我在 ESXi 虚拟机管理程序上安装了两个 PhotonOS VM,并将第一个 VM 设置为 Kubernetes Master,将第二个 VM 设置为 Kubernetes Node。这是来自 VMWare 的说明以及以下两个站点。
两台服务器
/etc/kubernetes/config两者上的文件:
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://k8s-master:8080"
在主人身上
/etc/kubernetes/apiserver:
KUBE_API_ADDRESS="--address=0.0.0.0"
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_API_ARGS=""
node.json:
{
"apiVersion": "v1",
"kind": "Node",
"metadata": {
"name": "k8s-worker-1",
"labels":{ "name": "k8s-worker"}
},
"spec": {
"externalID": "k8s-worker-1"
}
}
在节点上
/etc/kubernetes/kubelet:
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_HOSTNAME="--hostname-override=k8s-worker-1"
KUBELET_API_SERVER="--kubeconfig=/etc/kubernetes/kubeconfig"
KUBELET_ARGS=""
/etc/kubernetes/kubeconfig
apiVersion: v1
clusters:
- cluster:
server: http://k8s-master:8080
问题
因此,kubectl get pods -A回报No resources found和kubectl get rs -A回报
NAMESPACE NAME DESIRED CURRENT READY AGE
kubernetes-dashboard dashboard-metrics-scraper-79c5968bdc 1 0 0 106m
kubernetes-dashboard kubernetes-dashboard-658485d5c7 1 0 0 106m
kubectl describe deployment -A返回
Name: dashboard-metrics-scraper
Namespace: kubernetes-dashboard
CreationTimestamp: Sat, 21 Aug 2021 02:44:38 +0000
Labels: k8s-app=dashboard-metrics-scraper
Annotations: deployment.kubernetes.io/revision: 1
Selector: k8s-app=dashboard-metrics-scraper
Replicas: 1 desired | 0 updated | 0 total | 0 available | 1 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: k8s-app=dashboard-metrics-scraper
Annotations: seccomp.security.alpha.kubernetes.io/pod: runtime/default
Service Account: kubernetes-dashboard
Containers:
dashboard-metrics-scraper:
Image: kubernetesui/metrics-scraper:v1.0.6
Port: 8000/TCP
Host Port: 0/TCP
Liveness: http-get http://:8000/ delay=30s timeout=30s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/tmp from tmp-volume (rw)
Volumes:
tmp-volume:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
Conditions:
Type Status Reason
---- ------ ------
Available False MinimumReplicasUnavailable
ReplicaFailure True FailedCreate
Progressing False ProgressDeadlineExceeded
OldReplicaSets: <none>
NewReplicaSet: dashboard-metrics-scraper-79c5968bdc (0/1 replicas created)
Events: <none>
Name: kubernetes-dashboard
Namespace: kubernetes-dashboard
CreationTimestamp: Sat, 21 Aug 2021 02:44:38 +0000
Labels: k8s-app=kubernetes-dashboard
Annotations: deployment.kubernetes.io/revision: 1
Selector: k8s-app=kubernetes-dashboard
Replicas: 1 desired | 0 updated | 0 total | 0 available | 1 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: k8s-app=kubernetes-dashboard
Service Account: kubernetes-dashboard
Containers:
kubernetes-dashboard:
Image: kubernetesui/dashboard:v2.3.1
Port: 8443/TCP
Host Port: 0/TCP
Args:
--auto-generate-certificates
--namespace=kubernetes-dashboard
Liveness: http-get https://:8443/ delay=30s timeout=30s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/certs from kubernetes-dashboard-certs (rw)
/tmp from tmp-volume (rw)
Volumes:
kubernetes-dashboard-certs:
Type: Secret (a volume populated by a Secret)
SecretName: kubernetes-dashboard-certs
Optional: false
tmp-volume:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
Conditions:
Type Status Reason
---- ------ ------
Available False MinimumReplicasUnavailable
ReplicaFailure True FailedCreate
Progressing False ProgressDeadlineExceeded
OldReplicaSets: <none>
NewReplicaSet: kubernetes-dashboard-658485d5c7 (0/1 replicas created)
Events: <none>
因此,如您所见,我无法启动并运行 kubernetes 仪表板,因为 pod 尚未准备好。我该怎么做才能解决这个问题?提前致谢。
答案1
我遇到了一个症状完全相同的问题。也许它也具有相同的根本原因。(仅供参考,我正在使用 VMware Tanzu 中的集群。)
kubectl get events --namespace kubernetes-dashboard即使尚未启动任何 pod,也可以运行以获取日志。
对我来说,K8s 事件中记录了以下内容:
Error creating: pods "kubernetes-dashboard-5c4b99db7-" is forbidden: PodSecurityPolicy: unable to admit pod: []
Error creating: pods "dashboard-metrics-scraper-66dd8bdd86-" is forbidden: PodSecurityPolicy: unable to admit pod: []
如果这也是你的错误,你应该调查PodSecurityPolicy(https://kubernetes.io/docs/concepts/security/pod-security-policy/)。
对我来说,它有助于为我的用户创建一个ClusterRoleBinding。RoleBinding
这篇文章解释了一切:https://www.unknownfault.com/posts/podsecuritypolicy-unable-to-admit-pod/
答案2
要开始故障排除,我可以在部署 YAML 的条件部分看到一条线索。您可以看到已创建一个新的副本集 (kubernetes-dashboard-658485d5c7);但是,它无法创建 Pod。通常,此问题是由于超出了 VM 资源配额。我们可以借助以下命令从 JSON 输出格式进行检查:
Kubectl get rs kubernetes-dashboard-658485d5c7 -o json | jq .status.conditions
然后,你会看到这样的消息:
“Message”: Pods \ kubernetes-dashboard-658485d5c7 is forbidden: failed quota:
要解决此问题,需要在容器中指定资源限制。我们可以使用以下命令检查当前默认限制:
Kubectl describe limits
一旦我们获得这些值,我们就可以在部署 YAML 文件中设置限制而不会超过这些值,如下例所示:
spec:
replicas:1
spec:
containers:
-name:kubernetes-dashboard
resources:
request:
cpu:400m
Memory:6Mi
请注意,这些值仅供参考,您需要设置适合您的计算配额资源的值;此外,在此关联您将找到有关配额限制如何运作的更多信息。