英文:
Create a cluster that uses Pod Security Admission
问题
I try to configure the API server to consume this file during cluster creation.
我尝试配置API服务器以在集群创建期间使用此文件。
My system is Ubuntu 22.04.2 LTS x86_64
我的系统是Ubuntu 22.04.2 LTS x86_64
kind version is v0.17.0 go1.19.2 linux/amd64
kind版本是v0.17.0 go1.19.2 linux/amd64
minikube version: v1.29.0
minikube版本:v1.29.0
The config file is:
配置文件如下:
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
kubeadmConfigPatches:- |
kind: ClusterConfiguration
apiServer:
extraArgs:
admission-control-config-file: /etc/config/cluster-level-pss.yaml
extraVolumes:
- name: accf
hostPath: /etc/config
mountPath: /etc/config
readOnly: false
pathType: "DirectoryOrCreate"
extraMounts: - hostPath: /tmp/pss
containerPath: /etc/configoptional: if set, the mount is read-only.
default false
readOnly: false
optional: if set, the mount needs SELinux relabeling.
default false
selinuxRelabel: false
optional: set propagation mode (None, HostToContainer or Bidirectional)
see https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation
default None
- |
当我运行:
kind create cluster --name psa-with-cluster-pss --image kindest/node:v1.24.0 --config /tmp/pss/cluster-config.yaml --retain
I get (the last step crushes after a long time):
我得到以下输出(最后一步在很长时间后失败):
Creating cluster "psa-with-cluster-pss" ...
创建集群 "psa-with-cluster-pss"...
✓ Ensuring node image (kindest/node:v1.24.0) 🖼
✓ Preparing nodes 📦
✓ Writing configuration
Starting control-pane
启动控制平面
traceback:
堆栈跟踪:
0226 15:54:45.575727 123 round_trippers.go:553] GET https://psa-with-cluster-pss-control-plane:6443/healthz?timeout=10s in 0 milliseconds
0226 15:54:45.575727 123 round_trippers.go:553] GET https://psa-with-cluster-pss-control-plane:6443/healthz?timeout=10s in 0 milliseconds
Unfortunately, an error has occurred:
很不幸,发生了错误:
timed out waiting for the condition
等待条件时超时
This error is likely caused by:
这个错误可能是由以下原因引起的:
- The kubelet is not running
- kubelet未运行
- The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)
- kubelet由于节点的某种方式的错误配置而不健康(需要禁用cgroups)
If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
如果您使用systemd系统,您可以尝试使用以下命令来排除错误:
- 'systemctl status kubelet'
- 'systemctl status kubelet'
- 'journalctl -xeu kubelet'
- 'journalctl -xeu kubelet'
Additionally, a control plane component may have crashed or exited when started by the container runtime.
此外,控制平面组件可能在容器运行时启动时崩溃或退出。
To troubleshoot, list all containers using your preferred container runtimes CLI.
要进行故障排除,请使用首选的容器运行时CLI列出所有容器。
Here is one example how you may list all running Kubernetes containers by using crictl:
以下是一个示例,您可以使用crictl来列出所有正在运行的Kubernetes容器:
- 'crictl --runtime-endpoint unix:///run/containerd/containerd.sock ps -a | grep kube | grep -v pause'
- 'crictl --runtime-endpoint unix:///run/containerd/containerd.sock ps -a | grep kube | grep -v pause'
Once you have found the failing container, you can inspect its logs with:
找到故障容器后,您可以使用以下命令检查其日志: - 'crictl --runtime-endpoint unix:///run/containerd/containerd.sock logs CONTAINERID'
- 'crictl --runtime-endpoint unix:///run/containerd/containerd.sock logs CONTAINERID'
couldn't initialize a Kubernetes cluster
无法初始化Kubernetes集群
k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/init.runWaitControlPlanePhase
k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/init.runWaitControlPlanePhase
cmd/kubeadm/app/cmd/phases/init/waitcontrolplane.go:108
cmd/kubeadm/app/cmd/phases/init/waitcontrolplane.go:108
k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).Run.func1
k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).Run.func1
cmd/kubeadm/app/cmd/phases/workflow/runner.go:234
cmd/kubeadm/app/cmd/phases/workflow/runner.go:234
k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).visitAll
k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).visitAll
cmd/kubeadm/app/cmd/phases/workflow/runner.go:421
cmd/kubeadm/app/cmd/phases/workflow/runner.go:421
k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).Run
k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).Run
cmd/kubeadm/app/cmd/phases/workflow/runner.go:207
cmd/kubeadm/app/cmd/phases/workflow/runner.go:207
k8s.io/kubernetes/cmd/kubeadm/app/cmd.newCmdInit.func1
k8s.io/kubernetes/cmd/kubeadm/app/cmd.newCmdInit.func1
cmd/kubeadm/app/cmd/init.go:153
cmd/kubeadm/app/cmd/init.go:153
k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).execute
k8s.io/kubernetes/vendor/github
英文:
I try to configure the API server to consume this file during cluster creation.
My system is Ubuntu 22.04.2 LTS x86_64
kind version is v0.17.0 go1.19.2 linux/amd64
minikube version: v1.29.0
The config file is:
kind: ClusterapiVersion: kind.x-k8s.io/v1alpha4nodes:- role: control-planekubeadmConfigPatches:- |kind: ClusterConfigurationapiServer:extraArgs:admission-control-config-file: /etc/config/cluster-level-pss.yamlextraVolumes:- name: accfhostPath: /etc/configmountPath: /etc/configreadOnly: falsepathType: "DirectoryOrCreate"extraMounts:- hostPath: /tmp/psscontainerPath: /etc/config# optional: if set, the mount is read-only.# default falsereadOnly: false# optional: if set, the mount needs SELinux relabeling.# default falseselinuxRelabel: false# optional: set propagation mode (None, HostToContainer or Bidirectional)# see https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation# default Nonepropagation: None
When I run:
kind create cluster --name psa-with-cluster-pss --image kindest/node:v1.24.0 --config /tmp/pss/cluster-config.yaml --retain
I get (the last step crushes after a long time):
Creating cluster "psa-with-cluster-pss" ...✓ Ensuring node image (kindest/node:v1.24.0) 🖼✓ Preparing nodes 📦✓ Writing configurationStarting control-pane
traceback:
0226 15:54:45.575727 123 round_trippers.go:553] GET https://psa-with-cluster-pss-control-plane:6443/healthz?timeout=10s in 0 millisecondsUnfortunately, an error has occurred:timed out waiting for the conditionThis error is likely caused by:- The kubelet is not running- The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:- 'systemctl status kubelet'- 'journalctl -xeu kubelet'Additionally, a control plane component may have crashed or exited when started by the container runtime.To troubleshoot, list all containers using your preferred container runtimes CLI.Here is one example how you may list all running Kubernetes containers by using crictl:- 'crictl --runtime-endpoint unix:///run/containerd/containerd.sock ps -a | grep kube | grep -v pause'Once you have found the failing container, you can inspect its logs with:- 'crictl --runtime-endpoint unix:///run/containerd/containerd.sock logs CONTAINERID'couldn't initialize a Kubernetes clusterk8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/init.runWaitControlPlanePhasecmd/kubeadm/app/cmd/phases/init/waitcontrolplane.go:108k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).Run.func1cmd/kubeadm/app/cmd/phases/workflow/runner.go:234k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).visitAllcmd/kubeadm/app/cmd/phases/workflow/runner.go:421k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).Runcmd/kubeadm/app/cmd/phases/workflow/runner.go:207k8s.io/kubernetes/cmd/kubeadm/app/cmd.newCmdInit.func1cmd/kubeadm/app/cmd/init.go:153k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).executevendor/github.com/spf13/cobra/command.go:856k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).ExecuteCvendor/github.com/spf13/cobra/command.go:974k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).Executevendor/github.com/spf13/cobra/command.go:902k8s.io/kubernetes/cmd/kubeadm/app.Runcmd/kubeadm/app/kubeadm.go:50main.maincmd/kubeadm/kubeadm.go:25runtime.main/usr/local/go/src/runtime/proc.go:250runtime.goexit/usr/local/go/src/runtime/asm_amd64.s:1571error execution phase wait-control-planek8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).Run.func1cmd/kubeadm/app/cmd/phases/workflow/runner.go:235k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).visitAllcmd/kubeadm/app/cmd/phases/workflow/runner.go:421k8s.io/kubernetes/cmd/kubeadm/app/cmd/phases/workflow.(*Runner).Runcmd/kubeadm/app/cmd/phases/workflow/runner.go:207k8s.io/kubernetes/cmd/kubeadm/app/cmd.newCmdInit.func1cmd/kubeadm/app/cmd/init.go:153k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).executevendor/github.com/spf13/cobra/command.go:856k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).ExecuteCvendor/github.com/spf13/cobra/command.go:974k8s.io/kubernetes/vendor/github.com/spf13/cobra.(*Command).Executevendor/github.com/spf13/cobra/command.go:902k8s.io/kubernetes/cmd/kubeadm/app.Runcmd/kubeadm/app/kubeadm.go:50main.maincmd/kubeadm/kubeadm.go:25runtime.main/usr/local/go/src/runtime/proc.go:250runtime.goexit/usr/local/go/src/runtime/asm_amd64.s:1571
答案1
得分: 1
尝试移除并重新安装 Docker, docker-ce 和 CNI。在 kubelet 安装过程中,您必须配置 Docker 容器。
出现错误消息是因为您错过了一些步骤,这些步骤未在文档中提到。请参考 容器运行时官方文档 以获取更多信息。检查您可能需要执行以下操作:kubeadm reset,然后使用固定的IP,然后运行 kubeadm init。
sudo kubeadm resetsudo apt-get install -qy kubelet kubectl kubeadmsudo apt-mark hold kubelet kubeadm kubectlsudo mkdir /etc/dockercat <<EOF | sudo tee /etc/docker/daemon.json{"exec-opts": ["native.cgroupdriver=systemd"],"log-driver": "json-file","log-opts": {"max-size": "100m"},"storage-driver": "overlay2"}EOFsudo systemctl enable dockersudo systemctl daemon-reloadsudo systemctl restart dockersudo kubeadm init --control-plane-endpoint kube-master:6443 --pod-network-cidr=192.168.0.0/16
如果您在一个采用 systemd 的系统上,您可以尝试使用以下命令来排除错误:- 'systemctl status kubelet' 和 - 'journalctl -xeu kubelet'。
更多信息,请参考 Kubeadm init fails with controlPlaneEndpoint。
还请参考 Kind 的已知问题:Troubleshooting kind,并检查 Failure to Create Cluster with Docker Desktop as Container Runtime 以获取更多信息。
英文:
Try removing and reinstalling Docker, docker-ce and CNI. In the procedure of kubelet installation you must configure the docker container.
The error message is because you missed a few steps which are not mentioned in the document procedure. Please go through the procedure for the container runtime official document for more information. Check you may have to reset such as: kubeadm reset then use a permanent IP and then run kubeadm init.
sudo kubeadm resetsudo apt-get install -qy kubelet kubectl kubeadmsudo apt-mark hold kubelet kubeadm kubectlsudo mkdir /etc/dockercat <<EOF | sudo tee /etc/docker/daemon.json{"exec-opts": ["native.cgroupdriver=systemd"],"log-driver": "json-file","log-opts": {"max-size": "100m"},"storage-driver": "overlay2"}EOFsudo systemctl enable dockersudo systemctl daemon-reloadsudo systemctl restart dockersudo kubeadm init --control-plane-endpoint kube-master:6443 --pod-network-cidr=192.168.0.0/16
If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands: -'systemctl status kubelet'
-'journalctl -xeu kubelet'
Refer to Kubeadm init fails with controlPlaneEndpoint for more information
Also refer to Kind Known Issues: Troubleshooting kind and also check if Failure to Create Cluster with Docker Desktop as Container Runtime for more information.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论