liberal2020
首先 看一下 openldap-0 为什么是pending状态,
kubectl -n kubesphere-system describe pod openldap-0
如果是由于存储未创建,查看一下你是否设置了默认存储,以及pv的状态
kubectl get pv,sc

      感谢那么快的答复。
      当前状态是这样的:
      Name: openldap-0
      Namespace: kubesphere-system
      Priority: 0
      Node: cn-shanghai.192.168.1.143/192.168.1.143
      Start Time: Fri, 27 Nov 2020 10:51:39 +0800
      Labels: app.kubernetes.io/instance=ks-openldap
      app.kubernetes.io/name=openldap-ha
      controller-revision-hash=openldap-5d5b768f7b
      statefulset.kubernetes.io/pod-name=openldap-0
      Annotations: kubernetes.io/psp: ack.privileged
      Status: Running
      IP: 172.20.0.205
      IPs:
      IP: 172.20.0.205
      Controlled By: StatefulSet/openldap
      Containers:
      openldap-ha:
      Container ID: docker://d86bb9496f6aa7673677cbb1aae7b30222593042b0603552524eec37199958f7
      Image: osixia/openldap:1.3.0
      Image ID: docker-pullable://osixia/openldap@sha256:66bf8dafc3c47a387dfa9d87425acab96acd8a3f2a62a8f6393584c27777cb41
      Port: 389/TCP
      Host Port: 0/TCP
      Command:
      /bin/sh
      -ce
      tail -f /dev/null
      State: Running
      Started: Fri, 27 Nov 2020 10:51:40 +0800
      Ready: False
      Restart Count: 0
      Liveness: tcp-socket :389 delay=30s timeout=1s period=15s #success=1 #failure=3
      Readiness: tcp-socket :389 delay=30s timeout=1s period=15s #success=1 #failure=3
      Environment:
      LDAP_ORGANISATION: kubesphere
      LDAP_CONFIG_PASSWORD: admin
      LDAP_ADMIN_PASSWORD: admin
      LDAP_REPLICATION: false
      LDAP_TLS: false
      LDAP_REMOVE_CONFIG_AFTER_SETUP: true
      MY_POD_NAME: openldap-0 (v1:metadata.name)
      HOSTNAME: $(MY_POD_NAME).openldap
      Mounts:
      /etc/ldap/slapd.d from volume-openldap-pvc-openldap-0 (rw)
      /var/lib/ldap from volume-openldap-pvc-openldap-0 (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-94w4w (ro)
      Conditions:
      Type Status
      Initialized True
      Ready False
      ContainersReady False
      PodScheduled True
      Volumes:
      openldap-pvc:
      Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
      ClaimName: openldap-pvc-openldap-0
      ReadOnly: false
      volume-openldap-pvc-openldap-0:
      Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
      ClaimName: openldap-pvc-openldap-0
      ReadOnly: false
      default-token-94w4w:
      Type: Secret (a volume populated by a Secret)
      SecretName: default-token-94w4w
      Optional: false
      QoS Class: BestEffort
      Node-Selectors: <none>
      Tolerations: CriticalAddonsOnly
      node-role.kubernetes.io/master:NoSchedule
      node.kubernetes.io/not-ready:NoExecute for 300s
      node.kubernetes.io/unreachable:NoExecute for 300s
      Events:
      Type Reason Age From Message

      Normal Scheduled <unknown> default-scheduler Successfully assigned kubesphere-system/openldap-0 to cn-shanghai.192.168.1.143
      Normal Pulled 51s kubelet, cn-shanghai.192.168.1.143 Container image “osixia/openldap:1.3.0” already present on machine
      Normal Created 51s kubelet, cn-shanghai.192.168.1.143 Created container openldap-ha
      Normal Started 51s kubelet, cn-shanghai.192.168.1.143 Started container openldap-ha
      Warning Unhealthy 5s (x2 over 20s) kubelet, cn-shanghai.192.168.1.143 Liveness probe failed: dial tcp 172.20.0.205:389: connect: connection refused
      Warning Unhealthy 4s (x2 over 19s) kubelet, cn-shanghai.192.168.1.143 Readiness probe failed: dial tcp 172.20.0.205:389: connect: connection refused
      [root@elec-iot002 ~]#
      [root@elec-iot002 ~]#

      [root@elec-iot002 ~]# kubectl get pv,sc
      NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
      persistentvolume/d-uf68cq091ncbv3dmx1o2 20Gi RWO Delete Terminating kubesphere-monitoring-system/prometheus-k8s-db-prometheus-k8s-1 alicloud-disk-efficiency 23m
      persistentvolume/d-uf68qanynb5ekv00b9c9 20Gi RWO Delete Terminating kubesphere-monitoring-system/prometheus-k8s-db-prometheus-k8s-0 alicloud-disk-efficiency 23m
      persistentvolume/kubesphere-system-pvc-openldap-pvc-openldap-0 2Gi RWX Retain Bound kubesphere-system/openldap-pvc-openldap-0 oss 17m
      persistentvolume/kubesphere-system-pvc-redis-pvc 2Gi RWX Retain Bound kubesphere-system/redis-pvc oss 17m

      NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
      storageclass.storage.k8s.io/alicloud-disk-available diskplugin.csi.alibabacloud.com Delete Immediate true 14d
      storageclass.storage.k8s.io/alicloud-disk-efficiency (default) diskplugin.csi.alibabacloud.com Delete Immediate true 14d
      storageclass.storage.k8s.io/alicloud-disk-essd diskplugin.csi.alibabacloud.com Delete Immediate true 14d
      storageclass.storage.k8s.io/alicloud-disk-ssd diskplugin.csi.alibabacloud.com Delete Immediate true 14d
      storageclass.storage.k8s.io/alicloud-disk-topology diskplugin.csi.alibabacloud.com Delete WaitForFirstConsumer true 14d
      [root@elec-iot002 ~]#

        liberal2020 做两步判断

        1. 查看一下 openldap的日志 kubectl -n kubesphere-system logs openldap-0, 看一下openldap是否正常启动,监听389端口。
        2. 如果正常启动,在192.168.1.143 上 telnet 172.20.0.205 389 看一下是不是可以连接, 判断一下是不是由于防火墙设置引起的

            liberal2020 上面配置没有看出什么问题。文档中的这一步你是不是没有改?

            注意 1:阿里云CSI创建硬盘要不小于20Gi,配置文件中 openldapVolumeSize、redisVolumSize 默认为 2Gi,请注意修改,否则会报下图中错误。


                还是一样的问题,是不是启动执行命令不正确?前几个就是修改了才正常启动的。

                  liberal2020 不要修改启动命令啊!!! KS的容器都是默认配置好了的,不需要修改。一般托管K8S平台只需要设置存储即可。目前测试的ubuntu/centos系统都是没有问题的。 我们稍后测试一下阿里系统的兼容型。

                      刚搭建后是这个现象:ks-apiserver和ks-controller-manager都CrashLoopBackOff,原因又是因为openldap和redis,Pending

                        liberal2020 可能跟你的存储类型有关,提交个阿里的工单咨询一下吧。 或者看一下阿里的文档。 OSS可能需要单独授权设置https://www.alibabacloud.com/help/zh/doc-detail/134896.htm?spm=a2c63.p38356.b99.286.38a43accOMHoQP