阿里云版本:
Client Version: version.Info{Major:“1”, Minor:“18+”, GitVersion:“v1.18.8-aliyun.1”, GitCommit:“d2f5a0f”, GitTreeState:"", BuildDate:“2020-10-23T07:01:01Z”, GoVersion:“go1.13.15”, Compiler:“gc”, Platform:“linux/amd64”}
Server Version: version.Info{Major:“1”, Minor:“18+”, GitVersion:“v1.18.8-aliyun.1”, GitCommit:“d2f5a0f”, GitTreeState:"", BuildDate:“2020-10-23T06:48:31Z”, GoVersion:“go1.13.15”, Compiler:“gc”, Platform:“linux/amd64”}
阿里云标准版托管ACK,安装后无法使用
RolandMa1986K零S
liberal2020
首先 看一下 openldap-0 为什么是pending状态,
kubectl -n kubesphere-system describe pod openldap-0
如果是由于存储未创建,查看一下你是否设置了默认存储,以及pv的状态
kubectl get pv,sc
感谢那么快的答复。
当前状态是这样的:
Name: openldap-0
Namespace: kubesphere-system
Priority: 0
Node: cn-shanghai.192.168.1.143/192.168.1.143
Start Time: Fri, 27 Nov 2020 10:51:39 +0800
Labels: app.kubernetes.io/instance=ks-openldap
app.kubernetes.io/name=openldap-ha
controller-revision-hash=openldap-5d5b768f7b
statefulset.kubernetes.io/pod-name=openldap-0
Annotations: kubernetes.io/psp: ack.privileged
Status: Running
IP: 172.20.0.205
IPs:
IP: 172.20.0.205
Controlled By: StatefulSet/openldap
Containers:
openldap-ha:
Container ID: docker://d86bb9496f6aa7673677cbb1aae7b30222593042b0603552524eec37199958f7
Image: osixia/openldap:1.3.0
Image ID: docker-pullable://osixia/openldap@sha256:66bf8dafc3c47a387dfa9d87425acab96acd8a3f2a62a8f6393584c27777cb41
Port: 389/TCP
Host Port: 0/TCP
Command:
/bin/sh
-ce
tail -f /dev/null
State: Running
Started: Fri, 27 Nov 2020 10:51:40 +0800
Ready: False
Restart Count: 0
Liveness: tcp-socket :389 delay=30s timeout=1s period=15s #success=1 #failure=3
Readiness: tcp-socket :389 delay=30s timeout=1s period=15s #success=1 #failure=3
Environment:
LDAP_ORGANISATION: kubesphere
LDAP_CONFIG_PASSWORD: admin
LDAP_ADMIN_PASSWORD: admin
LDAP_REPLICATION: false
LDAP_TLS: false
LDAP_REMOVE_CONFIG_AFTER_SETUP: true
MY_POD_NAME: openldap-0 (v1:metadata.name)
HOSTNAME: $(MY_POD_NAME).openldap
Mounts:
/etc/ldap/slapd.d from volume-openldap-pvc-openldap-0 (rw)
/var/lib/ldap from volume-openldap-pvc-openldap-0 (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-94w4w (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
openldap-pvc:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: openldap-pvc-openldap-0
ReadOnly: false
volume-openldap-pvc-openldap-0:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: openldap-pvc-openldap-0
ReadOnly: false
default-token-94w4w:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-94w4w
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: CriticalAddonsOnly
node-role.kubernetes.io/master:NoSchedule
node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
Normal Scheduled <unknown> default-scheduler Successfully assigned kubesphere-system/openldap-0 to cn-shanghai.192.168.1.143
Normal Pulled 51s kubelet, cn-shanghai.192.168.1.143 Container image “osixia/openldap:1.3.0” already present on machine
Normal Created 51s kubelet, cn-shanghai.192.168.1.143 Created container openldap-ha
Normal Started 51s kubelet, cn-shanghai.192.168.1.143 Started container openldap-ha
Warning Unhealthy 5s (x2 over 20s) kubelet, cn-shanghai.192.168.1.143 Liveness probe failed: dial tcp 172.20.0.205:389: connect: connection refused
Warning Unhealthy 4s (x2 over 19s) kubelet, cn-shanghai.192.168.1.143 Readiness probe failed: dial tcp 172.20.0.205:389: connect: connection refused
[root@elec-iot002 ~]#
[root@elec-iot002 ~]#
[root@elec-iot002 ~]# kubectl get pv,sc
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
persistentvolume/d-uf68cq091ncbv3dmx1o2 20Gi RWO Delete Terminating kubesphere-monitoring-system/prometheus-k8s-db-prometheus-k8s-1 alicloud-disk-efficiency 23m
persistentvolume/d-uf68qanynb5ekv00b9c9 20Gi RWO Delete Terminating kubesphere-monitoring-system/prometheus-k8s-db-prometheus-k8s-0 alicloud-disk-efficiency 23m
persistentvolume/kubesphere-system-pvc-openldap-pvc-openldap-0 2Gi RWX Retain Bound kubesphere-system/openldap-pvc-openldap-0 oss 17m
persistentvolume/kubesphere-system-pvc-redis-pvc 2Gi RWX Retain Bound kubesphere-system/redis-pvc oss 17m
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
storageclass.storage.k8s.io/alicloud-disk-available diskplugin.csi.alibabacloud.com Delete Immediate true 14d
storageclass.storage.k8s.io/alicloud-disk-efficiency (default) diskplugin.csi.alibabacloud.com Delete Immediate true 14d
storageclass.storage.k8s.io/alicloud-disk-essd diskplugin.csi.alibabacloud.com Delete Immediate true 14d
storageclass.storage.k8s.io/alicloud-disk-ssd diskplugin.csi.alibabacloud.com Delete Immediate true 14d
storageclass.storage.k8s.io/alicloud-disk-topology diskplugin.csi.alibabacloud.com Delete WaitForFirstConsumer true 14d
[root@elec-iot002 ~]#
RolandMa1986 感谢及时答复。另外,问一下有什么群可以加入吗?
- RolandMa1986K零S
liberal2020 做两步判断
- 查看一下 openldap的日志 kubectl -n kubesphere-system logs openldap-0, 看一下openldap是否正常启动,监听389端口。
- 如果正常启动,在192.168.1.143 上
telnet 172.20.0.205 389看一下是不是可以连接, 判断一下是不是由于防火墙设置引起的
rayzhou2017K零SK壹S
liberal2020 kubesphere.com.cn底部有各种群的详细信息
RolandMa1986 没有日志了,
我的阿里云配置是这样的,帮忙看看哪里有问题?谢谢。
- RolandMa1986K零S
liberal2020 上面配置没有看出什么问题。文档中的这一步你是不是没有改?
注意 1:阿里云CSI创建硬盘要不小于20Gi,配置文件中 openldapVolumeSize、redisVolumSize 默认为 2Gi,请注意修改,否则会报下图中错误。
RolandMa1986 那我修改下
还是一样的问题,是不是启动执行命令不正确?前几个就是修改了才正常启动的。
- RolandMa1986K零S
- 已编辑
liberal2020 不要修改启动命令啊!!! KS的容器都是默认配置好了的,不需要修改。一般托管K8S平台只需要设置存储即可。目前测试的ubuntu/centos系统都是没有问题的。 我们稍后测试一下阿里系统的兼容型。
RolandMa1986 那我从头来一遍,看一下报错的情况。应该不是存储问题。
刚搭建后是这个现象:ks-apiserver和ks-controller-manager都CrashLoopBackOff,原因又是因为openldap和redis,Pending
liberal2020 
我后面还是要用oss对象存储的,这个应该支持的吧?
使用oss对象存储出现授权问题了。
liberal2020 容器权限问题?还是什么?
- RolandMa1986K零S
liberal2020 可能跟你的存储类型有关,提交个阿里的工单咨询一下吧。 或者看一下阿里的文档。 OSS可能需要单独授权设置https://www.alibabacloud.com/help/zh/doc-detail/134896.htm?spm=a2c63.p38356.b99.286.38a43accOMHoQP
RolandMa1986 好的,非常感谢,我用本机测试了一下,就是存储问题。谢谢。