尝试在 Ubuntu-AWS 虚拟机中启动容器时出现权限错误。我正在使用 kubectl apply -f test.yaml 进行部署。Nginx 在同一个虚拟机中正常工作。我尝试更改权限、特权模式等,但没有成功。
请帮助我解决该错误。提前致谢。
ubuntu@rd-testc-virtual:~/TESTc$ cat testc.yaml
apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: DaemonSet
metadata:
name: testc
labels:
app: TESTC
tier: testvc
spec:
selector:
matchLabels:
app: TESTC
tier: testc
template:
metadata:
labels:
app: TESTC
tier: testc
spec:
hostNetwork: true
restartPolicy: Always
volumes:
- name: modulepath
hostPath:
path: /lib/modules
- name: local
hostPath:
path: /local/configvol
- name: dev
hostPath:
path: /dev
- name: hugepage
emptyDir:
medium: HugePages
- name: day0-config
configMap:
name: day0-config
optional: true
items:
- key: day0-config
path: day0-config
- name: vpn-config
configMap:
name: vpn-config
optional: true
items:
- key: vpn-config
path: vpn-config
- name: interface-config
configMap:
name: interface-config
optional: true
items:
- key: interface-config
path: interface-config
- name: day0-idtoken
secret:
secretName: day0-idtoken
optional: true
items:
- key: idtoken
path: idtoken
imagePullSecrets:
- name: regtestc
containers:
- name: testc
image: dockerhub.privaterepo.com/testc-dev-docker/testc:99.22.24.5
imagePullPolicy: Never
stdin: true
tty: true
securityContext:
capabilities:
add: ["SYS_RESOURCE", "SYS_ADMIN", "NET_ADMIN"]
privileged: true
env:
- name: TEST_DOCKER
value: "1"
- name: RUN_TEST_WITH_GDB
value: "0"
- name: TESTC_MEMORY
value: "2048M"
- name: TESTC_CPUS
value: "1"
- name: DISABLE_DPDK
value: "0"
- name: TEST_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: TEST_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: TEST_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: CORE_SIZE_LIMIT
value: "200MB"
- name: COREDUMP_PATH
value: "/mnt/coredump_repo/"
- name: TESTC_DEALER_ENDPOINT
value: "localhost:5555"
- name: TESTC_STANDALONE_MODE
value: "1"
- name: TESTC_ROOT_PRIVILEGE
value: "1"
volumeMounts:
- name: modulepath
mountPath: /lib/modules
- name: local
mountPath: /config
- name: dev
mountPath: /dev
- mountPath: /hugepages
name: hugepage
- name: day0-config
mountPath: /testc-day0-config
- name: vpn-config
mountPath: /mnt/vpn-config
subPath: vpn-config
- name: day0-idtoken
mountPath: /testc-day0-idtoken
readOnly: true
- name: interface-config
mountPath: /mnt/interface-config
resources:
limits:
hugepages-2Mi: 64Mi
memory: 2Gi
requests:
hugepages-2Mi: 64Mi
memory: 2Gi
ubuntu@rd-testc-virtual:~/TESTc$
ubuntu@rd-testc-virtual:~/TESTc$ kubectl get pod
NAME READY STATUS RESTARTS AGE
testc-k28fj 0/1 RunContainerError 0 (4s ago) 4s
ubuntu@rd-testc-virtual:~/TESTc$
ubuntu@rd-testc-virtual:~/TESTc$ kubectl describe pod
Name: testc-k28fj
Namespace: default
Priority: 0
Service Account: default
Node: minikube/192.168.49.2
Start Time: Fri, 22 Sep 2023 06:35:30 +0000
Labels: app=TESTC
controller-revision-hash=6556668fd7
pod-template-generation=1
tier=testc
Annotations: <none>
Status: Running
IP: 192.168.49.2
IPs:
IP: 192.168.49.2
Controlled By: DaemonSet/testc
Containers:
testc:
Container ID: docker://110d8b8566439997dabc20ea550481e045592e2ecded34952fb5a1d601ddf4e2
Image: dockerhub.privaterepo.com/testc-dev-docker/testc:99.22.24.5
Image ID: docker://sha256:9f0691a7a21614290abd79a5fc477199cd1a705be1aefff06fc7a903ed1a686b
Port: <none>
Host Port: <none>
State: Waiting
Reason: RunContainerError
Last State: Terminated
Reason: ContainerCannotRun
Message: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: ioctl(setctty): operation not permitted: unknown
Exit Code: 128
Started: Fri, 22 Sep 2023 06:35:30 +0000
Finished: Fri, 22 Sep 2023 06:35:30 +0000
Ready: False
Restart Count: 1
Limits:
hugepages-2Mi: 64Mi
memory: 2Gi
Requests:
hugepages-2Mi: 64Mi
memory: 2Gi
Environment:
TEST_DOCKER: 1
RUN_TEST_WITH_GDB: 0
TESTC_MEMORY: 2048M
TESTC_CPUS: 1
DISABLE_DPDK: 0
TEST_POD_NAME: testc-k28fj (v1:metadata.name)
TEST_POD_NAMESPACE: default (v1:metadata.namespace)
TEST_POD_IP: (v1:status.podIP)
CORE_SIZE_LIMIT: 200MB
COREDUMP_PATH: /mnt/coredump_repo/
TESTC_DEALER_ENDPOINT: localhost:5555
TESTC_STANDALONE_MODE: 1
TESTC_ROOT_PRIVILEGE: 1
Mounts:
/testc-day0-config from day0-config (rw)
/testc-day0-idtoken from day0-idtoken (ro)
/config from local (rw)
/dev from dev (rw)
/hugepages from hugepage (rw)
/lib/modules from modulepath (rw)
/mnt/interface-config from interface-config (rw)
/mnt/vpn-config from vpn-config (rw,path="vpn-config")
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-7pb8t (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
modulepath:
Type: HostPath (bare host directory volume)
Path: /lib/modules
HostPathType:
local:
Type: HostPath (bare host directory volume)
Path: /local/configvol
HostPathType:
dev:
Type: HostPath (bare host directory volume)
Path: /dev
HostPathType:
hugepage:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium: HugePages
SizeLimit: <unset>
day0-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: day0-config
Optional: true
vpn-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: vpn-config
Optional: true
interface-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: interface-config
Optional: true
day0-idtoken:
Type: Secret (a volume populated by a Secret)
SecretName: day0-idtoken
Optional: true
kube-api-access-7pb8t:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/disk-pressure:NoSchedule op=Exists
node.kubernetes.io/memory-pressure:NoSchedule op=Exists
node.kubernetes.io/network-unavailable:NoSchedule op=Exists
node.kubernetes.io/not-ready:NoExecute op=Exists
node.kubernetes.io/pid-pressure:NoSchedule op=Exists
node.kubernetes.io/unreachable:NoExecute op=Exists
node.kubernetes.io/unschedulable:NoSchedule op=Exists
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 14s default-scheduler Successfully assigned default/testc-k28fj to minikube
Normal Pulled 1s (x3 over 14s) kubelet Container image "dockerhub.privaterepo.com/testc-dev-docker/testc:99.22.24.5" already present on machine
Normal Created 1s (x3 over 14s) kubelet Created container testc
Warning Failed 1s (x3 over 14s) kubelet Error: failed to start container "testc": Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: ioctl(setctty): operation not permitted: unknown
ubuntu@rd-testc-virtual:~/TESTc$
ubuntu@rd-testc-virtual:~/TESTc$ubuntu@rd-testc-virtual:~/TESTc$ kubectl get pod
NAME READY STATUS RESTARTS AGE
testc-k28fj 0/1 RunContainerError 0 (4s ago) 4s
ubuntu@rd-testc-virtual:~/TESTc$
ubuntu@rd-testc-virtual:~/TESTc$ kubectl describe pod
Name: testc-k28fj
Namespace: default
Priority: 0
Service Account: default
Node: minikube/192.168.49.2
Start Time: Fri, 22 Sep 2023 06:35:30 +0000
Labels: app=TESTC
controller-revision-hash=6556668fd7
pod-template-generation=1
tier=testc
Annotations: <none>
Status: Running
IP: 192.168.49.2
IPs:
IP: 192.168.49.2
Controlled By: DaemonSet/testc
Containers:
testc:
Container ID: docker://110d8b8566439997dabc20ea550481e045592e2ecded34952fb5a1d601ddf4e2
Image: dockerhub.privaterepo.com/testc-dev-docker/testc:99.22.24.5
Image ID: docker://sha256:9f0691a7a21614290abd79a5fc477199cd1a705be1aefff06fc7a903ed1a686b
Port: <none>
Host Port: <none>
State: Waiting
Reason: RunContainerError
Last State: Terminated
Reason: ContainerCannotRun
Message: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: ioctl(setctty): operation not permitted: unknown
Exit Code: 128
Started: Fri, 22 Sep 2023 06:35:30 +0000
Finished: Fri, 22 Sep 2023 06:35:30 +0000
Ready: False
Restart Count: 1
Limits:
hugepages-2Mi: 64Mi
memory: 2Gi
Requests:
hugepages-2Mi: 64Mi
memory: 2Gi
Environment:
TEST_DOCKER: 1
RUN_TEST_WITH_GDB: 0
TESTC_MEMORY: 2048M
TESTC_CPUS: 1
DISABLE_DPDK: 0
TEST_POD_NAME: testc-k28fj (v1:metadata.name)
TEST_POD_NAMESPACE: default (v1:metadata.namespace)
TEST_POD_IP: (v1:status.podIP)
CORE_SIZE_LIMIT: 200MB
COREDUMP_PATH: /mnt/coredump_repo/
TESTC_DEALER_ENDPOINT: localhost:5555
TESTC_STANDALONE_MODE: 1
TESTC_ROOT_PRIVILEGE: 1
Mounts:
/testc-day0-config from day0-config (rw)
/testc-day0-idtoken from day0-idtoken (ro)
/config from local (rw)
/dev from dev (rw)
/hugepages from hugepage (rw)
/lib/modules from modulepath (rw)
/mnt/interface-config from interface-config (rw)
/mnt/vpn-config from vpn-config (rw,path="vpn-config")
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-7pb8t (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
modulepath:
Type: HostPath (bare host directory volume)
Path: /lib/modules
HostPathType:
local:
Type: HostPath (bare host directory volume)
Path: /local/configvol
HostPathType:
dev:
Type: HostPath (bare host directory volume)
Path: /dev
HostPathType:
hugepage:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium: HugePages
SizeLimit: <unset>
day0-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: day0-config
Optional: true
vpn-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: vpn-config
Optional: true
interface-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: interface-config
Optional: true
day0-idtoken:
Type: Secret (a volume populated by a Secret)
SecretName: day0-idtoken
Optional: true
kube-api-access-7pb8t:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/disk-pressure:NoSchedule op=Exists
node.kubernetes.io/memory-pressure:NoSchedule op=Exists
node.kubernetes.io/network-unavailable:NoSchedule op=Exists
node.kubernetes.io/not-ready:NoExecute op=Exists
node.kubernetes.io/pid-pressure:NoSchedule op=Exists
node.kubernetes.io/unreachable:NoExecute op=Exists
node.kubernetes.io/unschedulable:NoSchedule op=Exists
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 14s default-scheduler Successfully assigned default/testc-k28fj to minikube
Normal Pulled 1s (x3 over 14s) kubelet Container image "dockerhub.privaterepo.com/testc-dev-docker/testc:99.22.24.5" already present on machine
Normal Created 1s (x3 over 14s) kubelet Created container testc
Warning Failed 1s (x3 over 14s) kubelet Error: failed to start container "testc": Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: ioctl(setctty): operation not permitted: unknown
ubuntu@rd-testc-virtual:~/TESTc$
ubuntu@rd-testc-virtual:~/TESTc$