zoukankan      html  css  js  c++  java

  • coredns bug

    记录coredns bug修复

    kubectl get pods  -n kube-system

    [root@k8s-master coredns]# kubectl get pods  -n kube-system
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-846b5f484d-r75st   1/1     Running   0          15d
calico-node-jnqq7                          1/1     Running   0          15d
calico-node-pv7gq                          1/1     Running   0          15d
calico-node-qmh6s                          1/1     Running   0          15d
coredns-54d44bbdf8-s2qmr                   0/1     Running   0          10d
coredns-54d44bbdf8-zf497                   0/1     Running   0          10d
etcd-k8s-master                            1/1     Running   0          15d
etcd-k8s-node1                             1/1     Running   0          15d
kube-apiserver-k8s-master                  1/1     Running   0          10d
kube-apiserver-k8s-node1                   1/1     Running   0          15d
kube-controller-manager-k8s-master         1/1     Running   0          6d4h
kube-controller-manager-k8s-node1          1/1     Running   0          15d
kube-proxy-99v9z                           1/1     Running   0          10d
kube-proxy-drrv4                           1/1     Running   0          10d
kube-proxy-p5nkl                           1/1     Running   0          10d
kube-scheduler-k8s-master                  1/1     Running   0          6d4h
kube-scheduler-k8s-node1                   1/1     Running   0          15d

      

    coredns pod虽然是running 的状态,但是他是notready

    查看cordnslog

    kubectl logs  -f coredns-54d44bbdf8-s2qmr -n kube-system

    E1125 06:56:14.489039       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.21.1/tools/cache/reflector.go:167: Failed to watch *v1.EndpointSlice: failed to list *v1.EndpointSlice: endpointslices.discovery.k8s.io is forbidden: User "system:serviceaccount:kube-system:coredns" cannot list resource "endpointslices" in API group "discovery.k8s.io" at the cluster scope
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
E1125 06:56:50.693019       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.21.1/tools/cache/reflector.go:167: Failed to watch *v1.EndpointSlice: failed to list *v1.EndpointSlice: endpointslices.discovery.k8s.io is forbidden: User "system:serviceaccount:kube-system:coredns" cannot list resource "endpointslices" in API group "discovery.k8s.io" at the cluster scope
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"

     

    system:serviceaccount:kube-system:coredns 缺少权限

    次错误是由于coredns bug导致,需要修复coredns角色权限

    kubectl edit clusterrole system:coredns

    在后面追加内容

    - apiGroups:
  - discovery.k8s.io
  resources:
  - endpointslices
  verbs:
  - list
  - watch

      

    修改好后过一会再执行命令查看

    kubectl get pods  -n kube-system 
  • 相关阅读:
    【制作镜像Win*】系统配置
    【制作镜像Win*】系统安装
    【制作镜像Win*】文件准备
    【制作镜像Win*】环境准备
    【制作镜像Win*】环境准备(设置yum源)
    Portal
    bc
    2-模拟登录淘宝
    10-天猫订单数据分析
    2-Scala进阶
  • 原文地址:https://www.cnblogs.com/Tempted/p/15602850.html
Copyright © 2011-2022 走看看