近期在研究kubernetes集群,搭建过程中也中有这样那样的错误,接下来会将我这边遇到的坑一一列出来,给各位先探探路。
执行测试创建docker:
kubectl run nginxexample --image=nginx kubectl get pods -l run=nginxexample NAME READY STATUS RESTARTS AGE nginxexample-2412748312-8grvr 0/1 ContainerCreating 0 1m
日志中有很多报错:
Mar 6 11:54:01 sudops-vm04 kube-controller-manager: E0306 11:54:01.936464 3206 replica_set.go:505] unable to create pods: No API token found for service account "default", retry after the token is automatically created and added to the service account
Mar 6 11:54:01 sudops-vm04 kube-controller-manager: I0306 11:54:01.936540 3206 event.go:217] Event(api.ObjectReference{Kind:"ReplicaSet", Namespace:"default", Name:"nginxexample-2412748312", UID:"26cc3dec-0220-11e7-8463-52540017b78a", APIVersion:"extensions", ResourceVersion:"4633", FieldPath:""}): type: 'Warning' reason: 'FailedCreate' Error creating: No API token found for service account "default", retry after the token is automatically created and added to the service account
Mar 6 11:54:31 sudops-vm04 kube-controller-manager: E0306 11:54:31.937162 3206 replica_set.go:505] unable to create pods: No API token found for service account "default", retry after the token is automatically created and added to the service account
Mar 6 11:54:31 sudops-vm04 kube-controller-manager: I0306 11:54:31.937634 3206 event.go:217] Event(api.ObjectReference{Kind:"ReplicaSet", Namespace:"default", Name:"nginxexample-2412748312", UID:"26cc3dec-0220-11e7-8463-52540017b78a", APIVersion:"extensions", ResourceVersion:"4633", FieldPath:""}): type: 'Warning' reason: 'FailedCreate' Error creating: No API token found for service account "default", retry after the token is automatically created and added to the service account
Mar 6 11:55:01 sudops-vm04 systemd: Created slice user-995.slice.
Mar 6 11:55:01 sudops-vm04 systemd: Starting user-995.slice.
Mar 6 11:55:01 sudops-vm04 systemd: Started Session 1271 of user pcp.
Mar 6 11:55:01 sudops-vm04 systemd: Starting Session 1271 of user pcp.
Mar 6 11:55:01 sudops-vm04 systemd: Removed slice user-995.slice.
Mar 6 11:55:01 sudops-vm04 systemd: Stopping user-995.slice.
Mar 6 11:55:01 sudops-vm04 kube-controller-manager: E0306 11:55:01.936908 3206 replica_set.go:505] unable to create pods: No API token found for service account "default", retry after the token is automatically created and added to the service account
Mar 6 11:55:01 sudops-vm04 kube-controller-manager: I0306 11:55:01.937365 3206 event.go:217] Event(api.ObjectReference{Kind:"ReplicaSet", Namespace:"default", Name:"nginxexample-2412748312", UID:"26cc3dec-0220-11e7-8463-52540017b78a", APIVersion:"extensions", ResourceVersion:"4633", FieldPath:""}): type: 'Warning' reason: 'FailedCreate' Error creating: No API token found for service account "default", retry after the token is automatically created and added to the service account
下面是解决办法:
# cat /etc/kubernetes/apiserver 去掉SecurityContextDeny,ServiceAccount 编辑如下行: #KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota" 改成: KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota" 重启kube-apiserver服务 # systemctl restart kube-apiserver.service
稍后可以再次看下,pod状态:
# kubectl get pods -l run=nginxexample NAME READY STATUS RESTARTS AGE nginxexample-2412748312-8grvr 1/1 Running 0 1h
