通过这篇文档:https://kubesphere.com.cn/forum/d/1745-kubesphere-v3-0-0-dev-on-ack

  1. 其中使用OSS对象存储,非动态存储;
  2. ks-apiserver 修复:使用command: [ “/bin/sh”, “-ce”, “tail -f /dev/null”]才能正常;
  3. 目前还剩下openldap-0无法成功,报错是探针失败Liveness probe failed: dial tcp 172.20.0.252:389: connect: connection refused,不清楚为什么,论坛找了一圈都没有这个问题?用的是阿里1.18系统版本。

以下是这个的配置:
spec:
podManagementPolicy: OrderedReady
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/instance: ks-openldap
app.kubernetes.io/name: openldap-ha
serviceName: openldap
template:
metadata:
labels:
app.kubernetes.io/instance: ks-openldap
app.kubernetes.io/name: openldap-ha
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: In
values:
- ''
weight: 100
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/instance: ks-openldap
app.kubernetes.io/name: openldap-ha
topologyKey: kubernetes.io/hostname
containers:
- command:
- /bin/sh
- ‘-ce’
- tail -f /dev/null
env:
- name: LDAP_ORGANISATION
value: kubesphere
- name: LDAP_DOMAIN
value: kubesphere.io
- name: LDAP_CONFIG_PASSWORD
value: admin
- name: LDAP_ADMIN_PASSWORD
value: admin
- name: LDAP_REPLICATION
value: ‘false’
- name: LDAP_TLS
value: ‘false’
- name: LDAP_REMOVE_CONFIG_AFTER_SETUP
value: ‘true’
- name: MY_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: HOSTNAME
value: $(MY_POD_NAME).openldap
image: ‘osixia/openldap:1.3.0’
imagePullPolicy: IfNotPresent
lifecycle: {}
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 389
timeoutSeconds: 1
name: openldap-ha
ports:
- containerPort: 389
name: ldap
protocol: TCP
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 389
timeoutSeconds: 1
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/lib/ldap
name: volume-openldap-pvc-openldap-0
- mountPath: /etc/ldap/slapd.d
name: volume-openldap-pvc-openldap-0
dnsConfig: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
seLinuxOptions: {}
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- key: CriticalAddonsOnly
operator: Exists
volumes:
- name: volume-openldap-pvc-openldap-0
persistentVolumeClaim:
claimName: openldap-pvc-openldap-0
updateStrategy:
rollingUpdate:
partition: 0
type: RollingUpdate
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: openldap-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
volumeMode: Filesystem
status:
phase: Pending
status:
collisionCount: 0
currentReplicas: 1
currentRevision: openldap-55cb7fb655
observedGeneration: 48
replicas: 1
updateRevision: openldap-55cb7fb655
updatedReplicas: 1

阿里云版本:
Client Version: version.Info{Major:“1”, Minor:“18+”, GitVersion:“v1.18.8-aliyun.1”, GitCommit:“d2f5a0f”, GitTreeState:"", BuildDate:“2020-10-23T07:01:01Z”, GoVersion:“go1.13.15”, Compiler:“gc”, Platform:“linux/amd64”}
Server Version: version.Info{Major:“1”, Minor:“18+”, GitVersion:“v1.18.8-aliyun.1”, GitCommit:“d2f5a0f”, GitTreeState:"", BuildDate:“2020-10-23T06:48:31Z”, GoVersion:“go1.13.15”, Compiler:“gc”, Platform:“linux/amd64”}

    liberal2020
    首先 看一下 openldap-0 为什么是pending状态,
    kubectl -n kubesphere-system describe pod openldap-0
    如果是由于存储未创建,查看一下你是否设置了默认存储,以及pv的状态
    kubectl get pv,sc

        感谢那么快的答复。
        当前状态是这样的:
        Name: openldap-0
        Namespace: kubesphere-system
        Priority: 0
        Node: cn-shanghai.192.168.1.143/192.168.1.143
        Start Time: Fri, 27 Nov 2020 10:51:39 +0800
        Labels: app.kubernetes.io/instance=ks-openldap
        app.kubernetes.io/name=openldap-ha
        controller-revision-hash=openldap-5d5b768f7b
        statefulset.kubernetes.io/pod-name=openldap-0
        Annotations: kubernetes.io/psp: ack.privileged
        Status: Running
        IP: 172.20.0.205
        IPs:
        IP: 172.20.0.205
        Controlled By: StatefulSet/openldap
        Containers:
        openldap-ha:
        Container ID: docker://d86bb9496f6aa7673677cbb1aae7b30222593042b0603552524eec37199958f7
        Image: osixia/openldap:1.3.0
        Image ID: docker-pullable://osixia/openldap@sha256:66bf8dafc3c47a387dfa9d87425acab96acd8a3f2a62a8f6393584c27777cb41
        Port: 389/TCP
        Host Port: 0/TCP
        Command:
        /bin/sh
        -ce
        tail -f /dev/null
        State: Running
        Started: Fri, 27 Nov 2020 10:51:40 +0800
        Ready: False
        Restart Count: 0
        Liveness: tcp-socket :389 delay=30s timeout=1s period=15s #success=1 #failure=3
        Readiness: tcp-socket :389 delay=30s timeout=1s period=15s #success=1 #failure=3
        Environment:
        LDAP_ORGANISATION: kubesphere
        LDAP_CONFIG_PASSWORD: admin
        LDAP_ADMIN_PASSWORD: admin
        LDAP_REPLICATION: false
        LDAP_TLS: false
        LDAP_REMOVE_CONFIG_AFTER_SETUP: true
        MY_POD_NAME: openldap-0 (v1:metadata.name)
        HOSTNAME: $(MY_POD_NAME).openldap
        Mounts:
        /etc/ldap/slapd.d from volume-openldap-pvc-openldap-0 (rw)
        /var/lib/ldap from volume-openldap-pvc-openldap-0 (rw)
        /var/run/secrets/kubernetes.io/serviceaccount from default-token-94w4w (ro)
        Conditions:
        Type Status
        Initialized True
        Ready False
        ContainersReady False
        PodScheduled True
        Volumes:
        openldap-pvc:
        Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
        ClaimName: openldap-pvc-openldap-0
        ReadOnly: false
        volume-openldap-pvc-openldap-0:
        Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
        ClaimName: openldap-pvc-openldap-0
        ReadOnly: false
        default-token-94w4w:
        Type: Secret (a volume populated by a Secret)
        SecretName: default-token-94w4w
        Optional: false
        QoS Class: BestEffort
        Node-Selectors: <none>
        Tolerations: CriticalAddonsOnly
        node-role.kubernetes.io/master:NoSchedule
        node.kubernetes.io/not-ready:NoExecute for 300s
        node.kubernetes.io/unreachable:NoExecute for 300s
        Events:
        Type Reason Age From Message

        Normal Scheduled <unknown> default-scheduler Successfully assigned kubesphere-system/openldap-0 to cn-shanghai.192.168.1.143
        Normal Pulled 51s kubelet, cn-shanghai.192.168.1.143 Container image “osixia/openldap:1.3.0” already present on machine
        Normal Created 51s kubelet, cn-shanghai.192.168.1.143 Created container openldap-ha
        Normal Started 51s kubelet, cn-shanghai.192.168.1.143 Started container openldap-ha
        Warning Unhealthy 5s (x2 over 20s) kubelet, cn-shanghai.192.168.1.143 Liveness probe failed: dial tcp 172.20.0.205:389: connect: connection refused
        Warning Unhealthy 4s (x2 over 19s) kubelet, cn-shanghai.192.168.1.143 Readiness probe failed: dial tcp 172.20.0.205:389: connect: connection refused
        [root@elec-iot002 ~]#
        [root@elec-iot002 ~]#

        [root@elec-iot002 ~]# kubectl get pv,sc
        NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
        persistentvolume/d-uf68cq091ncbv3dmx1o2 20Gi RWO Delete Terminating kubesphere-monitoring-system/prometheus-k8s-db-prometheus-k8s-1 alicloud-disk-efficiency 23m
        persistentvolume/d-uf68qanynb5ekv00b9c9 20Gi RWO Delete Terminating kubesphere-monitoring-system/prometheus-k8s-db-prometheus-k8s-0 alicloud-disk-efficiency 23m
        persistentvolume/kubesphere-system-pvc-openldap-pvc-openldap-0 2Gi RWX Retain Bound kubesphere-system/openldap-pvc-openldap-0 oss 17m
        persistentvolume/kubesphere-system-pvc-redis-pvc 2Gi RWX Retain Bound kubesphere-system/redis-pvc oss 17m

        NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
        storageclass.storage.k8s.io/alicloud-disk-available diskplugin.csi.alibabacloud.com Delete Immediate true 14d
        storageclass.storage.k8s.io/alicloud-disk-efficiency (default) diskplugin.csi.alibabacloud.com Delete Immediate true 14d
        storageclass.storage.k8s.io/alicloud-disk-essd diskplugin.csi.alibabacloud.com Delete Immediate true 14d
        storageclass.storage.k8s.io/alicloud-disk-ssd diskplugin.csi.alibabacloud.com Delete Immediate true 14d
        storageclass.storage.k8s.io/alicloud-disk-topology diskplugin.csi.alibabacloud.com Delete WaitForFirstConsumer true 14d
        [root@elec-iot002 ~]#

          liberal2020 做两步判断

          1. 查看一下 openldap的日志 kubectl -n kubesphere-system logs openldap-0, 看一下openldap是否正常启动,监听389端口。
          2. 如果正常启动,在192.168.1.143 上 telnet 172.20.0.205 389 看一下是不是可以连接, 判断一下是不是由于防火墙设置引起的

              liberal2020 上面配置没有看出什么问题。文档中的这一步你是不是没有改?

              注意 1:阿里云CSI创建硬盘要不小于20Gi,配置文件中 openldapVolumeSize、redisVolumSize 默认为 2Gi,请注意修改,否则会报下图中错误。


                  还是一样的问题,是不是启动执行命令不正确?前几个就是修改了才正常启动的。

                    liberal2020 不要修改启动命令啊!!! KS的容器都是默认配置好了的,不需要修改。一般托管K8S平台只需要设置存储即可。目前测试的ubuntu/centos系统都是没有问题的。 我们稍后测试一下阿里系统的兼容型。

                        刚搭建后是这个现象:ks-apiserver和ks-controller-manager都CrashLoopBackOff,原因又是因为openldap和redis,Pending

                          liberal2020 可能跟你的存储类型有关,提交个阿里的工单咨询一下吧。 或者看一下阿里的文档。 OSS可能需要单独授权设置https://www.alibabacloud.com/help/zh/doc-detail/134896.htm?spm=a2c63.p38356.b99.286.38a43accOMHoQP