kubernetes笔记

问题描述:通过定义rc创建pod,会出现无法创建的问题

[root@localhost ~]# kubectl describe rc mysql
Name:           mysql
Namespace:      default
Image(s):       mysql
Selector:       app=mysql
Labels:         app=mysql
Replicas:       0 current / 1 desired
Pods Status:    0 Running / 0 Waiting / 0 Succeeded / 0 Failed
No volumes.
Events:
  FirstSeen     LastSeen        Count   From                            SubObjectPath   Type            Reason          Message
  ---------     --------        -----   ----                            -------------   --------        ------          -------
  11m           4m              18      {replication-controller }                       Warning         FailedCreate    Error creating: No API token found for service account "default", retry after the token is automatically created and added to the service account
[root@localhost ~]# ll

解决方案

出现问题的原因的安全认证配置,解决方案有两个,第一修改安全配置,第二,指定安全密钥

第一种:

编辑/etc/kubenetes/apiserver: 将以下这行中的ServiceAccount删除即可 KUBE_ADMISSION_CONTROL=“–admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota” 改为: KUBE_ADMISSION_CONTROL=“–admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota” 这种方式比较粗暴,可能会遇到必须要用ServiceAccount的情况。

第二种:

1、首先生成密钥: openssl genrsa -out /etc/kubernetes/serviceaccount.key 2048

2、编辑/etc/kubenetes/apiserver 添加以下内容: KUBE_API_ARGS=“–service_account_key_file=/etc/kubernetes/serviceaccount.key”

3、再编辑/etc/kubernetes/controller-manager 添加以下内容: KUBE_CONTROLLER_MANAGER_ARGS=“–service_account_private_key_file=/etc/kubernetes/serviceaccount.key”

最后重启kubernetes服务: systemctl restart etcd kube-apiserver kube-controller-manager kube-scheduler

问题描述

pod一直处于ContainerCreating状态,

[root@localhost ~]# kubectl get pod
NAME          READY     STATUS              RESTARTS   AGE
mysql-wgqcj   0/1       ContainerCreating   0          53m

解决方案

[root@localhost ~]# kubectl describe pod mysql
Name:           mysql-wgqcj
Namespace:      default
Node:           127.0.0.1/127.0.0.1
Start Time:     Wed, 22 Jan 2020 15:20:32 +0800
Labels:         app=mysql
Status:         Pending
IP:
Controllers:    ReplicationController/mysql
Containers:
  mysql:
    Container ID:
    Image:              mysql
    Image ID:
    Port:               3306/TCP
    State:              Waiting
      Reason:           ContainerCreating
    Ready:              False
    Restart Count:      0
    Volume Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-5z8gc (ro)
    Environment Variables:
      MYSQL_ROOT_PASSWORD:      123456
Conditions:
  Type          Status
  Initialized   True
  Ready         False
  PodScheduled  True
Volumes:
  default-token-5z8gc:
    Type:       Secret (a volume populated by a Secret)
    SecretName: default-token-5z8gc
QoS Class:      BestEffort
Tolerations:    <none>
Events:
  FirstSeen     LastSeen        Count   From                    SubObjectPath   Type            Reason          Message
  ---------     --------        -----   ----                    -------------   --------        ------          -------
  47m           47m             1       {default-scheduler }                    Normal          Scheduled       Successfully assigned mysql-wgqcj to 127.0.0.1
  47m           5m              13      {kubelet 127.0.0.1}                     Warning         FailedSync      Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.  details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"

  46m   12s     199     {kubelet 127.0.0.1}             Warning FailedSync      Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\""

原因:

/etc下面却没有rhsm目录 registry.access.redhat.com/rhel7/pod-infrastructure:latest 镜像不存在

解决:

yum install *rhsm*
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem