Qiita Teams that are logged in
You are not logged in to any team

Log in to Qiita Team
Community
OrganizationAdvent CalendarQiitadon (β)
Service
Qiita JobsQiita ZineQiita Blog
Help us understand the problem. What is going on with this article?

Kubernetesの新規ノード追加時にError execution phase kubelet-start: configmaps "kubelet-config-1.14" is forbidden: User "system:bootstrap:g651e8" cannot get resource "configmaps" in API group "" in the namespace "kube-system" と怒られる

More than 1 year has passed since last update.

お約束

実行内容

出力結果

[root@master ~]# cat /etc/redhat-release 

CentOS Linux release 7.6.1810 (Core)
Kubeadm,Kubectl,Kubeletを使用。

事象

Master PC

ノード追加のトークンを再生成する

 [root@master ~]#  kubeadm token create --print-join-command 

実行結果
kubeadm join 192.168.1.2:6443 --token ffx82v.saaefe32df23 --di
scovery-token-ca-cert-hash sha256:fddskdnj3n5kjhu9ln9de9
41fgjf83asbgdeffg8fgse332m1

出力されたコマンドを追加したいNodeで実行する

Node PC

ノード追加実行

[root@node ~]# kubeadm join 192.168.1.2:6443 --token ffx82v.saaefe32df23 --di
scovery-token-ca-cert-hash sha256:fddskdnj3n5kjhu9ln9de9
41fgjf83asbgdeffg8fgse332m1 

すると
Error execution phase kubelet-start: configmaps "kubelet-config-1.14" is forbidden: User "system:bootstrap:g651e8" cannot get resource "configmaps" in API group "" in the namespace "kube-system"

原因と解決方法

原因

MasterとNodeのKubernetesのバージョンが一致していない(離れすぎ?)

Master

[root@master ~]# kubelet --version 

Kubernetes v1.13.3

[root@master ~]# kubeadm version

kubeadm version: &version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.3",

[root@master ~]# kubectl version

Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.3",
Server Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.3",

(出力結果一部省略)

Node

[root@master ~]# kubelet --version

Kubernetes v1.14.1

[root@master ~]# kubeadm version

kubeadm version: &version.Info{Major:"1", Minor:"13", GitVersion:"v1.14.1",

[root@master ~]# kubectl version

Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.14.1",
Server Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.14.1",

解決方法

NodeのKubernetesを再インストール

ますはアンインストール(Replaceでもよい)

[root@node ~]# yum remove kubelet, kubeadm, kubectl

パッケージ名を検索

[root@node ~]# yum --showduplicates search kubectl

kubeadm-1.13.3-0.x86_64
(1.13.3のみ抜粋)

[root@node ~]# yum install -y kubeadm-1.13.3-0.x86_64

これをKubelet,kubectlにも行う

その後再びNodeで

[root@node ~]# kubeadm join 192.168.1.2:6443 --token ffx82v.saaefe32df23 --di
scovery-token-ca-cert-hash sha256:fddskdnj3n5kjhu9ln9de9
41fgjf83asbgdeffg8fgse332m1

[discovery] Successfully established connection with API
Server "192.168.1.2:6443"

確認のため、Masterにて

[root@master ~]# kubectl get nodes

NAME STATUS ROLES AGE VERSION
master Ready master 1m v1.13.3
node1 Ready <none> 1m v1.13.3
node2 Ready <none> 1m v1.13.3

参考

https://www.devops.buzz/public/kubeadm/known-errors-and-solutions

Tsu_hao_Zhang
アダルト動画を合法的に取り扱う会社で働いています。 浅学ゆえに内容の誤りや日本語がおかしいところがあるかと思います。 ご意見ご指摘歓迎いたします。
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away