K8S节点上执行kubectl get node命令报错证书问题,查看kubelet日志如下
[localhost@10 ~]$ journalctl -xeu kubelet --since "2024-04-09" --no-pager 4月 09 00:06:22 10.10.44.23-v7-prod-cams-08 kubelet[2142]: I0409 00:06:22.150535 2142 csi_plugin.go:913] Failed to contact API server when waiting for CSINode publishing: Get "https://127.0.0.1:8443/apis/storage.k8s.io/v1/csinodes/10.10.44.23": tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
问题原因:node节点执行会失败,原因为nginx代理kube-apiserver配置时,upstream后端的apiserver地址配置错误,导致没有注册到正确的master节点
其他原因:kubeadm部署的环境.kube配置文件下有残留文件,清理重新部署即可