• 【k8s】Kubernetes版本v1.17.3 kubesphere 3.1.1 默认用户登录失败

    1.发帖: 

    Kubernetes版本v1.17.3 kubesphere 3.11 默认用户登录失败 - KubeSphere 开发者社区

    2. 问题日志: 

    2.1问题排查方法 : 

    用户无法登录

    http://192.168.56.100:30880/

     2.2查看用户状态 

     kubectl get users

    1. [root@k8s-node1 ~]# kubectl get users
    2. NAME    EMAIL                 STATUS
    3. admin   admin@kubesphere.io

    正常的应该是: 

     

    2.3 检查 ks-controller-manager 是否正常运行,是否有异常日志:

    kubectl -n kubesphere-system logs -l app=ks-controller-manager

    1. kubectl -n kubesphere-system logs -l app=ks-controller-manager
    2. I0911 11:49:58.686749       1 clusterrolebinding_controller.go:188] Successfully synced key:system:controller:pod-garbage-collector
    3. I0911 11:49:58.686755       1 event.go:278] Event(v1.ObjectReference{Kind:"ClusterRoleBinding", Namespace:"", Name:"ks-controller-manager-rolebinding", UID:"aefd6d7b-953a-4967-a0a5-86ff738396ab", APIVersion:"rbac.authorization.k8s.io/v1", ResourceVersion:"105248", FieldPath:""}): type: 'Normal' reason: 'Synced' ClusterRoleBinding synced successfully
    4. I0911 11:49:58.686779       1 event.go:278] Event(v1.ObjectReference{Kind:"ClusterRoleBinding", Namespace:"", Name:"kubesphere-prometheus-operator", UID:"b1a2af46-1fd9-42a3-a954-118e0fa3b824", APIVersion:"rbac.authorization.k8s.io/v1", ResourceVersion:"117259", FieldPath:""}): type: 'Normal' reason: 'Synced' ClusterRoleBinding synced successfully
    5. I0911 11:49:58.686811       1 event.go:278] Event(v1.ObjectReference{Kind:"ClusterRoleBinding", Namespace:"", Name:"system:controller:pod-garbage-collector", UID:"4c2913ad-0dc2-4ce4-9555-79884b51f3ad", APIVersion:"rbac.authorization.k8s.io/v1", ResourceVersion:"119", FieldPath:""}): type: 'Normal' reason: 'Synced' ClusterRoleBinding synced successfully
    6. I0911 11:49:58.696411       1 globalrolebinding_controller.go:204] Successfully synced key:admin
    7. I0911 11:49:58.696471       1 event.go:278] Event(v1.ObjectReference{Kind:"GlobalRoleBinding", Namespace:"", Name:"admin", UID:"e599dd3d-efa7-49c1-9e29-f734ed7c2fd3", APIVersion:"iam.kubesphere.io/v1alpha2", ResourceVersion:"104977", FieldPath:""}): type: 'Normal' reason: 'Synced' GlobalRoleBinding synced successfully
    8. I0911 11:49:58.700995       1 clusterrolebinding_controller.go:188] Successfully synced key:admin-cluster-admin
    9. I0911 11:49:58.701351       1 event.go:278] Event(v1.ObjectReference{Kind:"ClusterRoleBinding", Namespace:"", Name:"admin-cluster-admin", UID:"8c1bc9f3-7e49-4198-b951-846c594a04ab", APIVersion:"rbac.authorization.k8s.io/v1", ResourceVersion:"107126", FieldPath:""}): type: 'Normal' reason: 'Synced' ClusterRoleBinding synced successfully
    10. E0911 11:50:25.054212       1 user_controller.go:239] Internal error occurred: failed calling webhook "users.iam.kubesphere.io": Post https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2?timeout=4s: context deadline exceeded
    11. E0911 11:50:25.054314       1 basecontroller.go:132] error syncing 'admin' in user-controller: Internal error occurred: failed calling webhook "users.iam.kubesphere.io": Post https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2?timeout=4s: context deadline exceeded, requeuing 
    12. [root@k8s-node1 ~]# kubectl delete secret -n cattle-system cattle-webhook-tls
    13. Error from server (NotFound): secrets "cattle-webhook-tls" not found

     关键信息; error syncing 'admin' in user-controller: Internal error occurred: failed calling webhook "users.iam.kubesphere.io": Post https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2

    3. 问题解决 

    参考: 在修改密码和添加用户时报错 - KubeSphere 开发者社区

    set ks-controller-manage hostNetwork: true

    kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io users.iam.kubesphere.io

    问题解决日志: 最后reboot 重启

    1. [root@k8s-node1 ~]# kubectl get users
    2. NAME    EMAIL                 STATUS
    3. admin   admin@kubesphere.io   
    4. [root@k8s-node1 ~]# kubectl -n kubesphere-system logs -l app=ks-controller-manager
    5. I0911 11:49:58.686749       1 clusterrolebinding_controller.go:188] Successfully synced key:system:controller:pod-garbage-collector
    6. I0911 11:49:58.686755       1 event.go:278] Event(v1.ObjectReference{Kind:"ClusterRoleBinding", Namespace:"", Name:"ks-controller-manager-rolebinding", UID:"aefd6d7b-953a-4967-a0a5-86ff738396ab", APIVersion:"rbac.authorization.k8s.io/v1", ResourceVersion:"105248", FieldPath:""}): type: 'Normal' reason: 'Synced' ClusterRoleBinding synced successfully
    7. I0911 11:49:58.686779       1 event.go:278] Event(v1.ObjectReference{Kind:"ClusterRoleBinding", Namespace:"", Name:"kubesphere-prometheus-operator", UID:"b1a2af46-1fd9-42a3-a954-118e0fa3b824", APIVersion:"rbac.authorization.k8s.io/v1", ResourceVersion:"117259", FieldPath:""}): type: 'Normal' reason: 'Synced' ClusterRoleBinding synced successfully
    8. I0911 11:49:58.686811       1 event.go:278] Event(v1.ObjectReference{Kind:"ClusterRoleBinding", Namespace:"", Name:"system:controller:pod-garbage-collector", UID:"4c2913ad-0dc2-4ce4-9555-79884b51f3ad", APIVersion:"rbac.authorization.k8s.io/v1", ResourceVersion:"119", FieldPath:""}): type: 'Normal' reason: 'Synced' ClusterRoleBinding synced successfully
    9. I0911 11:49:58.696411       1 globalrolebinding_controller.go:204] Successfully synced key:admin
    10. I0911 11:49:58.696471       1 event.go:278] Event(v1.ObjectReference{Kind:"GlobalRoleBinding", Namespace:"", Name:"admin", UID:"e599dd3d-efa7-49c1-9e29-f734ed7c2fd3", APIVersion:"iam.kubesphere.io/v1alpha2", ResourceVersion:"104977", FieldPath:""}): type: 'Normal' reason: 'Synced' GlobalRoleBinding synced successfully
    11. I0911 11:49:58.700995       1 clusterrolebinding_controller.go:188] Successfully synced key:admin-cluster-admin
    12. I0911 11:49:58.701351       1 event.go:278] Event(v1.ObjectReference{Kind:"ClusterRoleBinding", Namespace:"", Name:"admin-cluster-admin", UID:"8c1bc9f3-7e49-4198-b951-846c594a04ab", APIVersion:"rbac.authorization.k8s.io/v1", ResourceVersion:"107126", FieldPath:""}): type: 'Normal' reason: 'Synced' ClusterRoleBinding synced successfully
    13. E0911 11:50:25.054212       1 user_controller.go:239] Internal error occurred: failed calling webhook "users.iam.kubesphere.io": Post https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2?timeout=4s: context deadline exceeded
    14. E0911 11:50:25.054314       1 basecontroller.go:132] error syncing 'admin' in user-controller: Internal error occurred: failed calling webhook "users.iam.kubesphere.io": Post https://ks-controller-manager.kubesphere-system.svc:443/validate-email-iam-kubesphere-io-v1alpha2?timeout=4s: context deadline exceeded, requeuing 
    15. [root@k8s-node1 ~]# kubectl delete secret -n cattle-system cattle-webhook-tls
    16. Error from server (NotFound): secrets "cattle-webhook-tls" not found
    17. [root@k8s-node1 ~]# kubectl delete mutatingwebhookconfigurations.admissionregistration.k8s.io --ignore-not-found=true rancher.cattle.io
    18. [root@k8s-node1 ~]# kubectl delete pod -n cattle-system -l app=rancher-webhook
    19. No resources found
    20. [root@k8s-node1 ~]# kubectl delete secret -n cattle-system cattle-webhook-tls
    21. Error from server (NotFound): secrets "cattle-webhook-tls" not found
    22. [root@k8s-node1 ~]# kubectl delete mutatingwebhookconfigurations.admissionregistration.k8s.io --ignore-not-found=true rancher.cattle.io
    23. [root@k8s-node1 ~]# kubectl delete pod -n cattle-system -l app=rancher-webhook
    24. No resources found
    25. [root@k8s-node1 ~]# set ks-controller-manage hostNetwork: true
    26. [root@k8s-node1 ~]# kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io users.iam.kubesphere.io
    27. validatingwebhookconfiguration.admissionregistration.k8s.io "users.iam.kubesphere.io" deleted
    28. [root@k8s-node1 ~]# systemctl  docker  restart  
    29. Unknown operation 'docker'.
    30. [root@k8s-node1 ~]# reboot

     reboot之后: 

    1. [root@k8s-node1 ~]# kubectl get users
    2. NAME    EMAIL                 STATUS
    3. admin   admin@kubesphere.io   Active
    4. [root@k8s-node1 ~]# 
    5. [root@k8s-node1 ~]#

     重新登录成功

  • 相关阅读:
    信创操作系统--麒麟Kylin桌面版操作系统博文汇总目录
    【马士兵】Python基础--04
    【C++】左值和右值
    Gateway基本配置
    UE4基础篇十六:自定义 EQS 生成器
    安装FREENAS 虚拟机
    好细的Vue安装与配置
    Mac环境部署单机版Hbase及使用JavaAPI对Hbase增删改查
    Oracle/PLSQL: Sinh Function
    Windows10专业版系统安装Hyper-V虚拟机软件
  • 原文地址:https://blog.csdn.net/oDianZi1234567/article/details/132816750