k8s v1.29 以上版本使用 kube-vip 做高可用

报错信息

time="2023-12-14T09:30:38Z" level=info msg="namespace [kube-system], Mode: [ARP], Features(s): Control Plane:[true], Services:[false]"
time="2023-12-14T09:30:38Z" level=info msg="prometheus HTTP server started"
time="2023-12-14T09:30:38Z" level=info msg="Starting Kube-vip Manager with the ARP engine"
time="2023-12-14T09:30:38Z" level=info msg="Beginning cluster membership, namespace [kube-system], lock name [plndr-cp-lock], id [lima-cp-1]"
I1214 09:30:38.362358       1 leaderelection.go:250] attempting to acquire leader lease kube-system/plndr-cp-lock...
E1214 09:30:38.907904       1 leaderelection.go:332] error retrieving resource lock kube-system/plndr-cp-lock: leases.coordination.k8s.io "plndr-cp-lock" is forbidden: User "kubernetes-admin" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-system"
E1214 09:30:40.258727       1 leaderelection.go:332] error retrieving resource lock kube-system/plndr-cp-lock: leases.coordination.k8s.io "plndr-cp-lock" is forbidden: User "kubernetes-admin" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-system"

问题原因

在 k8s v1.29 以后,社区给 /etc/kubernetes/ 目录中添加了 super-admin.conf 配置

kubernetes_v1.29_changeLog

所以不能继续使用 /etc/kubernetes/admin.conf 配置作为 kube-vip 配置文件

修改方式

#!/bin/bash

VIP="10.10.10.10"
INTERFACE="ens3"
KVVERSION="v0.8.2"

nerdctl run --network=host --rm  ghcr.io/kube-vip/kube-vip:$KVVERSION manifest pod \
    --interface $INTERFACE \
    --address $VIP \
    --controlplane \
    --services \
    --arp \
    --leaderElection | tee /root/kube-vip.yaml

sed -i "s#path: /etc/kubernetes/super-admin.conf#path: /etc/kubernetes/admin.conf#g"  /root/kube-vip.yaml
cp /root/kube-vip.yaml /etc/kubernetes/manifests/kube-vip.yaml

参考 issuse

kube-vip requires super-admin.conf

请登录后发表评论

    没有回复内容