根据this article完成。
我安装了Kubernetes。然后安装可通过HTTPS工作的etcd群集,该群集仅侦听localhost接口(可从任何Docker容器内部访问)。 现在,我需要持久卷来安装数据库集群。选择Portworx。它生成了守护程序YAML-config。这是已安装的守护程序集的描述:
# kubectl describe daemonset portworx --namespace=kube-system
Name: portworx
Selector: name=portworx
Node-Selector: <none>
Labels: name=portworx
Annotations: kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"extensions/v1beta1","kind":"DaemonSet","metadata":{"annotations":{"portworx.com/install-source":"http://install.portworx.com/?c=bp_clust...
portworx.com/install-source=http://install.portworx.com/?c=bp_cluster&k=etcd:https://127.0.0.1:2379&kbver=1.11.0&s=/dev/xvda1&d=ens3&m=ens3&stork=false&ca=/etc/kubernetes/pki/etcd/ca.crt%%20&cert=/etc...
Desired Number of Nodes Scheduled: 2
Current Number of Nodes Scheduled: 2
Number of Nodes Scheduled with Up-to-date Pods: 2
Number of Nodes Scheduled with Available Pods: 0
Number of Nodes Misscheduled: 0
Pods Status: 2 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
Labels: name=portworx
Service Account: px-account
Containers:
portworx:
Image: portworx/oci-monitor:1.3.4
Port: <none>
Host Port: <none>
Args:
-k
etcd:https://127.0.0.1:2379
-c
bp_cluster
-d
ens3
-m
ens3
-s
/dev/xvda1
-ca
/etc/kubernetes/pki/etcd/ca.crt
-cert
/etc/kubernetes/pki/etcd/server.crt
-key
/etc/kubernetes/pki/etcd/server.key
-x
kubernetes
Liveness: http-get http://127.0.0.1:9001/status delay=840s timeout=1s period=30s #success=1 #failure=3
Readiness: http-get http://127.0.0.1:9015/health delay=0s timeout=1s period=10s #success=1 #failure=3
Environment:
PX_TEMPLATE_VERSION: v3
Mounts:
/etc/pwx from etcpwx (rw)
/etc/systemd/system from sysdmount (rw)
/host_proc/1/ns from proc1nsmount (rw)
/opt/pwx from optpwx (rw)
/var/run/dbus from dbusmount (rw)
/var/run/docker.sock from dockersock (rw)
Volumes:
dockersock:
Type: HostPath (bare host directory volume)
Path: /var/run/docker.sock
HostPathType:
etcpwx:
Type: HostPath (bare host directory volume)
Path: /etc/pwx
HostPathType:
optpwx:
Type: HostPath (bare host directory volume)
Path: /opt/pwx
HostPathType:
proc1nsmount:
Type: HostPath (bare host directory volume)
Path: /proc/1/ns
HostPathType:
sysdmount:
Type: HostPath (bare host directory volume)
Path: /etc/systemd/system
HostPathType:
dbusmount:
Type: HostPath (bare host directory volume)
Path: /var/run/dbus
HostPathType:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal SuccessfulCreate 22m daemonset-controller Created pod: portworx-67w7m
Normal SuccessfulCreate 22m daemonset-controller Created pod: portworx-mxtr8
但是在portworx的日志中,我看到它正在尝试通过纯HTTP连接到etcd,并且显然会出错,因为无法解释包装到SSL的响应:
# kubectl logs -f pod/portworx-67w7m --namespace=kube-system
<some logs are erased du to lack of relevance>
Jul 02 13:19:25 ip-172-31-18-91 px-runc[25417]: time="2018-07-02T13:19:25Z" level=error msg="Could not load config file /etc/pwx/config.json due to: Error in obtaining etcd version: Get http://127.0.0.1:2379/version: net/http: HTTP/1.x transport connection broken: malformed HTTP response \"\\x15\\x03\\x01\\x00\\x02\\x02\". Please visit http://docs.portworx.com for more information."
Jul 02 13:19:25 ip-172-31-18-91 px-runc[25417]: PXPROCS: px daemon exited with code: 1
Jul 02 13:19:25 ip-172-31-18-91 px-runc[25417]: 2107
Jul 02 13:19:25 ip-172-31-18-91 px-runc[25417]: 2018-07-02 13:19:25,474 INFO exited: pxdaemon (exit status 1; not expected)
我做错了什么?
答案 0 :(得分:2)
我不知道为什么他们没有出现“无法读取-cert文件”错误,但是您在选项中指定了/etc/kubernetes/pki/etcd/server.crt却没有将/etc/kubernetes/pki卷挂载到容器。出于显而易见的原因,kubernetes不会自动 卷安装其pki目录,因此,您必须指定它。
如果为您生成了DaemonSet(根据注释显示),那么他们就是expecting the certs to live in /etc/pwx/etcdcerts(位于他们的{{3 }}),因此当您提供非/etc路径时,两个世界会发生碰撞。