错误:无法启动补丁程序证书循环mutatingwebhookconfigurations.admissionregistration.k8s.io“ istio-sidecar-injector”

时间:2019-09-26 19:37:40

标签: kubernetes kubernetes-helm istio azure-aks

从头盔图表安装istio时出现"istio-sidecar-injector" not found错误。

NAME                                      READY     STATUS             RESTARTS   AGE
certmanager-b8dc8f99c-bw52l               1/1       Running            0          2m
istio-citadel-5cf47dbf7c-2brk9            1/1       Running            0          2m
istio-galley-7898b587db-n44z9             1/1       Running            0          2m
istio-ingressgateway-5d88688454-wrxsr     2/2       Running            0          2m
istio-init-crd-10-5rkt6                   0/1       Completed          0          2m
istio-init-crd-11-pg447                   0/1       Completed          0          2m
istio-init-crd-12-mxrhz                   0/1       Completed          0          2m
istio-pilot-57b48b77bf-nbjtv              2/2       Running            0          2m
istio-policy-769664fcf7-59v2n             2/2       Running            0          2m
istio-sidecar-injector-677bd5ccc5-ckql5   0/1       CrashLoopBackOff   4          2m
istio-telemetry-f5798dbb7-z6dvz           2/2       Running            1          2m
prometheus-776fdf7479-psrf5               1/1       Running            0          2m

描述Pod 

Name:               istio-sidecar-injector-677bd5ccc5-v4shl
Namespace:          istio-system
Priority:           0
PriorityClassName:  <none>
Node:               aks-agentpool-17141372-2/10.240.0.66
Start Time:         Thu, 26 Sep 2019 14:53:55 -0400
Labels:             app=sidecarInjectorWebhook
            chart=sidecarInjectorWebhook
            heritage=Tiller
            istio=sidecar-injector
            pod-template-hash=677bd5ccc5
            release=istio
Annotations:        sidecar.istio.io/inject=false
Status:             Running
IP:                 10.240.0.93
Controlled By:      ReplicaSet/istio-sidecar-injector-677bd5ccc5
Containers:
  sidecar-injector-webhook:
    Container ID:  docker://e5c96af389797e7a0488cf0dac180ff3494fe8602c2cd7a50080e8a848be207a
    Image:         docker.io/istio/sidecar_injector:1.2.5
    Image ID:      docker-pullable://istio/sidecar_injector@sha256:6c281139337df6e2f96f3d883e5dc2a75cb6234986ae4f1cd3f9f324112b46eb
    Port:          <none>
    Host Port:     <none>
    Args:
      --caCertFile=/etc/istio/certs/root-cert.pem
      --tlsCertFile=/etc/istio/certs/cert-chain.pem
      --tlsKeyFile=/etc/istio/certs/key.pem
      --injectConfig=/etc/istio/inject/config
      --meshConfig=/etc/istio/config/mesh
      --healthCheckInterval=2s
      --healthCheckFile=/health
    State:          Waiting
      Reason:       CrashLoopBackOff
    Last State:     Terminated
      Reason:       Error
      Exit Code:    255
      Started:      Thu, 26 Sep 2019 14:55:32 -0400
      Finished:     Thu, 26 Sep 2019 14:55:32 -0400
    Ready:          False
    Restart Count:  4
    Requests:
      cpu:        10m
    Liveness:     exec [/usr/local/bin/sidecar-injector probe --probe-path=/health --interval=4s] delay=4s timeout=1s period=4s #success=1 #failure=3
    Readiness:    exec [/usr/local/bin/sidecar-injector probe --probe-path=/health --interval=4s] delay=4s timeout=1s period=4s #success=1 #failure=3
    Environment:  <none>
    Mounts:
      /etc/istio/certs from certs (ro)
      /etc/istio/config from config-volume (ro)
      /etc/istio/inject from inject-config (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from istio-sidecar-injector-service-account-token-nxc4z (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  config-volume:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      istio
    Optional:  false
  certs:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  istio.istio-sidecar-injector-service-account
    Optional:    false
  inject-config:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      istio-sidecar-injector
    Optional:  false
  istio-sidecar-injector-service-account-token-nxc4z:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  istio-sidecar-injector-service-account-token-nxc4z
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
         node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason     Age               From                               Message
  ----     ------     ----              ----                               -------
  Normal   Scheduled  2m                default-scheduler                  Successfully assigned istio-system/istio-sidecar-injector-677bd5ccc5-v4shl to aks-agentpool-17141372-2
  Warning  BackOff    1m (x10 over 2m)  kubelet, aks-agentpool-17141372-2  Back-off restarting failed container
  Normal   Pulled     1m (x5 over 2m)   kubelet, aks-agentpool-17141372-2  Container image "docker.io/istio/sidecar_injector:1.2.5" already present on machine
  Normal   Created    1m (x5 over 2m)   kubelet, aks-agentpool-17141372-2  Created container sidecar-injector-webhook
  Normal   Started    1m (x5 over 2m)   kubelet, aks-agentpool-17141372-2  Started container sidecar-injector-webhook

istio版本:v1.2.5

如何安装Istio?:头盔图表

日志

  

错误:无法启动补丁程序证书循环mutatingwebhookconfigurations.admissionregistration.k8s.io“ istio-sidecar-injector”

我不知道是什么原因导致上述错误。

1 个答案:

答案 0 :(得分:0)

DECLARE @Date VARCHAR(7) SET @Date = '2019-01' SELECT CONVERT(VARCHAR(8),DBO.LastDayofMonth(CAST(@Date+'-01' as DATETIME)),112) 状态表示Pod正在启动并在循环中崩溃。

因此,请尝试调查CrashLoopBackOff吊舱的日志

Issue #6553

另外,请尝试从发行#6553开始的这些技巧:istio- Sidecar injector fails to start - CrashLoopBackOff

关于sidecar-injector

  

Kubernetes Webhook可以自动进行Istio边车注入。

相关问题
最新问题