文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >使用istio创建bookinfo示例时,ReplicaFailure设置为FailedCreate

使用istio创建bookinfo示例时,ReplicaFailure设置为FailedCreate
EN

Stack Overflow用户
提问于 2020-08-06 19:29:03
回答 2查看 1.2K关注 0票数 0

我已经安装了istio 1.5.4版本。我正在尝试使用命令- kubectl apply -f samples/ bookinfo /platform/kube/bookinfo.yaml部署bookinfo应用程序

代码语言:javascript
复制
service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created

-bash-4.2$ kubectl get services
NAME          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
details       ClusterIP   10.108.221.161   <none>        9080/TCP   9s
kubernetes    ClusterIP   10.96.0.1        <none>        443/TCP    35d
productpage   ClusterIP   10.106.237.68    <none>        9080/TCP   9s
ratings       ClusterIP   10.96.155.198    <none>        9080/TCP   9s
reviews       ClusterIP   10.107.119.19    <none>        9080/TCP   9s
-bash-4.2$ kubectl get pods
No resources found in default namespace.

Pod未创建。

代码语言:javascript
复制
-bash-4.2$ kubectl get all
NAME                  TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
service/details       ClusterIP   10.108.221.161   <none>        9080/TCP   107s
service/kubernetes    ClusterIP   10.96.0.1        <none>        443/TCP    35d
service/productpage   ClusterIP   10.106.237.68    <none>        9080/TCP   107s
service/ratings       ClusterIP   10.96.155.198    <none>        9080/TCP   107s
service/reviews       ClusterIP   10.107.119.19    <none>        9080/TCP   107s

NAME                             READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/details-v1       0/1     0            0           107s
deployment.apps/productpage-v1   0/1     0            0           107s
deployment.apps/ratings-v1       0/1     0            0           107s
deployment.apps/reviews-v1       0/1     0            0           107s
deployment.apps/reviews-v2       0/1     0            0           107s
deployment.apps/reviews-v3       0/1     0            0           107s

NAME                                        DESIRED   CURRENT   READY   AGE
replicaset.apps/details-v1-78d78fbddf       1         0         0       107s
replicaset.apps/productpage-v1-85b9bf9cd7   1         0         0       107s
replicaset.apps/ratings-v1-6c9dbf6b45       1         0         0       107s
replicaset.apps/reviews-v1-564b97f875       1         0         0       107s
replicaset.apps/reviews-v2-568c7c9d8f       1         0         0       107s
replicaset.apps/reviews-v3-67b4988599       1         0         0       107s

-bash-4.2$ kubectl describe deployment.apps/reviews-v1
Name:                   reviews-v1
Namespace:              default
CreationTimestamp:      Thu, 06 Aug 2020 07:04:25 -0400
Labels:                 app=reviews
                        version=v1
Annotations:            deployment.kubernetes.io/revision: 1
                        kubectl.kubernetes.io/last-applied-configuration:
                          {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"app":"reviews","version":"v1"},"name":"reviews-v1","na...
Selector:               app=reviews,version=v1
Replicas:               1 desired | 0 updated | 0 total | 0 available | 1 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:           app=reviews
                    version=v1
  Service Account:  bookinfo-reviews
  Containers:
   reviews:
    Image:      docker.io/istio/examples-bookinfo-reviews-v1:1.15.0
    Port:       9080/TCP
    Host Port:  0/TCP
    Environment:
      LOG_DIR:  /tmp/logs
    Mounts:
      /opt/ibm/wlp/output from wlp-output (rw)
      /tmp from tmp (rw)
  Volumes:
   wlp-output:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
   tmp:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
Conditions:
  Type             Status  Reason
  ----             ------  ------
  Progressing      True    NewReplicaSetCreated
  Available        False   MinimumReplicasUnavailable
  ReplicaFailure   True    FailedCreate
OldReplicaSets:    reviews-v1-564b97f875 (0/1 replicas created)
NewReplicaSet:     <none>
Events:
  Type    Reason             Age    From                   Message
  ----    ------             ----   ----                   -------
  Normal  ScalingReplicaSet  5m54s  deployment-controller  Scaled up replica set reviews-v1-564b97f875 to 1

我正在将ReplicaFailure设置为FailedCreate

我试着增加另一个帖子中提到的progressDeadLineSeconds,但我仍然得到相同的问题。

代码语言:javascript
复制
-bash-4.2$ kubectl patch deployment.apps/reviews-v1 -p '{"spec":{"progressDeadlineSeconds":6000}}'
deployment.apps/reviews-v1 patched
-bash-4.2$ kubectl get pods
No resources found in default namespace.

没有创建Pod。你知道会出什么问题吗?

代码语言:javascript
复制
-bash-4.2$ kubectl get events
LAST SEEN   TYPE      REASON              OBJECT                                 MESSAGE
4m32s       Warning   FailedCreate        replicaset/details-v1-78d78fbddf       Error creating: Internal error occurred: failed calling webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: x509: certificate signed by unknown authority
59m         Normal    ScalingReplicaSet   deployment/details-v1                  Scaled up replica set details-v1-78d78fbddf to 1
4m32s       Warning   FailedCreate        replicaset/productpage-v1-85b9bf9cd7   Error creating: Internal error occurred: failed calling webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: x509: certificate signed by unknown authority
59m         Normal    ScalingReplicaSet   deployment/productpage-v1              Scaled up replica set productpage-v1-85b9bf9cd7 to 1
4m32s       Warning   FailedCreate        replicaset/ratings-v1-6c9dbf6b45       Error creating: Internal error occurred: failed calling webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: x509: certificate signed by unknown authority
59m         Normal    ScalingReplicaSet   deployment/ratings-v1                  Scaled up replica set ratings-v1-6c9dbf6b45 to 1
4m31s       Warning   FailedCreate        replicaset/reviews-v1-564b97f875       Error creating: Internal error occurred: failed calling webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: x509: certificate signed by unknown authority
59m         Normal    ScalingReplicaSet   deployment/reviews-v1                  Scaled up replica set reviews-v1-564b97f875 to 1
4m32s       Warning   FailedCreate        replicaset/reviews-v2-568c7c9d8f       Error creating: Internal error occurred: failed calling webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: x509: certificate signed by unknown authority
59m         Normal    ScalingReplicaSet   deployment/reviews-v2                  Scaled up replica set reviews-v2-568c7c9d8f to 1
4m34s       Warning   FailedCreate        replicaset/reviews-v3-67b4988599       Error creating: Internal error occurred: failed calling webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: x509: certificate signed by unknown authority
59m         Normal    ScalingReplicaSet   deployment/reviews-v3                  Scaled up replica set reviews-v3-67b4988599 to 1
-bash-4.2$ kubectl describe rs replicasetname
Error from server (NotFound): replicasets.extensions "replicasetname" not found
docker
kubernetes
istio
EN

回答 2

Stack Overflow用户

发布于 2020-08-06 20:12:07

从docs here

x509:未知颁发机构签名的证书错误通常是由webhook配置中的空caBundle引起的

验证可变matches配置中的caBundle是否与安装在istiod pod中的根证书匹配。

代码语言:javascript
复制
$ kubectl get mutatingwebhookconfiguration istio-sidecar-injector -o yaml -o jsonpath='{.webhooks[0].clientConfig.caBundle}' | md5sum
4b95d2ba22ce8971c7c92084da31faf0  -
$ kubectl -n istio-system get secret istiod-service-account-token -o jsonpath='{.data.root-cert\.pem}' | md5sum
4b95d2ba22ce8971c7c92084da31faf0  -

CA证书应匹配。如果没有,请重新启动istiod pod。

代码语言:javascript
复制
$ kubectl -n istio-system patch deployment istiod \
    -p "{\"spec\":{\"template\":{\"metadata\":{\"labels\":{\"date\":\"`date +'%s'`\"}}}}}"
deployment.extensions "istiod" patched
票数 0
EN

Stack Overflow用户

发布于 2020-09-02 18:47:22

我也有同样的问题:

root@bio DimetisOrchestrator# kubectl get mutatingwebhookconfiguration istio-sidecar injector -o yaml -o jsonpath='{.webhooks.clientConfig.caBundle}‘| md5sum 917d9c9007d2cd128b91c0005ac3fa84 -

root@bio服务kubectl -n istio-system get secret istiod- DimetisOrchestrator# -account-token -o jsonpath='{.data.root-cert.pem}‘| md5sum

来自服务器的错误(NotFound):找不到密码“istiod- d41d8cd98f00b204e9800998ecf8427e -account-token”-

即使重新启动istiod,证书也不匹配

根@bio系统根@bio DimetisOrchestrator# kubectl get deployment -n istio- DimetisOrchestrator# istiod名称就绪最新可用时间istiod 1/1 1 1 16h

票数 0
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/63282609

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档