[root@ecs0-57 certs]# kubectl logs -fn500 ks-account-dd4bdf8b-ksc7g -n kubesphere-system
W0611 07:18:03.790718 1 client_config.go:549] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
E0611 07:18:05.206685 1 kubeconfig.go:62] create client certificate failed: <nil>
E0611 07:18:05.206709 1 im.go:1030] create user kubeconfig failed sonarqube create client certificate failed: <nil>
E0611 07:18:05.206719 1 im.go:197] user init failed sonarqube create client certificate failed: <nil>
E0611 07:18:05.206725 1 im.go:87] create default users user sonarqube init failed: create client certificate failed: <nil>
Error: user sonarqube init failed: create client certificate failed: <nil>
Usage:
ks-iam [flags]
Flags:
--add-dir-header If true, adds the file directory to the header
--admin-email string default administrator's email (default "admin@kubesphere.io")
--admin-password string default administrator's password (default "passw0rd")
--alsologtostderr log to standard error as well as files
--auth-rate-limit string specifies the maximum number of authentication attempts permitted and time interval,valid time units are "s","m","h" (default "5/30m")
--bind-address string server bind address (default "0.0.0.0")
--enable-multi-login allow one account to have multiple sessions
--generate-kubeconfig generate kubeconfig for new users, kubeconfig is required in devops pipeline, set to false if you don't need devops. (default true)
-h, --help help for ks-iam
--insecure-port int insecure port number (default 9090)
--jwt-secret string jwt secret
--kubeconfig string Path for kubernetes kubeconfig file, if left blank, will use in cluster way.
--ldap-group-search-base string Ldap group search base. (default "ou=Groups,dc=example,dc=org")
--ldap-host string Ldap service host, if left blank, all of the following ldap options will be ignored and ldap will be disabled.
--ldap-manager-dn string Ldap manager account domain name. (default "cn=admin,dc=example,dc=org")
--ldap-manager-password string Ldap manager account password.
--ldap-user-search-base string Ldap user search base. (default "ou=Users,dc=example,dc=org")
--log-backtrace-at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log-dir string If non-empty, write log files in this directory
--log-file string If non-empty, use this log file
--log-file-max-size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--master string Used to generate kubeconfig for downloading, if not specified, will use host in kubeconfig.
--mysql-host string MySQL service host address. If left blank, the following related mysql options will be ignored.
--mysql-max-connection-life-time duration Maximum connection life time allowed to connecto to mysql. (default 10s)
--mysql-max-idle-connections int Maximum idle connections allowed to connect to mysql. (default 100)
--mysql-max-open-connections int Maximum open connections allowed to connect to mysql. (default 100)
--mysql-password string Password for access to mysql, should be used pair with password.
--mysql-username string Username for access to mysql service.
--redis-url string Redis connection URL. If left blank, means redis is unnecessary, redis will be disabled. e.g. redis://:password@host:port/db
--secure-port int secure port number
--skip-headers If true, avoid header prefixes in the log messages
--skip-log-headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--tls-cert-file string tls cert file
--tls-private-key string tls private key
--token-idle-timeout duration tokens that are idle beyond that time will expire,0s means the token has no expiration time. valid time units are "ns","us","ms","s","m","h" (default 30m0s)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
2020/06/11 07:18:05 user sonarqube init failed: create client certificate failed: <nil>
[root@ecs0-57 certs]#
[root@ecs0-57 certs]#
[root@ecs0-57 certs]#
[root@ecs0-57 certs]# kubectl -n kubesphere-system describe sts openldap
Name: openldap
Namespace: kubesphere-system
CreationTimestamp: Thu, 11 Jun 2020 14:29:30 +0800
Selector: app.kubernetes.io/instance=ks-openldap,app.kubernetes.io/name=openldap-ha
Labels: app.kubernetes.io/instance=ks-openldap
app.kubernetes.io/managed-by=Tiller
app.kubernetes.io/name=openldap-ha
app.kubernetes.io/version=1.0
helm.sh/chart=openldap-ha-0.1.0
Annotations: <none>
Replicas: 1 desired | 1 total
Update Strategy: RollingUpdate
Partition: 824636302844
Pods Status: 1 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
Labels: app.kubernetes.io/instance=ks-openldap
app.kubernetes.io/name=openldap-ha
Containers:
openldap-ha:
Image: osixia/openldap:1.3.0
Port: 389/TCP
Host Port: 0/TCP
Args:
--copy-service
--loglevel=warning
Liveness: tcp-socket :389 delay=30s timeout=1s period=15s #success=1 #failure=3
Readiness: tcp-socket :389 delay=30s timeout=1s period=15s #success=1 #failure=3
Environment:
LDAP_ORGANISATION: kubesphere
LDAP_DOMAIN: kubesphere.io
LDAP_CONFIG_PASSWORD: admin
LDAP_ADMIN_PASSWORD: admin
LDAP_REPLICATION: false
LDAP_TLS: false
LDAP_REMOVE_CONFIG_AFTER_SETUP: true
MY_POD_NAME: (v1:metadata.name)
HOSTNAME: $(MY_POD_NAME).openldap
Mounts:
/etc/ldap/slapd.d from openldap-pvc (rw,path="ldap-config")
/var/lib/ldap from openldap-pvc (rw,path="ldap-data")
Volumes:
openldap-pvc:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: openldap-pvc
ReadOnly: false
Volume Claims:
Name: openldap-pvc
StorageClass:
Labels: <none>
Annotations: <none>
Capacity: 2Gi
Access Modes: [ReadWriteOnce]
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal SuccessfulCreate 51m statefulset-controller create Claim openldap-pvc-openldap-0 Pod openldap-0 in StatefulSet openldap success
Normal SuccessfulCreate 51m statefulset-controller create Pod openldap-0 in StatefulSet openldap successful
[root@ecs0-57 certs]#
[root@ecs0-57 certs]#
[root@ecs0-57 certs]#
[root@ecs0-57 certs]#
[root@ecs0-57 certs]#
[root@ecs0-57 certs]# kubectl get pods -n kubesphere-system
NAME READY STATUS RESTARTS AGE
ks-account-dd4bdf8b-ksc7g 0/1 CrashLoopBackOff 8 20m
ks-apigateway-c5d9f7546-6jw7s 1/1 Running 0 20m
ks-apiserver-5b65457c64-fvzw8 1/1 Running 0 20m
ks-console-69d4bf9df4-hhrvr 1/1 Running 0 20m
ks-controller-manager-5b5cf58d7f-l7jsh 1/1 Running 0 20m
ks-installer-59fb465b7-lzlwr 1/1 Running 0 25m
openldap-0 1/1 Running 0 52m
redis-5d4844b947-9gcn8 1/1 Running 0 64m
[root@ecs0-57 certs]# kubectl logs -f redis-5d4844b947-9gcn8 -n kubesphere-system
1:C 11 Jun 2020 06:17:47.854 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
1:C 11 Jun 2020 06:17:47.854 # Redis version=5.0.5, bits=64, commit=00000000, modified=0, pid=1, just started
1:C 11 Jun 2020 06:17:47.854 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
1:M 11 Jun 2020 06:17:47.856 * Running mode=standalone, port=6379.
1:M 11 Jun 2020 06:17:47.856 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
1:M 11 Jun 2020 06:17:47.856 # Server initialized
1:M 11 Jun 2020 06:17:47.856 * Ready to accept connections
1:M 11 Jun 2020 07:17:48.078 * 1 changes in 3600 seconds. Saving...
1:M 11 Jun 2020 07:17:48.079 * Background saving started by pid 13
13:C 11 Jun 2020 07:17:48.082 * DB saved on disk
13:C 11 Jun 2020 07:17:48.083 * RDB: 0 MB of memory used by copy-on-write
1:M 11 Jun 2020 07:17:48.179 * Background saving terminated with success
