kubenetes基本操作

在用户认证等做完后无法运行

kubectl exec -it mysql-st2ch -- /bin/bash

报错如下:

error: unable to upgrade connection: Forbidden (user=system:anonymous, verb=create, resource=nodes, subresource=proxy)

解决办法:

[Tilyp@master yaml]$ kubectl create clusterrolebinding system:anonymous   --clusterrole=cluster-admin   --user=system:anonymous
clusterrolebinding.rbac.authorization.k8s.io/system:anonymous created
[Tilyp@master yaml]$

查看pod详情:

[Tilyp@master kubernetes]$ kubectl describe pod mysql-st2ch
Name:               mysql-st2ch
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               192.168.4.10/192.168.4.10
Start Time:         Wed, 10 Apr 2019 14:28:39 +0800
Labels:             app=mysql
Annotations:        <none>
Status:             Running
IP:                 10.254.29.2
Controlled By:      ReplicationController/mysql
Containers:
  mysql:
    Container ID:   docker://047d9fe9c9045a550be80f5e9ba9ef9c40fb0b28c8ef455d74b3104e81345e59
    Image:          mysql
    Image ID:       docker-pullable://mysql@sha256:a7cf659a764732a27963429a87eccc8457e6d4af0ee9d5140a3b56e74986eed7
    Port:           3306/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Wed, 10 Apr 2019 14:30:04 +0800
    Ready:          True
    Restart Count:  0
    Environment:
      MYSQL_ROOT_PASSWORD:  123456
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-s95s4 (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  default-token-s95s4:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-s95s4
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type    Reason     Age   From                   Message
  ----    ------     ----  ----                   -------
  Normal  Scheduled  47m   default-scheduler      Successfully assigned default/mysql-st2ch to 192.168.4.10
  Normal  Pulling    47m   kubelet, 192.168.4.10  pulling image "mysql"
  Normal  Pulled     46m   kubelet, 192.168.4.10  Successfully pulled image "mysql"
  Normal  Created    46m   kubelet, 192.168.4.10  Created container
  Normal  Started    46m   kubelet, 192.168.4.10  Started container

查看service

[Tilyp@master kubernetes]$ kubectl get services
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
kubernetes   ClusterIP   10.254.0.1      <none>        443/TCP          5d22h
mysql1       NodePort    10.254.32.117   <none>        3307:32309/TCP   20m

利用kubectl在容器中执行命令

kubectl exec -it podname  -c  containerName -n namespace -- shell comand

查看所有命名空间

[Tilyp@master AIKubeflow]$ kubectl get namespaces
NAME          STATUS   AGE
default       Active   5d23h
kube-public   Active   5d23h
kube-system   Active   5d23h
kubeflow      Active   10m
[Tilyp@master  AIKubeflow]$

设置master可调度

kubectl taint node k8s-master2 node-role.kubernetes.io/master-

给节点设置角色

kubectl label node k8s-node3 node-role.kubernetes.io/node=node

批量删除Evicted 状态的pod

kubectl get pods | grep Evicted | awk '{print $1}' | xargs kubectl delete pod

在执行命令时遇到以下错误

error: error upgrading connection: unable to upgrade connection: Forbidden (user=system:anonymous, verb=create, resource=nodes, subresource=proxy)

临时解决办法

kubectl create clusterrolebinding system:anonymous --clusterrole=cluster-admin --user=system:anonymous

永久解决方案:1,https://stackoverflow.com/questions/44312745/kubernetes-rbac-unable-to-upgrade-connection-forbidden-user-systemanonymous

2,https://www.v2ex.com/t/533770

问题以解决,如有问题请加技术交流群:526855734

最近在做少儿编程培训机构,欢迎大家关注

 

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值