在用户认证等做完后无法运行
kubectl exec -it mysql-st2ch -- /bin/bash
报错如下:
error: unable to upgrade connection: Forbidden (user=system:anonymous, verb=create, resource=nodes, subresource=proxy)
解决办法:
[Tilyp@master yaml]$ kubectl create clusterrolebinding system:anonymous --clusterrole=cluster-admin --user=system:anonymous
clusterrolebinding.rbac.authorization.k8s.io/system:anonymous created
[Tilyp@master yaml]$
查看pod详情:
[Tilyp@master kubernetes]$ kubectl describe pod mysql-st2ch
Name: mysql-st2ch
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: 192.168.4.10/192.168.4.10
Start Time: Wed, 10 Apr 2019 14:28:39 +0800
Labels: app=mysql
Annotations: <none>
Status: Running
IP: 10.254.29.2
Controlled By: ReplicationController/mysql
Containers:
mysql:
Container ID: docker://047d9fe9c9045a550be80f5e9ba9ef9c40fb0b28c8ef455d74b3104e81345e59
Image: mysql
Image ID: docker-pullable://mysql@sha256:a7cf659a764732a27963429a87eccc8457e6d4af0ee9d5140a3b56e74986eed7
Port: 3306/TCP
Host Port: 0/TCP
State: Running
Started: Wed, 10 Apr 2019 14:30:04 +0800
Ready: True
Restart Count: 0
Environment:
MYSQL_ROOT_PASSWORD: 123456
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-s95s4 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-s95s4:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-s95s4
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 47m default-scheduler Successfully assigned default/mysql-st2ch to 192.168.4.10
Normal Pulling 47m kubelet, 192.168.4.10 pulling image "mysql"
Normal Pulled 46m kubelet, 192.168.4.10 Successfully pulled image "mysql"
Normal Created 46m kubelet, 192.168.4.10 Created container
Normal Started 46m kubelet, 192.168.4.10 Started container
查看service
[Tilyp@master kubernetes]$ kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.254.0.1 <none> 443/TCP 5d22h
mysql1 NodePort 10.254.32.117 <none> 3307:32309/TCP 20m
利用kubectl在容器中执行命令
kubectl exec -it podname -c containerName -n namespace -- shell comand
查看所有命名空间
[Tilyp@master AIKubeflow]$ kubectl get namespaces
NAME STATUS AGE
default Active 5d23h
kube-public Active 5d23h
kube-system Active 5d23h
kubeflow Active 10m
[Tilyp@master AIKubeflow]$
设置master可调度
kubectl taint node k8s-master2 node-role.kubernetes.io/master-
给节点设置角色
kubectl label node k8s-node3 node-role.kubernetes.io/node=node
批量删除Evicted 状态的pod
kubectl get pods | grep Evicted | awk '{print $1}' | xargs kubectl delete pod
在执行命令时遇到以下错误
error: error upgrading connection: unable to upgrade connection: Forbidden (user=system:anonymous, verb=create, resource=nodes, subresource=proxy)
临时解决办法
kubectl create clusterrolebinding system:anonymous --clusterrole=cluster-admin --user=system:anonymous
2,https://www.v2ex.com/t/533770
问题以解决,如有问题请加技术交流群:526855734
最近在做少儿编程培训机构,欢迎大家关注