在新安装的kubernetes环境中,尝试创建rc后,pod无法正常启动。通过`kubectl describe rc redis-master`发现事件提示:`FailedCreate: No API token found for created and added to the service account`。问题根源在于kube-apiserver的启动参数错误,存在SecurityContextDeny和服务账户相关问题。解决方法是编辑apiserver配置文件,删除涉及这部分的参数,然后重启kube-apiserver服务。
kubernetes 问题汇总
1、新安装kubernetes到服务器,在创建rc之后,无法启动pod。yaml文件如下:
apiVersion: v1
kind: ReplicationController
metadata:
name: redis-master
labels:
name: redis-master
spec:
replicas: 1
selector:
name: redis-master
template:
metadata:
labels:
name: redis-master
spec:
containers:
- name: master
image: kubeguide/redis-master
ports:
- containerPort: 63792、执行以下指令创建rc,结果未成功创建pod
[root@izwz98e5znt7xgdg8aj0cfz Guestbook]# kubectl create -f redis-master-controller.yaml
3、查看rc的events信息
[root@izwz98e5znt7xgdg8aj0cfz ~]# kubectl describe rc redis-master
Name: redis-master
Namespace: default
Image(s): kubeguide/redis-master
Selector: name=redis-master
Labels: name=redis-master
Replicas: 0 current / 1 desired
Pods Status: 0 Running / 0 Waiting / 0 Succeeded / 0 Failed
No volumes.
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
——— ——– —– —- ————- ——– —— ——-
4h 2m 57 {replication-controller } Warning FailedCreate Error creating: No API token found for created and added to the service account
4、问题原因:kubeapiserver启动参数问题导致
5、解决办法:
[root@izwz98e5znt7xgdg8aj0cfz Guestbook]# vim /etc/kubernetes/apiserver
编辑kube-apiserver的配置文件,找到权限控制部分,删除SecurityContextDeny,ServiceAccount后保存
KUBE_ADMISSION_CONTROL=”–admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota”
重启kube-apiserver
systemctl restart kube-apiserver
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
