两台服务器

两台服务器

我在 ESXi 虚拟机管理程序上安装了两个 PhotonOS VM,并将第一个 VM 设置为 Kubernetes Master,将第二个 VM 设置为 Kubernetes Node。这是来自 VMWare 的说明以及以下两个站点。

两台服务器

/etc/kubernetes/config两者上的文件:

KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://k8s-master:8080"

在主人身上

/etc/kubernetes/apiserver

KUBE_API_ADDRESS="--address=0.0.0.0"
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_API_ARGS=""

node.json

{
     "apiVersion": "v1",
     "kind": "Node",
     "metadata": {
         "name": "k8s-worker-1",
         "labels":{ "name": "k8s-worker"}
     },
     "spec": {
         "externalID": "k8s-worker-1"
     }
}

在节点上

/etc/kubernetes/kubelet

KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_HOSTNAME="--hostname-override=k8s-worker-1"
KUBELET_API_SERVER="--kubeconfig=/etc/kubernetes/kubeconfig"
KUBELET_ARGS=""

/etc/kubernetes/kubeconfig

apiVersion: v1
clusters:
- cluster:
    server: http://k8s-master:8080

问题

因此,kubectl get pods -A回报No resources foundkubectl get rs -A回报

NAMESPACE              NAME                                   DESIRED   CURRENT   READY   AGE
kubernetes-dashboard   dashboard-metrics-scraper-79c5968bdc   1         0         0       106m
kubernetes-dashboard   kubernetes-dashboard-658485d5c7        1         0         0       106m

kubectl describe deployment -A返回

Name:                   dashboard-metrics-scraper
Namespace:              kubernetes-dashboard
CreationTimestamp:      Sat, 21 Aug 2021 02:44:38 +0000
Labels:                 k8s-app=dashboard-metrics-scraper
Annotations:            deployment.kubernetes.io/revision: 1
Selector:               k8s-app=dashboard-metrics-scraper
Replicas:               1 desired | 0 updated | 0 total | 0 available | 1 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:           k8s-app=dashboard-metrics-scraper
  Annotations:      seccomp.security.alpha.kubernetes.io/pod: runtime/default
  Service Account:  kubernetes-dashboard
  Containers:
   dashboard-metrics-scraper:
    Image:        kubernetesui/metrics-scraper:v1.0.6
    Port:         8000/TCP
    Host Port:    0/TCP
    Liveness:     http-get http://:8000/ delay=30s timeout=30s period=10s #success=1 #failure=3
    Environment:  <none>
    Mounts:
      /tmp from tmp-volume (rw)
  Volumes:
   tmp-volume:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     
    SizeLimit:  <unset>
Conditions:
  Type             Status  Reason
  ----             ------  ------
  Available        False   MinimumReplicasUnavailable
  ReplicaFailure   True    FailedCreate
  Progressing      False   ProgressDeadlineExceeded
OldReplicaSets:    <none>
NewReplicaSet:     dashboard-metrics-scraper-79c5968bdc (0/1 replicas created)
Events:            <none>


Name:                   kubernetes-dashboard
Namespace:              kubernetes-dashboard
CreationTimestamp:      Sat, 21 Aug 2021 02:44:38 +0000
Labels:                 k8s-app=kubernetes-dashboard
Annotations:            deployment.kubernetes.io/revision: 1
Selector:               k8s-app=kubernetes-dashboard
Replicas:               1 desired | 0 updated | 0 total | 0 available | 1 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:           k8s-app=kubernetes-dashboard
  Service Account:  kubernetes-dashboard
  Containers:
   kubernetes-dashboard:
    Image:      kubernetesui/dashboard:v2.3.1
    Port:       8443/TCP
    Host Port:  0/TCP
    Args:
      --auto-generate-certificates
      --namespace=kubernetes-dashboard
    Liveness:     http-get https://:8443/ delay=30s timeout=30s period=10s #success=1 #failure=3
    Environment:  <none>
    Mounts:
      /certs from kubernetes-dashboard-certs (rw)
      /tmp from tmp-volume (rw)
  Volumes:
   kubernetes-dashboard-certs:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  kubernetes-dashboard-certs
    Optional:    false
   tmp-volume:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     
    SizeLimit:  <unset>
Conditions:
  Type             Status  Reason
  ----             ------  ------
  Available        False   MinimumReplicasUnavailable
  ReplicaFailure   True    FailedCreate
  Progressing      False   ProgressDeadlineExceeded
OldReplicaSets:    <none>
NewReplicaSet:     kubernetes-dashboard-658485d5c7 (0/1 replicas created)
Events:            <none>

因此,如您所见,我无法启动并运行 kubernetes 仪表板,因为 pod 尚未准备好。我该怎么做才能解决这个问题?提前致谢。

答案1

我遇到了一个症状完全相同的问题。也许它也具有相同的根本原因。(仅供参考,我正在使用 VMware Tanzu 中的集群。)

kubectl get events --namespace kubernetes-dashboard即使尚未启动任何 pod,也可以运行以获取日志。

对我来说,K8s 事件中记录了以下内容:

Error creating: pods "kubernetes-dashboard-5c4b99db7-" is forbidden: PodSecurityPolicy: unable to admit pod: []
Error creating: pods "dashboard-metrics-scraper-66dd8bdd86-" is forbidden: PodSecurityPolicy: unable to admit pod: []

如果这也是你的错误,你应该调查PodSecurityPolicyhttps://kubernetes.io/docs/concepts/security/pod-security-policy/)。

对我来说,它有助于为我的用户创建一个ClusterRoleBindingRoleBinding

这篇文章解释了一切:https://www.unknownfault.com/posts/podsecuritypolicy-unable-to-admit-pod/

答案2

要开始故障排除,我可以在部署 YAML 的条件部分看到一条线索。您可以看到已创建一个新的副本集 (kubernetes-dashboard-658485d5c7);但是,它无法创建 Pod。通常,此问题是由于超出了 VM 资源配额。我们可以借助以下命令从 JSON 输出格式进行检查:

Kubectl get rs kubernetes-dashboard-658485d5c7 -o json | jq .status.conditions

然后,你会看到这样的消息:

“Message”: Pods \  kubernetes-dashboard-658485d5c7 is forbidden: failed quota:

要解决此问题,需要在容器中指定资源限制。我们可以使用以下命令检查当前默认限制:

Kubectl describe limits

一旦我们获得这些值,我们就可以在部署 YAML 文件中设置限制而不会超过这些值,如下例所示:

spec:
  replicas:1

 spec:
  containers:
    -name:kubernetes-dashboard

      resources:
        request:
        cpu:400m 
        Memory:6Mi

请注意,这些值仅供参考,您需要设置适合您的计算配额资源的值;此外,在此关联您将找到有关配额限制如何运作的更多信息。

相关内容