自有证书的rancher集群使用rke部署k8s集群异常

rancher使用自签域名，或者商业证书容易踩到的坑。

最开始的报错：

docker logs kubelet's id

E0214 13:04:14.590268    9614 pod_workers.go:1300] "Error syncing pod, skipping" err="failed to \"StartContainer\" for \"cluster-register\" with CrashLoopBackOff: \"back-off 1m20s restarting failed container=cluster-register pod=cattle-cluster-agent-54dccc4c96-spvm2_cattle-system(bb1553fe-b831-4b4e-92a7-ab8fc58dfbf5)\"" pod="cattle-system/cattle-cluster-agent-54dccc4c96-spvm2" podUID="bb1553fe-b831-4b4e-92a7-ab8fc58dfbf5"

一步步排查进入到rke部署的k8s集群里面

xm-kvm-cbs-113-92:/var/lib/rancher # kubectl logs cattle-cluster-agent-54dccc4c96-f7w29 -c cluster-register -n cattle-system
INFO: Environment: CATTLE_ADDRESS=10.42.25.147 CATTLE_CA_CHECKSUM= CATTLE_CLUSTER=true CATTLE_CLUSTER_AGENT_PORT=tcp://10.43.224.20:80 CATTLE_CLUSTER_AGENT_PORT_443_TCP=tcp://10.43.224.20:443 CATTLE_CLUSTER_AGENT_PORT_443_TCP_ADDR=10.43.224.20 CATTLE_CLUSTER_AGENT_PORT_443_TCP_PORT=443 CATTLE_CLUSTER_AGENT_PORT_443_TCP_PROTO=tcp CATTLE_CLUSTER_AGENT_PORT_80_TCP=tcp://10.43.224.20:80 CATTLE_CLUSTER_AGENT_PORT_80_TCP_ADDR=10.43.224.20 CATTLE_CLUSTER_AGENT_PORT_80_TCP_PORT=80 CATTLE_CLUSTER_AGENT_PORT_80_TCP_PROTO=tcp CATTLE_CLUSTER_AGENT_SERVICE_HOST=10.43.224.20 CATTLE_CLUSTER_AGENT_SERVICE_PORT=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTP=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTPS_INTERNAL=443 CATTLE_CLUSTER_REGISTRY= CATTLE_FEATURES=embedded-cluster-api=false,fleet=false,monitoringv1=false,multi-cluster-management=false,multi-cluster-management-agent=true,provisioningv2=false,rke2=false CATTLE_INGRESS_IP_DOMAIN=sslip.io CATTLE_INSTALL_UUID=09a8a51b-837e-4bb2-90bd-6043f6fa0789 CATTLE_INTERNAL_ADDRESS= CATTLE_IS_RKE=true CATTLE_K8S_MANAGED=true CATTLE_NODE_NAME=cattle-cluster-agent-54dccc4c96-f7w29 CATTLE_RANCHER_WEBHOOK_VERSION=103.0.6+up0.4.7 CATTLE_SERVER=https://rancher.baitest.com CATTLE_SERVER_VERSION=v2.8.5
INFO: Using resolv.conf: nameserver 10.43.0.10 search cattle-system.svc.cluster.local svc.cluster.local cluster.local options ndots:5
ERROR: https://rancher.baitest.com/ping is not accessible (Could not resolve host: rancher.baitest.com)

自定义的域名需要使用kubectl导入映射关系

xm-kvm-cbs-113-92:/var/lib/rancher # kubectl -n cattle-system patch deployments cattle-cluster-agent --patch '{"spec": {"template": {"spec": {"hostAliases": [{"hostnames":["rancher.baitest.com"],"ip": "192.168.130.200"}]}}}}'

排查了3天，终于在情人节的晚上，成功解决。

参考链接：

Rancher Cattle Cluster Agent Could not Resolve Host · Issue #16454 · rancher/rancher · GitHub

如果对你有帮助，一块也是爱