文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >Pod在集群上未启动(集群关闭)

Pod在集群上未启动(集群关闭)
EN

Stack Overflow用户
提问于 2018-05-24 22:42:53
回答 1查看 111关注 0票数 0

我的集群当前已关闭,无法在其上启动新的pod。我尝试使用kops从1.9.1升级到1.9.3,并添加了pvc resize admissionControl。当滚动升级发生时,我注意到新的节点没有正确地联机(即使rollingupgrade认为它们是)。我中止了滚动升级。我发现pod在抱怨:

代码语言:javascript
复制
open /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or directory

kube api服务器显示:

代码语言:javascript
复制
I0524 14:27:43.871432       1 rbac.go:116] RBAC DENY: user "system:kube-proxy" groups ["system:authenticated"] cannot "get" resource "nodes" named "ip-10-23-2-5.ec2.internal" cluster-wide
I0524 14:27:43.873562       1 rbac.go:116] RBAC DENY: user "kubelet" groups ["system:nodes" "system:authenticated"] cannot "list" resource "nodes" cluster-wide
I0524 14:27:43.873783       1 rbac.go:116] RBAC DENY: user "kubelet" groups ["system:nodes" "system:authenticated"] cannot "list" resource "services" cluster-wide
I0524 14:27:43.887303       1 rbac.go:116] RBAC DENY: user "system:kube-scheduler" groups ["system:authenticated"] cannot "list" resource "replicasets.extensions" cluster-wide
I0524 14:27:43.887569       1 rbac.go:116] RBAC DENY: user "system:kube-scheduler" groups ["system:authenticated"] cannot "list" resource "persistentvolumeclaims" cluster-wide
I0524 14:27:43.949818       1 rbac.go:116] RBAC DENY: user "kubelet" groups ["system:nodes" "system:authenticated"] cannot "list" resource "pods" cluster-wide
I0524 14:27:43.956233       1 rbac.go:116] RBAC DENY: user "system:kube-scheduler" groups ["system:authenticated"] cannot "list" resource "statefulsets.apps" cluster-wide
I0524 14:27:43.958076       1 rbac.go:116] RBAC DENY: user "system:kube-scheduler" groups ["system:authenticated"] cannot "list" resource "services" cluster-wide
I0524 14:27:43.958564       1 rbac.go:116] RBAC DENY: user "system:kube-scheduler" groups ["system:authenticated"] cannot "list" resource "nodes" cluster-wide
I0524 14:27:43.972226       1 rbac.go:116] RBAC DENY: user "kubelet" groups ["system:nodes" "system:authenticated"] cannot "create" resource "nodes" cluster-wide

请帮帮忙

kubernetes
kops
weave
EN

回答 1

Stack Overflow用户

发布于 2018-05-25 01:14:03

最终解决了这个问题。api日志中的错误具有误导性并持续存在,原因是没有与某些pods关联的具有适当权限的服务帐户。

根本的问题是,滚动升级只留下一个主服务器“就绪”,而apiserver在没有ServiceAccount admissionControl的情况下仍在运行。因此,新的豆荚被路由到那里,但没有出现。已通过更正所有主机上的admissionControl解决此问题。

票数 0
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/50512173

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档