kubernetes笔记
问题描述:通过定义rc
创建pod
,会出现无法创建的问题
[root@localhost ~]# kubectl describe rc mysql
Name: mysql
Namespace: default
Image(s): mysql
Selector: app=mysql
Labels: app=mysql
Replicas: 0 current / 1 desired
Pods Status: 0 Running / 0 Waiting / 0 Succeeded / 0 Failed
No volumes.
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
11m 4m 18 {replication-controller } Warning FailedCreate Error creating: No API token found for service account "default", retry after the token is automatically created and added to the service account
[root@localhost ~]# ll
解决方案
出现问题的原因的安全认证配置,解决方案有两个,第一修改安全配置,第二,指定安全密钥
第一种:
编辑/etc/kubenetes/apiserver: 将以下这行中的ServiceAccount删除即可 KUBE_ADMISSION_CONTROL=”–admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota” 改为: KUBE_ADMISSION_CONTROL=”–admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota” 这种方式比较粗暴,可能会遇到必须要用ServiceAccount的情况。
第二种:
1、首先生成密钥: openssl genrsa -out /etc/kubernetes/serviceaccount.key 2048
2、编辑/etc/kubenetes/apiserver 添加以下内容: KUBE_API_ARGS=”–service_account_key_file=/etc/kubernetes/serviceaccount.key”
3、再编辑/etc/kubernetes/controller-manager 添加以下内容: KUBE_CONTROLLER_MANAGER_ARGS=”–service_account_private_key_file=/etc/kubernetes/serviceaccount.key”
最后重启kubernetes服务: systemctl restart etcd kube-apiserver kube-controller-manager kube-scheduler
问题描述
pod一直处于ContainerCreating状态,
[root@localhost ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
mysql-wgqcj 0/1 ContainerCreating 0 53m
解决方案
[root@localhost ~]# kubectl describe pod mysql
Name: mysql-wgqcj
Namespace: default
Node: 127.0.0.1/127.0.0.1
Start Time: Wed, 22 Jan 2020 15:20:32 +0800
Labels: app=mysql
Status: Pending
IP:
Controllers: ReplicationController/mysql
Containers:
mysql:
Container ID:
Image: mysql
Image ID:
Port: 3306/TCP
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Volume Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-5z8gc (ro)
Environment Variables:
MYSQL_ROOT_PASSWORD: 123456
Conditions:
Type Status
Initialized True
Ready False
PodScheduled True
Volumes:
default-token-5z8gc:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-5z8gc
QoS Class: BestEffort
Tolerations: <none>
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
47m 47m 1 {default-scheduler } Normal Scheduled Successfully assigned mysql-wgqcj to 127.0.0.1
47m 5m 13 {kubelet 127.0.0.1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
46m 12s 199 {kubelet 127.0.0.1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\""
原因:
/etc下面却没有rhsm目录 registry.access.redhat.com/rhel7/pod-infrastructure:latest 镜像不存在
解决:
yum install *rhsm*
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem