感谢那么快的答复。
当前状态是这样的:
Name: openldap-0
Namespace: kubesphere-system
Priority: 0
Node: cn-shanghai.192.168.1.143/192.168.1.143
Start Time: Fri, 27 Nov 2020 10:51:39 +0800
Labels: app.kubernetes.io/instance=ks-openldap
app.kubernetes.io/name=openldap-ha
controller-revision-hash=openldap-5d5b768f7b
statefulset.kubernetes.io/pod-name=openldap-0
Annotations: kubernetes.io/psp: ack.privileged
Status: Running
IP: 172.20.0.205
IPs:
IP: 172.20.0.205
Controlled By: StatefulSet/openldap
Containers:
openldap-ha:
Container ID: docker://d86bb9496f6aa7673677cbb1aae7b30222593042b0603552524eec37199958f7
Image: osixia/openldap:1.3.0
Image ID: docker-pullable://osixia/openldap@sha256:66bf8dafc3c47a387dfa9d87425acab96acd8a3f2a62a8f6393584c27777cb41
Port: 389/TCP
Host Port: 0/TCP
Command:
/bin/sh
-ce
tail -f /dev/null
State: Running
Started: Fri, 27 Nov 2020 10:51:40 +0800
Ready: False
Restart Count: 0
Liveness: tcp-socket :389 delay=30s timeout=1s period=15s #success=1 #failure=3
Readiness: tcp-socket :389 delay=30s timeout=1s period=15s #success=1 #failure=3
Environment:
LDAP_ORGANISATION: kubesphere
LDAP_CONFIG_PASSWORD: admin
LDAP_ADMIN_PASSWORD: admin
LDAP_REPLICATION: false
LDAP_TLS: false
LDAP_REMOVE_CONFIG_AFTER_SETUP: true
MY_POD_NAME: openldap-0 (v1:metadata.name)
HOSTNAME: $(MY_POD_NAME).openldap
Mounts:
/etc/ldap/slapd.d from volume-openldap-pvc-openldap-0 (rw)
/var/lib/ldap from volume-openldap-pvc-openldap-0 (rw)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-94w4w (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
openldap-pvc:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: openldap-pvc-openldap-0
ReadOnly: false
volume-openldap-pvc-openldap-0:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: openldap-pvc-openldap-0
ReadOnly: false
default-token-94w4w:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-94w4w
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: CriticalAddonsOnly
node-role.kubernetes.io/master:NoSchedule
node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message

Normal Scheduled <unknown> default-scheduler Successfully assigned kubesphere-system/openldap-0 to cn-shanghai.192.168.1.143
Normal Pulled 51s kubelet, cn-shanghai.192.168.1.143 Container image “osixia/openldap:1.3.0” already present on machine
Normal Created 51s kubelet, cn-shanghai.192.168.1.143 Created container openldap-ha
Normal Started 51s kubelet, cn-shanghai.192.168.1.143 Started container openldap-ha
Warning Unhealthy 5s (x2 over 20s) kubelet, cn-shanghai.192.168.1.143 Liveness probe failed: dial tcp 172.20.0.205:389: connect: connection refused
Warning Unhealthy 4s (x2 over 19s) kubelet, cn-shanghai.192.168.1.143 Readiness probe failed: dial tcp 172.20.0.205:389: connect: connection refused
[root@elec-iot002 ~]#
[root@elec-iot002 ~]#

[root@elec-iot002 ~]# kubectl get pv,sc
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
persistentvolume/d-uf68cq091ncbv3dmx1o2 20Gi RWO Delete Terminating kubesphere-monitoring-system/prometheus-k8s-db-prometheus-k8s-1 alicloud-disk-efficiency 23m
persistentvolume/d-uf68qanynb5ekv00b9c9 20Gi RWO Delete Terminating kubesphere-monitoring-system/prometheus-k8s-db-prometheus-k8s-0 alicloud-disk-efficiency 23m
persistentvolume/kubesphere-system-pvc-openldap-pvc-openldap-0 2Gi RWX Retain Bound kubesphere-system/openldap-pvc-openldap-0 oss 17m
persistentvolume/kubesphere-system-pvc-redis-pvc 2Gi RWX Retain Bound kubesphere-system/redis-pvc oss 17m

NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
storageclass.storage.k8s.io/alicloud-disk-available diskplugin.csi.alibabacloud.com Delete Immediate true 14d
storageclass.storage.k8s.io/alicloud-disk-efficiency (default) diskplugin.csi.alibabacloud.com Delete Immediate true 14d
storageclass.storage.k8s.io/alicloud-disk-essd diskplugin.csi.alibabacloud.com Delete Immediate true 14d
storageclass.storage.k8s.io/alicloud-disk-ssd diskplugin.csi.alibabacloud.com Delete Immediate true 14d
storageclass.storage.k8s.io/alicloud-disk-topology diskplugin.csi.alibabacloud.com Delete WaitForFirstConsumer true 14d
[root@elec-iot002 ~]#

    liberal2020 做两步判断

    1. 查看一下 openldap的日志 kubectl -n kubesphere-system logs openldap-0, 看一下openldap是否正常启动,监听389端口。
    2. 如果正常启动,在192.168.1.143 上 telnet 172.20.0.205 389 看一下是不是可以连接, 判断一下是不是由于防火墙设置引起的

        liberal2020 上面配置没有看出什么问题。文档中的这一步你是不是没有改?

        注意 1:阿里云CSI创建硬盘要不小于20Gi,配置文件中 openldapVolumeSize、redisVolumSize 默认为 2Gi,请注意修改,否则会报下图中错误。


            还是一样的问题,是不是启动执行命令不正确?前几个就是修改了才正常启动的。

              liberal2020 不要修改启动命令啊!!! KS的容器都是默认配置好了的,不需要修改。一般托管K8S平台只需要设置存储即可。目前测试的ubuntu/centos系统都是没有问题的。 我们稍后测试一下阿里系统的兼容型。

                  刚搭建后是这个现象:ks-apiserver和ks-controller-manager都CrashLoopBackOff,原因又是因为openldap和redis,Pending

                    liberal2020 可能跟你的存储类型有关,提交个阿里的工单咨询一下吧。 或者看一下阿里的文档。 OSS可能需要单独授权设置https://www.alibabacloud.com/help/zh/doc-detail/134896.htm?spm=a2c63.p38356.b99.286.38a43accOMHoQP