
--secure-port=6443
--service-account-key-file=/etc/kubernetes/ssl/sa.pub
--service-cluster-ip-range=10.200.0.0/16
--service-node-port-range=30000-32767
--storage-backend=etcd3
--tls-cert-file=/etc/kubernetes/ssl/apiserver.crt
--tls-private-key-file=/etc/kubernetes/ssl/apiserver.key
State: Running
Started: Tue, 20 Sep 2022 04:31:54 -0400
Last State: Terminated
Reason: Unknown
Exit Code: 255
Started: Mon, 19 Sep 2022 16:14:01 -0400
Finished: Tue, 20 Sep 2022 04:31:42 -0400
Ready: True
Restart Count: 184
Requests:
cpu: 250m
Liveness: http-get https://192.168.0.116:6443/livez delay=10s timeout=15s period=10s #success=1 #failure=8
Readiness: http-get https://192.168.0.116:6443/readyz delay=0s timeout=15s period=1s #success=1 #failure=3
Startup: http-get https://192.168.0.116:6443/livez delay=10s timeout=15s period=10s #success=1 #failure=30
Environment: <none>
Mounts:
/etc/kubernetes/ssl from k8s-certs (ro)
/etc/pki from etc-pki (ro)
/etc/pki/ca-trust from etc-pki-ca-trust (ro)
/etc/pki/tls from etc-pki-tls (ro)
/etc/ssl/certs from ca-certs (ro)
/etc/ssl/etcd/ssl from etcd-certs-0 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
ca-certs:
Type: HostPath (bare host directory volume)
Path: /etc/ssl/certs
HostPathType: DirectoryOrCreate
etc-pki:
Type: HostPath (bare host directory volume)
Path: /etc/pki
HostPathType: DirectoryOrCreate
etc-pki-ca-trust:
Type: HostPath (bare host directory volume)
Path: /etc/pki/ca-trust
HostPathType:
etc-pki-tls:
Type: HostPath (bare host directory volume)
Path: /etc/pki/tls
HostPathType:
etcd-certs-0:
Type: HostPath (bare host directory volume)
Path: /etc/ssl/etcd/ssl
HostPathType: DirectoryOrCreate
k8s-certs:
Type: HostPath (bare host directory volume)
Path: /etc/kubernetes/ssl
HostPathType: DirectoryOrCreate
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: :NoExecuteop=Exists
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning Unhealthy 32m (x7 over 112m) kubelet Liveness probe failed: HTTP probe failed with statuscode: 500
Warning Unhealthy 6m6s (x45 over 112m) kubelet Readiness probe failed: HTTP probe failed with statuscode: 500
259
收起
正在回答 回答被采纳积分+3
1回答
刘果国
2022-09-23 09:39:10
相似问题
api server对外暴露8080报错
252
0
2
服务暴露
734
0
3
vue3 this的问题
4056
2
2
部署提示证书失效
431
0
2
关于setup参数的expose函数的使用,注意事项有哪些?
609
0
5
登录后可查看更多问答,登录/注册
