k8s部署问题（踩坑）记录

一、etcd服务启动后报错etcd cluster ID mismatch:
检车service配置cluster选项有无问题，若无问题，则可能是此前的etcd bootstrap加速启动缓存残留导致，坑爹的是rm -rf /var/lib/etcd/* 删除完了之后还是报错，必须
rm -rf /var/lib/etcd/才能彻底清除，删除完成后记得再创建该路径mkdir /var/lib/etcd，否则会有类似报错：

 etcd.service: Failed at step CHDIR spawning /usr/local/bin/etcd: No such file or directory

二、etcd服务启动报错：

    /var/log/syslog:member ece8752232f7b4d6 has already been bootstrapped
    原因是非主节点的etcd服务是启动状态，解决办法：
    rm -rf /var/lib/etcd/
    mkdir /var/lib/etcd

三、其余节点（非第一台master）初始化完成后kubectl获取资源提示X509:

# kubectl get nodes
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")

解决方法：
kubeadm init初始化完成后提示的操作执行一遍：

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

第一个master节点执行完成后，需将scp /etc/kubernetes/pki/*到其他节点后，其他master节点才能初始化。在kubeadm初始化之前要保证systemctl status kubelet 查看到的状态保持activating (auto-restart)状态，否则kubeadm会报错

四、集群部署完成后，kubectl执行写资源没有权限，报错类似：

'''
Error from server (Forbidden): error when creating "kubeadm-router.yaml": daemonsets.extensions is forbidden: User "system:node:yksv005211" cannot create daemonsets.extensions in the namespace "kube-system"
Error from server (Forbidden): error when creating "kubeadm-router.yaml": serviceaccounts is forbidden: User "system:node:yksv005211" cannot create serviceaccounts in the namespace "kube-system"
Error from server (Forbidden): error when creating "kubeadm-router.yaml": clusterroles.rbac.authorization.k8s.io is forbidden: User "system:node:yksv005211" cannot create clusterroles.rbac.authorization.k8s.io at the cluster scope
Error from server (Forbidden): error when creating "kubeadm-router.yaml": clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "system:node:yksv005211" cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster scope
'''

此时
此前配置的变量KUBECONFIG=/etc/kubernetes/kubelet.conf 这是普通用户，没有权限，会有报错，需按照kubeadm初始化完成后的提示，操作一遍

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

或者亦可切换环境变量指向admin.conf内的配置，则拥有管理权限了:

export KUBECONFIG=/etc/kubernetes/admin.conf

重点：为防止以上坑爹问题，建议干净系统、统一工具版本，初始化失败重来时，将相关组件全部重启，涉及路径全部清空重新创建空路径。