Raphael10提出的问题 -server

Raphael10

Asked: 2024-09-13 02:11:58 +0800 CST

我必须在保险库发行者配置文件中使用什么服务器地址？

6

我定义并应用了 ServiceAccount“service-account-token” Vault-Config/service-account-token.yaml：：

apiVersion: v1
kind: ServiceAccount
metadata:
  name: service-account-token
automountServiceAccountToken: false

root@k8s-eu-1-control-plane-node-1:~# kubectl apply -f Vault-Config/service-account- 
token.yaml 
serviceaccount/service-account-token created

root@k8s-eu-1-control-plane-node-1:~# kubectl get ServiceAccount
NAME                       SECRETS   AGE
default                    0         10d
issuer                     0         20h
secrets-store-csi-driver   0         2d9h
service-account-token      0         22s   // <----------------------
webapp-sa                  0         2d1h

我定义并应用了保险库发行者秘密：

root@k8s-eu-1-control-plane-node-1:~# nano Vault-Config/cert-manager-vault-issuer-
secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: issuer-token-abcde
  #namespace: nats
  annotations:
    kubernetes.io/service-account.name: issuer
type: kubernetes.io/service-account-token # https://developer.hashicorp.com/vault
/docs/auth/kubernetes#continue-using-long-lived-tokens

->

root@k8s-eu-1-control-plane-node-1:~# kubectl apply -f Vault-Config/cert-manager-vault-
issuer-secret.yaml 
secret/issuer-token-abcde created

->

root@k8s-eu-1-control-plane-node-1:~# kubectl get secrets
NAME                         TYPE                                  DATA   AGE
issuer-token-abcde           kubernetes.io/service-account-token   3      8s  // <------------
nats-box-contexts            Opaque                                1      6d
sh.helm.release.v1.csi.v1    helm.sh/release.v1                    1      2d9h
sh.helm.release.v1.nats.v1   helm.sh/release.v1                    1      6d

当我申请这个保险库发行人时 Vault-Config/vault-issuer-cert-manager.yaml：：

# https://developer.hashicorp.com/vault/tutorials/archive/kubernetes-cert-   
manager#configure-an-issuer-and-generate-a-certificate

    apiVersion: cert-manager.io/v1
    kind: Issuer
    metadata:
      name: vault-issuer
      #namespace: nats
    spec:
      vault:
        server: http://vault.default // <---- as suggested here: https://cert-manager.io/docs/configuration/vault/#deployment
        path: pki_int/sign/nats
        auth:
          kubernetes:
            mountPath: /v1/auth/kubernetes
            role: issuer
            secretRef:
              name: issuer-token-abcde
              #key: token

->：

root@k8s-eu-1-control-plane-node-1:~# kubectl apply -f Vault-Config/vault-issuer-cert-
manager.yaml 
issuer.cert-manager.io/vault-issuer created

我收到此错误：

root@k8s-eu-1-control-plane-node-1:~# kubectl describe issuer vault-issue
Failed to initialize Vault client: while requesting a Vault token using the Kubernetes auth:
error calling Vault server: Post "https://vault.default/v1/auth/kubernetes/login": dial tcp: 
lookup vault.default on 10.96.0.10:53: no such host

对于 Vault 配置，我通过 helm 应用了以下值：

root@k8s-eu-1-control-plane-node-1:~# nano Vault-Config/overrides.yaml ：

global:
   enabled: true
   tlsDisable: false
injector:
   enabled: true
server:
   extraEnvironmentVars:
      VAULT_CACERT: /vault/userconfig/vault-ha-tls/vault.ca
      VAULT_TLSCERT: /vault/userconfig/vault-ha-tls/vault.crt
      VAULT_TLSKEY: /vault/userconfig/vault-ha-tls/vault.key
   dataStorage:
       enabled: true
   volumes:
      - name: userconfig-vault-ha-tls
        secret:
         defaultMode: 420
         secretName: vault-ha-tls
   volumeMounts:
      - mountPath: /vault/userconfig/vault-ha-tls
        name: userconfig-vault-ha-tls
        readOnly: true
   standalone:
      enabled: false
   affinity: ""
   readinessProbe:
     enabled: true
     path: "/v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204"
   ha:
      enabled: true
      replicas: 3
      raft:
         enabled: true
         setNodeId: true
         config: |
            cluster_name = "vault-integrated-storage"
            ui = true
            listener "tcp" {
               tls_disable = 0
               address = "[::]:8200"
               cluster_address = "[::]:8201"
               tls_cert_file = "/vault/userconfig/vault-ha-tls/vault.crt"
               tls_key_file  = "/vault/userconfig/vault-ha-tls/vault.key"
               tls_client_ca_file = "/vault/userconfig/vault-ha-tls/vault.ca"
            }

            # https://developer.hashicorp.com/vault/tutorials/kubernetes/kubernetes-raft-deployment-guide#vault-storage-configuration

            storage "raft" {
               path = "/vault/data"

               retry_join {
                 leader_api_addr = "https://vault-0.vault-internal:8200"
                 leader_ca_cert_file = "/vault/userconfig/tls-ca/ca.crt"
                 leader_client_cert_file = "/vault/userconfig/tls-server/tls.crt"
                 leader_client_key_file = "/vault/userconfig/tls-server/tls.key"
               }

               retry_join {
                 leader_api_addr = "https://vault-1.vault-internal:8200"
                 leader_ca_cert_file = "/vault/userconfig/tls-ca/ca.crt"
                 leader_client_cert_file = "/vault/userconfig/tls-server/tls.crt"
                 leader_client_key_file = "/vault/userconfig/tls-server/tls.key"
               }

               retry_join {
                 leader_api_addr = "https://vault-2.vault-internal:8200"
                 leader_ca_cert_file = "/vault/userconfig/tls-ca/ca.crt"
                 leader_client_cert_file = "/vault/userconfig/tls-server/tls.crt"
                 leader_client_key_file = "/vault/userconfig/tls-server/tls.key"
               }

               retry_join {
                 leader_api_addr = "https://vault-3.vault-internal:8200"
                 leader_ca_cert_file = "/vault/userconfig/tls-ca/ca.crt"
                 leader_client_cert_file = "/vault/userconfig/tls-server/tls.crt"
                 leader_client_key_file = "/vault/userconfig/tls-server/tls.key"
               }

               retry_join {
                 leader_api_addr = "https://vault-4.vault-internal:8200"
                 leader_ca_cert_file = "/vault/userconfig/tls-ca/ca.crt"
                 leader_client_cert_file = "/vault/userconfig/tls-server/tls.crt"
                 leader_client_key_file = "/vault/userconfig/tls-server/tls.key"
               }

               autopilot {
                 server_stabilization_time = "10s"
                 last_contact_threshold = "10s"
                 min_quorum = 5
                 cleanup_dead_servers = false
                 dead_server_last_contact_threshold = "10m"
                 max_trailing_logs = 1000
                 disable_upgrade_migration = false
               }


            }
            disable_mlock = true
            service_registration "kubernetes" {}

我必须将哪个服务器地址放入 vault-issuer 配置文件中 Vault-Config/vault-issuer-cert-manager.yaml：：

# https://developer.hashicorp.com/vault/tutorials/archive/kubernetes-cert-manager#configure-an-issuer-and-generate-a-certificate

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: vault-issuer
  #namespace: nats
spec:
  vault:
    server: https://vault-0.vault-internal:8200/    // <----------------- ????????
    path: pki_int/sign/nats
    auth:
      kubernetes:
        mountPath: /v1/auth/kubernetes
        role: issuer
        secretRef:
          name: issuer-token-abcde
          key: token

--> ：

root@k8s-eu-1-control-plane-node-1:~# kubectl describe issuer     vault-issue

Message:               Failed to initialize Vault client: while  
requesting a Vault token using the Kubernetes auth: error calling 
Vault server: Post "http://vault.default:8200/v1/auth/kubernetes
/login": dial tcp: lookup vault.default on 10.96.0.10:53: no such 
host

？

Raphael10

Asked: 2023-12-01 19:48:28 +0800 CST

配置文件中的 haproxy.cfg 错误。需要帮助

7

尝试遵循以下指示：

https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#haproxy-configuration

和这些迹象：

HAProxy 在服务器配置中使用 url？

我正在尝试正确且正确地定义haproxy.cfg，但出现错误

这是以下内容/run/systemd/resolve/resolv.conf：

root@k8s-eu-1-control-plane-node-1:~# sudo cat /run/systemd/resolve/resolv.conf
# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver kkk.kk.kkk.kk
nameserver qqq.qq.qqq.qq
search invalid

这是端口范围：

root@k8s-eu-1-control-plane-node-1:~# cat /proc/sys/net/ipv4/ip_local_port_range
32768   60999

所以，我尝试设置haproxy.cfg如下： /etc/haproxy/haproxy.cfg
# https://github.com/kubernetes/kubeadm/blob/main/docs/ha-considerations.md#haproxy-configuration

# /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    #log /dev/log local0
    #log /dev/log local1 notice

    #log /var/log local0
    #log /var/log local1 notice

    daemon

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 1
    timeout http-request    10s
    timeout queue           20s
    timeout connect         5s
    timeout client          20s
    timeout server          20s
    timeout http-keep-alive 10s
    timeout check           10s

#---------------------------------------------------------------------
# apiserver frontend which proxys to the control plane nodes
#---------------------------------------------------------------------

# https://www.digitalocean.com/community/tutorials/haproxy-network-error-cannot-bind-socket

frontend apiserver
    bind *:45000
    mode tcp
    option tcplog
    default_backend apiserverbackend


resolvers mydns
    nameserver dns1 161.97.189.51:53
    nameserver dns2 161.97.189.52:53
    parse-resolv-conf
    resolve_retries       3
    timeout resolve       1s
    timeout retry         1s
    hold other           30s
    hold refused         30s
    hold nx              30s
    hold timeout         30s
    hold valid           10s
    hold obsolete        30s


#---------------------------------------------------------------------
# round robin balancing for apiserver
#---------------------------------------------------------------------
backend apiserverbackend
    option httpchk GET /healthz
    http-check expect status 200
    mode tcp
    option ssl-hello-chk

    balance     roundrobin
        #server ${HOST1_ID} ${HOST1_ADDRESS}:${APISERVER_SRC_PORT} check

        server k8s-eu-1-control-plane-node-1:6443 resolvers mydns resolve-prefer ipv4

但它返回错误unknown keyword 'mydns'：

root@k8s-eu-1-control-plane-node-1:~# sudo haproxy -c -f /etc/haproxy/haproxy.cfg 
[NOTICE]   (39412) : haproxy version is 2.6.15-1ppa1~jammy
[NOTICE]   (39412) : path to executable is /usr/sbin/haproxy
[ALERT]    (39412) : config : [/etc/haproxy/haproxy.cfg:92] : 'server apiserverbackend/k8s-eu-1-control-plane-node-1:6443' : unknown keyword 'mydns'.
[ALERT]    (39412) : config : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT]    (39412) : config : Fatal errors found in configuration.

Raphael10

Asked: 2023-11-09 03:45:21 +0800 CST

Ubuntu 22.04 来自守护进程的错误：获取“https://registry-1.docker.io/v2/”：拨打 tcp：在 127.0.0.53:53 上查找registry-1.docker.io：连接被拒绝

5

在Ubuntu 22.04中

root@k8s-eu-1-master:~# sudo systemctl daemon-reload
root@k8s-eu-1-master:~# sudo systemctl enable docker
Synchronizing state of docker.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable docker
root@k8s-eu-1-master:~# 
root@k8s-eu-1-master:~# sudo systemctl restart docker
root@k8s-eu-1-master:~# 
root@k8s-eu-1-master:~# sudo docker pull cassandra:latest
Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io on 127.0.0.53:53: read udp 127.0.0.1:48086->127.0.0.53:53: read: connection refused

root@k8s-eu-1-master:~# sudo systemctl status docker
● docker.service - Docker Application Container Engine
     Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2023-11-08 20:22:55 CET; 11min ago
TriggeredBy: ● docker.socket
       Docs: https://docs.docker.com
   Main PID: 272072 (dockerd)
      Tasks: 15
     Memory: 37.7M
        CPU: 638ms
     CGroup: /system.slice/docker.service
             └─272072 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Nov 08 20:22:55 k8s-eu-1-master dockerd[272072]: time="2023-11-08T20:22:55.320001583+01:00" level=info msg="Daemon has completed initialization"
Nov 08 20:22:55 k8s-eu-1-master dockerd[272072]: time="2023-11-08T20:22:55.353839818+01:00" level=info msg="API listen on /run/docker.sock"
Nov 08 20:22:55 k8s-eu-1-master systemd[1]: Started Docker Application Container Engine.
Nov 08 20:23:07 k8s-eu-1-master dockerd[272072]: time="2023-11-08T20:23:07.456049976+01:00" level=warning msg="Error getting v2 registry: Get \"https://registry-1.docker.io/v2/\": dial tcp: lookup registry-1.docker.io on 127.0.0.53:53: read udp 127.0.0.1:48086->127.0.0.53:53: read: connection refused"
Nov 08 20:23:07 k8s-eu-1-master dockerd[272072]: time="2023-11-08T20:23:07.456096778+01:00" level=info msg="Attempting next endpoint for pull after error: Get \"https://registry-1.docker.io/v2/\": dial tcp: lookup registry-1.docker.io on 127.0.0.53:53: read udp 127.0.0.1:48086->127.0.0.53:53: read: connection refused"
Nov 08 20:23:07 k8s-eu-1-master dockerd[272072]: time="2023-11-08T20:23:07.458039838+01:00" level=error msg="Handler for POST /v1.43/images/create returned error: Get \"https://registry-1.docker.io/v2/\": dial tcp: lookup registry-1.docker.io on 127.0.0.53:53: read udp 127.0.0.1:48086->127.0.0.53:53: read: connection refused"
Nov 08 20:32:06 k8s-eu-1-master dockerd[272072]: time="2023-11-08T20:32:06.231824815+01:00" level=warning msg="Error getting v2 registry: Get \"https://registry-1.docker.io/v2/\": dial tcp: lookup registry-1.docker.io on 127.0.0.53:53: read udp 127.0.0.1:43104->127.0.0.53:53: read: connection refused"
Nov 08 20:32:06 k8s-eu-1-master dockerd[272072]: time="2023-11-08T20:32:06.231929019+01:00" level=info msg="Attempting next endpoint for pull after error: Get \"https://registry-1.docker.io/v2/\": dial tcp: lookup registry-1.docker.io on 127.0.0.53:53: read udp 127.0.0.1:43104->127.0.0.53:53: read: connection refused"
Nov 08 20:32:06 k8s-eu-1-master dockerd[272072]: time="2023-11-08T20:32:06.233897769+01:00" level=error msg="Handler for POST /v1.43/images/create returned error: Get \"https://registry-1.docker.io/v2/\": dial tcp: lookup registry-1.docker.io on 127.0.0.53:53: read udp 127.0.0.1:43104->127.0.0.53:53: read: connection refused"
Nov 08 20:32:10 k8s-eu-1-master dockerd[272072]: time="2023-11-08T20:32:10.259620826+01:00" level=info msg="ignoring event" container=544ab9c3758d8293d505aead2429bd2a6fff065672bc83c171d4834393814dc6 module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"

但hello-worlddocker 示例运行良好：

root@k8s-eu-1-master:~# docker run hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

这是以下的输出docker info：

root@k8s-eu-1-master:~# docker info
    Client: Docker Engine - Community
     Version:    24.0.7
     Context:    default
     Debug Mode: false
     Plugins:
      buildx: Docker Buildx (Docker Inc.)
        Version:  v0.11.2
        Path:     /usr/libexec/docker/cli-plugins/docker-buildx
      compose: Docker Compose (Docker Inc.)
        Version:  v2.21.0
        Path:     /usr/libexec/docker/cli-plugins/docker-compose
    
    Server:
     Containers: 4
      Running: 0
      Paused: 0
      Stopped: 4
     Images: 1
     Server Version: 24.0.7
     Storage Driver: overlay2
      Backing Filesystem: extfs
      Supports d_type: true
      Using metacopy: false
      Native Overlay Diff: true
      userxattr: false
     Logging Driver: json-file
     Cgroup Driver: systemd
     Cgroup Version: 2
     Plugins:
      Volume: local
      Network: bridge host ipvlan macvlan null overlay
      Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
     Swarm: inactive
     Runtimes: io.containerd.runc.v2 runc
     Default Runtime: runc
     Init Binary: docker-init
     containerd version: 61f9fd88f79f081d64d6fa3bb1a0dc71ec870523
     runc version: v1.1.9-0-gccaecfc
     init version: de40ad0
     Security Options:
      apparmor
      seccomp
       Profile: builtin
      cgroupns
     Kernel Version: 5.15.0-88-generic
     Operating System: Ubuntu 22.04.3 LTS
     OSType: linux
     Architecture: x86_64
     CPUs: 10
     Total Memory: 58.86GiB
     Name: k8s-eu-1-master
     ID: ca48bc0b-922b-47b6-bae4-85d5d911436c
     Docker Root Dir: /var/lib/docker
     Debug Mode: false
     Experimental: false
     Insecure Registries:
      127.0.0.0/8
     Live Restore Enabled: false

如何让它发挥作用？

Raphael10

Asked: 2023-11-08 19:46:04 +0800 CST

Statefulset Pod：多个持久卷声明的问题

5

由于我有 5 个共享 NFS 文件夹：

   root@k8s-eu-1-master:~# df -h | grep /srv/
   aa.aaa.aaa.aaa:/srv/shared-k8s-eu-1-worker-1 391G 6.1G 365G 2% /mnt/data
   bb.bbb.bbb.bbb:/srv/shared-k8s-eu-1-worker-2 391G 6.1G 365G 2% /mnt/data
   cc.ccc.ccc.cc:/srv/shared-k8s-eu-1-worker-3 391G 6.1G 365G 2% /mnt/data
   dd.ddd.ddd.dd:/srv/shared-k8s-eu-1-worker-4 391G 6.1G 365G 2% /mnt/data
   ee.eee.eee.eee:/srv/shared-k8s-eu-1-worker-5 391G 6.1G 365G 2% /mnt/data

我在 cassandra-statefulset.yaml 中添加了第二个volumeMount及其volumeClaimTemplate：

  # These volume mounts are persistent. They are like inline claims,
  # but not exactly because the names need to match exactly one of
  # the stateful pod volumes.
  volumeMounts:
  - name: k8s-eu-1-worker-1
   mountPath: /srv/shared-k8s-eu-1-worker-1
  - name: k8s-eu-1-worker-2
   mountPath: /srv/shared-k8s-eu-1-worker-2

   # These are converted to volume claims by the controller
   # and mounted at the paths mentioned above.
   # do not use these in production until ssd GCEPersistentDisk or other ssd pd
   volumeClaimTemplates:
   - metadata:
     name: k8s-eu-1-worker-1
    spec:
     accessModes: [ "ReadWriteOnce" ]
     storageClassName: k8s-eu-1-worker-1
     resources:
      requests:
       storage: 1Gi
   - metadata:
     name: k8s-eu-1-worker-2
    spec:
     accessModes: [ "ReadWriteOnce" ]
     storageClassName: k8s-eu-1-worker-2
     resources:
       requests:
       storage: 1Gi

  ---
  kind: StorageClass
  apiVersion: storage.k8s.io/v1
  metadata:
   name: k8s-eu-1-worker-1
  provisioner: k8s-sigs.io/k8s-eu-1-worker-1
  parameters:
   type: pd-ssd

  kind: StorageClass
  apiVersion: storage.k8s.io/v1
  metadata:
   name: k8s-eu-1-worker-2
  provisioner: k8s-sigs.io/k8s-eu-1-worker-2
  parameters:
   type: pd-ssd

一开始似乎工作正常：

   root@k8s-eu-1-master:~# kubectl apply -f ./cassandraStatefulApp/cassandra-statefulset.yaml 
   statefulset.apps/cassandra created

但有状态集仍处于“未就绪”状态：

   root@k8s-eu-1-master:~# kubectl get sts
   NAME    READY AGE
   cassandra 0/3  17m

root@k8s-eu-1-master:~# kubectl describe sts cassandra
  Name:       cassandra
  Namespace:     default
  CreationTimestamp: Wed, 08 Nov 2023 12:02:10 +0100
  Selector:     app=cassandra
  Labels:      app=cassandra
  Annotations:    <none>
  Replicas:     3 desired | 1 total
  Update Strategy:  RollingUpdate
   Partition:    0
  Pods Status:    0 Running / 1 Waiting / 0 Succeeded / 0 Failed
  Pod Template:
   Labels: app=cassandra
   Containers:
    cassandra:
    Image:   gcr.io/google-samples/cassandra:v13
    Ports:   7000/TCP, 7001/TCP, 7199/TCP, 9042/TCP
    Host Ports: 0/TCP, 0/TCP, 0/TCP, 0/TCP
    Limits:
     cpu:  500m
     memory: 1Gi
    Requests:
     cpu:   500m
     memory: 1Gi
    Readiness: exec [/bin/bash -c /ready-probe.sh] delay=15s timeout=5s period=10s #success=1  
#failure=3
    Environment:
     MAX_HEAP_SIZE:     512M
     HEAP_NEWSIZE:      100M
     CASSANDRA_SEEDS:    cassandra-0.cassandra.default.svc.cluster.local
     CASSANDRA_CLUSTER_NAME: K8Demo
     CASSANDRA_DC:      DC1-K8Demo
     CASSANDRA_RACK:     Rack1-K8Demo
     POD_IP:         (v1:status.podIP)
    Mounts:
     /srv/shared-k8s-eu-1-worker-1 from k8s-eu-1-worker-1 (rw)
     /srv/shared-k8s-eu-1-worker-2 from k8s-eu-1-worker-2 (rw)
   Volumes: <none>
  Volume Claims:
   Name:     k8s-eu-1-worker-1
   StorageClass: k8s-eu-1-worker-1
   Labels:    <none>
   Annotations: <none>
   Capacity:   1Gi
   Access Modes: [ReadWriteOnce]
   Name:     k8s-eu-1-worker-2
   StorageClass: k8s-eu-1-worker-2
   Labels:    <none>
   Annotations: <none>
   Capacity:   1Gi
   Access Modes: [ReadWriteOnce]
  Events:
   Type  Reason      Age From          Message
   ----  ------      ---- ----          -------
   Normal SuccessfulCreate 18m statefulset-controller create Claim k8s-eu-1-worker-1-cassandra-0   
    Pod cassandra-0 in StatefulSet cassandra success
   Normal SuccessfulCreate 18m statefulset-controller create Claim k8s-eu-1-worker-2-cassandra-0 
    Pod cassandra-0 in StatefulSet cassandra success
   Normal SuccessfulCreate 18m statefulset-controller create Pod cassandra-0 in StatefulSet 
 cassandra successful

相应的 pod 仍处于“Pending”状态：

   root@k8s-eu-1-master:~# kubectl get pods
   NAME                               READY STATUS  RESTARTS AGE
   cassandra-0                           0/1  Pending 0     19m
   k8s-eu-1-worker-1-nfs-subdir-external-provisioner-79fff4ff2qx7k 1/1  Running 0     19h

  root@k8s-eu-1-master:~# kubetl describe pod cassandra-0
  kubetl: command not found
  root@k8s-eu-1-master:~# kubectl describe pod cassandra-0
  Name:      cassandra-0
  Namespace:    default
  Priority:    0
  Service Account: default
  Node:      <none>
  Labels:     app=cassandra
           apps.kubernetes.io/pod-index=0
           controller-revision-hash=cassandra-79d64cd8b
           statefulset.kubernetes.io/pod-name=cassandra-0
  Annotations:   <none>
  Status:     Pending
  IP:       
  IPs:       <none>
  Controlled By:  StatefulSet/cassandra
  Containers:
   cassandra:
    Image:   gcr.io/google-samples/cassandra:v13
    Ports:   7000/TCP, 7001/TCP, 7199/TCP, 9042/TCP
    Host Ports: 0/TCP, 0/TCP, 0/TCP, 0/TCP
    Limits:
     cpu:  500m
     memory: 1Gi
    Requests:
     cpu:   500m
     memory: 1Gi
    Readiness: exec [/bin/bash -c /ready-probe.sh] delay=15s timeout=5s period=10s #success=1  
#failure=3
    Environment:
     MAX_HEAP_SIZE:     512M
     HEAP_NEWSIZE:      100M
     CASSANDRA_SEEDS:    cassandra-0.cassandra.default.svc.cluster.local
     CASSANDRA_CLUSTER_NAME: K8Demo
     CASSANDRA_DC:      DC1-K8Demo
     CASSANDRA_RACK:     Rack1-K8Demo
     POD_IP:         (v1:status.podIP)
    Mounts:
     /srv/shared-k8s-eu-1-worker-1 from k8s-eu-1-worker-1 (rw)
     /srv/shared-k8s-eu-1-worker-2 from k8s-eu-1-worker-2 (rw)
     /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-wxx58 (ro)
  Conditions:
   Type     Status
   PodScheduled False 
  Volumes:
   k8s-eu-1-worker-1:
    Type:   PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName: k8s-eu-1-worker-1-cassandra-0
    ReadOnly: false
   k8s-eu-1-worker-2:
    Type:   PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName: k8s-eu-1-worker-2-cassandra-0
    ReadOnly: false
   kube-api-access-wxx58:
    Type:          Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds: 3607
    ConfigMapName:     kube-root-ca.crt
    ConfigMapOptional:   <nil>
    DownwardAPI:      true
  QoS Class:         Guaranteed
  Node-Selectors:       <none>
  Tolerations:        node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
  Events:
   Type  Reason      Age        From       Message
   ----  ------      ----       ----       -------
   Warning FailedScheduling 20m        default-scheduler 0/6 nodes are available: pod has unbound 
immediate PersistentVolumeClaims. preemption: 0/6 nodes are available: 6 Preemption is not helpful  
for scheduling..
   Warning FailedScheduling 10m (x3 over 20m) default-scheduler 0/6 nodes are available: pod has 
unbound immediate PersistentVolumeClaims. preemption: 0/6 nodes are available: 6 Preemption is not 
helpful for scheduling..

两个持久卷声明中只有一个处于“Bound”状态，另一个仍处于“Pending”状态：

  root@k8s-eu-1-master:~# kubectl get pvc
  NAME              STATUS  VOLUME                  CAPACITY ACCESS MODES STORAGECLASS    
AGE
  k8s-eu-1-worker-1-cassandra-0 Bound  pvc-4f1d877b-8e01-4b76-b4e1-25bc226fd1a5 1Gi    RWO         
  k8s-eu-1-worker-1 21m
  k8s-eu-1-worker-2-cassandra-0 Pending                                    k8s-eu-1-worker-2 21m

cassandra-statefulset.yaml我上面的设置有什么问题吗？

Raphael10

Asked: 2023-11-08 02:39:30 +0800 CST

Pod 处于运行状态但处于 Pod 的事件中：警告不健康的 kubelet 就绪探针失败：命令“/bin/bash -c /ready-probe.sh”超时

5

对于 Running Pod 和事件来说意味着什么：

Warning Unhealthy kubelet Readiness probe failed: command "/bin/bash -c /ready-probe.sh" timed out？:

root@k8s-eu-1-master:~# kubectl describe pod cassandra-0
Name:             cassandra-0
Namespace:        default
Priority:         0
Service Account:  default
Node:             k8s-eu-1-worker-1/xx.xxx.xxx.xxx
Start Time:       Tue, 07 Nov 2023 19:18:49 +0100
Labels:           app=cassandra
                  apps.kubernetes.io/pod-index=0
                  controller-revision-hash=cassandra-58c99f489d
                  statefulset.kubernetes.io/pod-name=cassandra-0
Annotations:      cni.projectcalico.org/containerID: ee11d6b9b5dfade09500ccf53d2d1e4e04aaf479c4502d76f6ce0044c6683ac4
                  cni.projectcalico.org/podIP: 192.168.200.12/32
                  cni.projectcalico.org/podIPs: 192.168.200.12/32
Status:           Running
IP:               192.168.200.12
IPs:
  IP:           192.168.200.12
Controlled By:  StatefulSet/cassandra
Containers:
  cassandra:
    Container ID:   containerd://1386bc65f0f9c11eb9351435578c37efb7081fbbf0acd7a9b2ab6d3507576e0f
    Image:          gcr.io/google-samples/cassandra:v13
    Image ID:       gcr.io/google-samples/cassandra@sha256:7a3d20afa0a46ed073a5c587b4f37e21fa860e83c60b9c42fec1e1e739d64007
    Ports:          7000/TCP, 7001/TCP, 7199/TCP, 9042/TCP
    Host Ports:     0/TCP, 0/TCP, 0/TCP, 0/TCP
    State:          Running
      Started:      Tue, 07 Nov 2023 19:18:51 +0100
    Ready:          True
    Restart Count:  0
    Limits:
      cpu:     500m
      memory:  1Gi
    Requests:
      cpu:      500m
      memory:   1Gi
    Readiness:  exec [/bin/bash -c /ready-probe.sh] delay=15s timeout=5s period=10s #success=1 #failure=3
    Environment:
      MAX_HEAP_SIZE:           512M
      HEAP_NEWSIZE:            100M
      CASSANDRA_SEEDS:         cassandra-0.cassandra.default.svc.cluster.local
      CASSANDRA_CLUSTER_NAME:  K8Demo
      CASSANDRA_DC:            DC1-K8Demo
      CASSANDRA_RACK:          Rack1-K8Demo
      POD_IP:                   (v1:status.podIP)
    Mounts:
      /srv/shared-k8s-eu-1-worker-1 from k8s-eu-1-worker-1 (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-nzb6p (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  k8s-eu-1-worker-1:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  k8s-eu-1-worker-1-cassandra-0
    ReadOnly:   false
  kube-api-access-nzb6p:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   Guaranteed
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason     Age    From               Message
  ----     ------     ----   ----               -------
  Normal   Scheduled  7m28s  default-scheduler  Successfully assigned default/cassandra-0 to k8s-eu-1-worker-1
  Normal   Pulling    7m28s  kubelet            Pulling image "gcr.io/google-samples/cassandra:v13"
  Normal   Pulled     7m28s  kubelet            Successfully pulled image "gcr.io/google-samples/cassandra:v13" in 383ms (383ms including waiting)
  Normal   Created    7m28s  kubelet            Created container cassandra
  Normal   Started    7m27s  kubelet            Started container cassandra
  Warning  Unhealthy  7m     kubelet            Readiness probe failed: command "/bin/bash -c /ready-probe.sh" timed out // <-------------------

我必须在保险库发行者配置文件中使用什么服务器地址？

配置文件中的 haproxy.cfg 错误。需要帮助

Ubuntu 22.04 来自守护进程的错误：获取“https://registry-1.docker.io/v2/”：拨打 tcp：在 127.0.0.53:53 上查找registry-1.docker.io：连接被拒绝

Statefulset Pod：多个持久卷声明的问题

Pod 处于运行状态但处于 Pod 的事件中：警告不健康的 kubelet 就绪探针失败：命令“/bin/bash -c /ready-probe.sh”超时

新安装后 postgres 的默认超级用户用户名/密码是什么？

SFTP 使用什么端口？

命令行列出 Windows Active Directory 组中的用户？

什么是 Pem 文件，它与其他 OpenSSL 生成的密钥文件格式有何不同？

如何确定bash变量是否为空？

Raphael10's questions