自定义调度程序将Pod留在未决的Kubernetes集群中

时间:2019-04-26 13:30:04

标签: kubernetes scheduler

我按照Kubernetes文档中所述的说明逐步进行部署自定义调度程序

这里是[链接](https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

我指定的Pod应该使用我在Pending中部署的“ my-scheduler”叶子的调度程序进行调度。

Kubectl version : -Client: v1.14.1
                  -Server: v1.14.0

kubeadm version : v1.14.1



alisd@kubeMaster:~$ kubectl get pods -n kube-system
NAME                                 READY   STATUS    RESTARTS   AGE
calico-node-944jv                    2/2     Running   4          45h
coredns-fb8b8dccf-hzzwf              1/1     Running   2          45h
coredns-fb8b8dccf-zb228              1/1     Running   2          45h
etcd-kubemaster                      1/1     Running   3          45h
kube-apiserver-kubemaster            1/1     Running   3          45h
kube-controller-manager-kubemaster   1/1     Running   3          45h
kube-proxy-l6wrc                     1/1     Running   3          45h
kube-scheduler-kubemaster            1/1     Running   3          45h
my-scheduler-66cf896bfb-8j8sr        1/1     Running   2          45h


alisd@kubeMaster:~$ kubectl get pods
NAME                          READY   STATUS    RESTARTS   AGE
annotation-second-scheduler   0/1     Pending   0          4s



alisd@kubeMaster:~$ kubectl describe pod annotation-second-scheduler
Name:               annotation-second-scheduler
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               <none>
Labels:             name=multischeduler-example
Annotations:        <none>
Status:             Pending
IP:                 
Containers:
  pod-with-second-annotation-container:
    Image:        k8s.gcr.io/pause:2.0
    Port:         <none>
    Host Port:    <none>
    Environment:  <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-jclk7 (ro)
Volumes:
  default-token-jclk7:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-jclk7
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:          <none>







alisd@kubeMaster:~$ kubectl logs -f my-scheduler-66cf896bfb-8j8sr -n kube-system



E0426 14:44:01.742799       1 reflector.go:126] k8s.io/client-go/informers/factory.go:133: Failed to list *v1.StorageClass: storageclasses.storage.k8s.io is forbidden: User "system:serviceaccount:kube-system:my-scheduler" cannot list resource "storageclasses" in API group "storage.k8s.io" at the cluster scope
E0426 14:44:02.743952       1 reflector.go:126] k8s.io/client-go/informers/factory.go:133: Failed to list *v1.StorageClass: storageclasses.storage.k8s.io is forbidden: User "system:serviceaccount:kube-system:my-scheduler" cannot list resource "storageclasses" in API group "storage.k8s.io" at the cluster scope

..... 

alisd@kubeMaster:~$ kubectl get clusterrolebinding
NAME                                                   AGE
calico-node                                            46h
cluster-admin                                          46h
kubeadm:kubelet-bootstrap                              46h
kubeadm:node-autoapprove-bootstrap                     46h
kubeadm:node-autoapprove-certificate-rotation          46h
kubeadm:node-proxier                                   46h
my-scheduler-as-kube-scheduler                         46h

...... 

alisd@kubeMaster:~$ kubectl describe clusterrolebinding my-scheduler-as-kube-scheduler
Name:         my-scheduler-as-kube-scheduler
Labels:       <none>
Annotations:  <none>
Role:
  Kind:  ClusterRole
  Name:  system:kube-scheduler
Subjects:
  Kind            Name          Namespace
  ----            ----          ---------
  ServiceAccount  my-scheduler  kube-system

........ 

alisd@kubeMaster:~$ kubectl describe serviceaccount my-scheduler -n kube-systemName:                my-scheduler
Namespace:           kube-system
Labels:              <none>
Annotations:         <none>
Image pull secrets:  <none>
Mountable secrets:   my-scheduler-token-68pvk
Tokens:              my-scheduler-token-68pvk
Events:              <none>

.......

3 个答案:

答案 0 :(得分:1)

我找到了解决方法

添加以下行:

- apiGroups:
  - storage.k8s.io
  resources:
  - storageclasses
  verbs:
  - watch
  - list
  - get

此命令输出的末尾(这将打开一个文件供您编辑):

kubectl edit clusterrole system:kube-scheduler

使用我部署的调度程序的Pod现在正在运行

alisd@kubeMaster:~$ kubectl get pods 
NAME                          READY   STATUS    RESTARTS   AGE
annotation-second-scheduler   1/1     Running   0          9m33s

...... 

kubectl describe pod annotation-second-scheduler

...... 

 Events:
      Type    Reason     Age   From                 Message
      ----    ------     ----  ----                 -------
      Normal  Scheduled  12m   my-scheduler         Successfully assigned default/annotation-second-scheduler to kubemaster
      Normal  Pulled     12m   kubelet, kubemaster  Container image "k8s.gcr.io/pause:2.0" already present on machine
      Normal  Created    12m   kubelet, kubemaster  Created container pod-with-second-annotation-container
      Normal  Started    12m   kubelet, kubemaster  Started container pod-with-second-annotation-container

答案 1 :(得分:0)

服务帐户 system:serviceaccount:kube-system:my-scheduler 需要与以下群集范围的角色 system:kube-scheduler 关联,以便访问资源。 my-scheduler将具有与默认调度程序相同的权限。

  

还请注意,我们创建了一个专用服务帐户my-scheduler,并将集群角色system:kube-scheduler绑定到该帐户,以便它可以获得与kube-scheduler相同的特权。 define-a-kubernetes-deployment-for-the-scheduler 

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: my-scheduler-as-kube-scheduler
subjects:
- kind: ServiceAccount
  name: my-scheduler
  namespace: kube-system
roleRef:
  kind: ClusterRole
  name: system:kube-scheduler
  apiGroup: rbac.authorization.k8s.io

答案 2 :(得分:0)

要添加到ali saaad解决方案答案中,我还必须在资源中添加“ csinodes”才能安排广告连播,因此它看起来像:

- apiGroups:
   - storage.k8s.io
   resources:
   - csinodes
   - storageclasses
   verbs:
   - watch
   - list
   - get
相关问题
最新问题