Pod未在群集上启动(群集向下)

时间:2018-05-24 14:42:53

标签: kubernetes kops weave

我的群集目前已关闭,我无法在其上启动新的广告连播。我尝试使用kops从1.9.1升级到1.9.3并添加pvc resize admissionControl。随着滚动升级的发生,我注意到新节点没有正常上线(即使滚动升级认为它们是)。我放弃了滚动升级。我发现豆荚抱怨:

open /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or directory

kube api服务器显示:

I0524 14:27:43.871432       1 rbac.go:116] RBAC DENY: user "system:kube-proxy" groups ["system:authenticated"] cannot "get" resource "nodes" named "ip-10-23-2-5.ec2.internal" cluster-wide
I0524 14:27:43.873562       1 rbac.go:116] RBAC DENY: user "kubelet" groups ["system:nodes" "system:authenticated"] cannot "list" resource "nodes" cluster-wide
I0524 14:27:43.873783       1 rbac.go:116] RBAC DENY: user "kubelet" groups ["system:nodes" "system:authenticated"] cannot "list" resource "services" cluster-wide
I0524 14:27:43.887303       1 rbac.go:116] RBAC DENY: user "system:kube-scheduler" groups ["system:authenticated"] cannot "list" resource "replicasets.extensions" cluster-wide
I0524 14:27:43.887569       1 rbac.go:116] RBAC DENY: user "system:kube-scheduler" groups ["system:authenticated"] cannot "list" resource "persistentvolumeclaims" cluster-wide
I0524 14:27:43.949818       1 rbac.go:116] RBAC DENY: user "kubelet" groups ["system:nodes" "system:authenticated"] cannot "list" resource "pods" cluster-wide
I0524 14:27:43.956233       1 rbac.go:116] RBAC DENY: user "system:kube-scheduler" groups ["system:authenticated"] cannot "list" resource "statefulsets.apps" cluster-wide
I0524 14:27:43.958076       1 rbac.go:116] RBAC DENY: user "system:kube-scheduler" groups ["system:authenticated"] cannot "list" resource "services" cluster-wide
I0524 14:27:43.958564       1 rbac.go:116] RBAC DENY: user "system:kube-scheduler" groups ["system:authenticated"] cannot "list" resource "nodes" cluster-wide
I0524 14:27:43.972226       1 rbac.go:116] RBAC DENY: user "kubelet" groups ["system:nodes" "system:authenticated"] cannot "create" resource "nodes" cluster-wide

请帮忙

1 个答案:

答案 0 :(得分:0)

最后解决了这个问题。由于没有与某些pod相关联的适当权限的服务帐户,api日志中的错误会产生误导并持续存在。

根本问题在于滚动升级会让一个主人“准备就绪”,但是没有ServiceAccount admissionControl的apiserver正在运行。所以新的豆荚正在那里路由而不会出现。通过纠正所有主人的admissionControl解决了这个问题。