kubectl describe pod -n kubesphere-system ks-accoun
Namespace: kubesphere-system
Priority: 0
Node: bacn-master/192.168.1.149
Start Time: Thu, 05 Mar 2020 03:15:06 +0000
Labels: app=ks-account
pod-template-hash=596657f8c6
tier=backend
version=v2.1.1
Annotations: <none>
Status: Running
IP: 10.32.0.16
IPs:
IP: 10.32.0.16
Controlled By: ReplicaSet/ks-account-596657f8c6
Init Containers:
wait-redis:
Container ID: docker://3741c6c94b7e89745da2aaac450ceb4bd70807cf3f6ec61dc1654666ba133356
Image: alpine:3.10.4
Image ID: docker-pullable://alpine@sha256:7c3773f7bcc969f03f8f653910001d99a9d324b4b9caa008846ad2c3089f5a5f
Port: <none>
Host Port: <none>
Command:
sh
-c
until nc -z redis.kubesphere-system.svc 6379; do echo "waiting for redis"; sleep 2; done;
State: Terminated
Reason: Completed
Exit Code: 0
Started: Thu, 05 Mar 2020 03:15:09 +0000
Finished: Thu, 05 Mar 2020 03:15:09 +0000
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kubesphere-token-6cwdd (ro)
wait-ldap:
Container ID: docker://9838f33d166c3dfde4d008573b92267071c491486a440c1e72d6d6e2df8b3855
Image: alpine:3.10.4
Image ID: docker-pullable://alpine@sha256:7c3773f7bcc969f03f8f653910001d99a9d324b4b9caa008846ad2c3089f5a5f
Port: <none>
Host Port: <none>
Command:
sh
-c
until nc -z openldap.kubesphere-system.svc 389; do echo "waiting for ldap"; sleep 2; done;
State: Terminated
Reason: Completed
Exit Code: 0
Started: Thu, 05 Mar 2020 03:15:10 +0000
Finished: Thu, 05 Mar 2020 03:24:01 +0000
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kubesphere-token-6cwdd (ro)
Containers:
ks-account:
Container ID: docker://6fb381b61b7469a0af9b42ec0c1d65ba98e14dc6f69770fff6e8ecc0b61125de
Image: kubesphere/ks-account:v2.1.1
Image ID: docker-pullable://kubesphere/ks-account@sha256:6fccef53ab7a269160ce7816dfe3583730ac7fe2064ea5c9e3ce5e366f3470eb
Port: 9090/TCP
Host Port: 0/TCP
Command:
ks-iam
--logtostderr=true
--jwt-secret=$(JWT_SECRET)
--admin-password=$(ADMIN_PASSWORD)
--enable-multi-login=False
--token-idle-timeout=40m
--redis-url=redis://redis.kubesphere-system.svc:6379
--generate-kubeconfig=true
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 1
Started: Thu, 05 Mar 2020 05:48:30 +0000
Finished: Thu, 05 Mar 2020 05:48:31 +0000
Ready: False
Restart Count: 33
Limits:
cpu: 1
memory: 500Mi
Requests:
cpu: 20m
memory: 100Mi
Environment:
KUBECTL_IMAGE: kubesphere/kubectl:v1.0.0
JWT_SECRET: <set to the key 'jwt-secret' in secret 'ks-account-secret'> Optional: false
ADMIN_PASSWORD: <set to the key 'admin-password' in secret 'ks-account-secret'> Optional: false
Mounts:
/etc/ks-iam from user-init (rw)
/etc/kubesphere from kubesphere-config (rw)
/etc/kubesphere/rules from policy-rules (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kubesphere-token-6cwdd (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
policy-rules:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: policy-rules
Optional: false
user-init:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: user-init
Optional: false
kubesphere-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: kubesphere-config
Optional: false
kubesphere-token-6cwdd:
Type: Secret (a volume populated by a Secret)
SecretName: kubesphere-token-6cwdd
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: CriticalAddonsOnly
node-role.kubernetes.io/master:NoSchedule
node.kubernetes.io/not-ready:NoExecute for 60s
node.kubernetes.io/unreachable:NoExecute for 60s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning BackOff 35s (x674 over 146m) kubelet, bacn-master Back-off restarting failed container
kubectl logs -n kubesphere-system ks-account-596657f8c6-7wfdn
E0305 05:48:31.161299 1 ldap.go:78] LDAP Result Code 49 "Invalid Credentials":
E0305 05:48:31.161376 1 im.go:87] create default users LDAP Result Code 49 "Invalid Credentials":
Error: LDAP Result Code 49 "Invalid Credentials":
Usage:
ks-iam [flags]
Flags:
--add-dir-header If true, adds the file directory to the header
--admin-email string default administrator's email (default "admin@kubesphere.io")
--admin-password string default administrator's password (default "passw0rd")
--alsologtostderr log to standard error as well as files
--auth-rate-limit string specifies the maximum number of authentication attempts permitted and time interval,valid time units are "s","m","h" (default "5/30m")
--bind-address string server bind address (default "0.0.0.0")
--enable-multi-login allow one account to have multiple sessions
--generate-kubeconfig generate kubeconfig for new users, kubeconfig is required in devops pipeline, set to false if you don't need devops. (default true)
-h, --help help for ks-iam
--insecure-port int insecure port number (default 9090)
--jwt-secret string jwt secret
--kubeconfig string Path for kubernetes kubeconfig file, if left blank, will use in cluster way.
--ldap-group-search-base string Ldap group search base. (default "ou=Groups,dc=example,dc=org")
--ldap-host string Ldap service host, if left blank, all of the following ldap options will be ignored and ldap will be disabled.
--ldap-manager-dn string Ldap manager account domain name. (default "cn=admin,dc=example,dc=org")
--ldap-manager-password string Ldap manager account password.
--ldap-user-search-base string Ldap user search base. (default "ou=Users,dc=example,dc=org")
--log-backtrace-at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log-dir string If non-empty, write log files in this directory
--log-file string If non-empty, use this log file
--log-file-max-size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--master string Used to generate kubeconfig for downloading, if not specified, will use host in kubeconfig.
--mysql-host string MySQL service host address. If left blank, the following related mysql options will be ignored.
--mysql-max-connection-life-time duration Maximum connection life time allowed to connecto to mysql. (default 10s)
--mysql-max-idle-connections int Maximum idle connections allowed to connect to mysql. (default 100)
--mysql-max-open-connections int Maximum open connections allowed to connect to mysql. (default 100)
--mysql-password string Password for access to mysql, should be used pair with password.
--mysql-username string Username for access to mysql service.
--redis-url string Redis connection URL. If left blank, means redis is unnecessary, redis will be disabled. e.g. redis://:password@host:port/db
--secure-port int secure port number
--skip-headers If true, avoid header prefixes in the log messages
--skip-log-headers If true, avoid headers when opening log files
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--tls-cert-file string tls cert file
--tls-private-key string tls private key
--token-idle-timeout duration tokens that are idle beyond that time will expire,0s means the token has no expiration time. valid time units are "ns","us","ms","s","m","h" (default 30m0s)
-v, --v Level number for the log level verbosity
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
2020/03/05 05:48:31 LDAP Result Code 49 "Invalid Credentials":
kubectl get pods –all-namespaces
kube-system coredns-7f9c544f75-jl5nv 1/1 Running 1 2d14h
kube-system coredns-7f9c544f75-nvcnb 1/1 Running 1 2d14h
kube-system etcd-bacn-master 1/1 Running 2 2d14h
kube-system kube-apiserver-bacn-master 1/1 Running 2 2d14h
kube-system kube-controller-manager-bacn-master 1/1 Running 4 2d14h
kube-system kube-proxy-9df5m 1/1 Running 0 47h
kube-system kube-proxy-lbfpl 1/1 Running 1 47h
kube-system kube-proxy-qwc85 1/1 Running 2 2d14h
kube-system kube-scheduler-bacn-master 1/1 Running 4 2d14h
kube-system tiller-deploy-679444d84d-g9jsf 1/1 Running 0 28h
kube-system weave-net-k6g27 2/2 Running 3 47h
kube-system weave-net-n9r9x 2/2 Running 0 47h
kube-system weave-net-x6pdq 2/2 Running 3 47h
kubesphere-controls-system default-http-backend-5d464dd566-kzf7x 1/1 Running 0 16h
kubesphere-monitoring-system kube-state-metrics-566cdbcb48-rpbqg 4/4 Running 0 16h
kubesphere-monitoring-system node-exporter-7mxk6 2/2 Running 0 16h
kubesphere-monitoring-system node-exporter-qd7zx 2/2 Running 0 16h
kubesphere-monitoring-system node-exporter-wnlz7 2/2 Running 0 16h
kubesphere-monitoring-system prometheus-k8s-0 3/3 Running 1 16h
kubesphere-monitoring-system prometheus-k8s-system-0 3/3 Running 1 16h
kubesphere-monitoring-system prometheus-operator-6b97679cfd-kdc7q 1/1 Running 0 16h
kubesphere-system ks-account-596657f8c6-7wfdn 0/1 CrashLoopBackOff 33 157m
kubesphere-system ks-apigateway-78bcdc8ffc-55rhm 1/1 Running 0 15h
kubesphere-system ks-apiserver-5b548d7c5c-cw88l 1/1 Running 0 16h
kubesphere-system ks-console-78bcf96dbf-8qf7h 1/1 Running 0 16h
kubesphere-system ks-controller-manager-696986f8d9-7dscc 1/1 Running 0 16h
kubesphere-system ks-installer-75b8d89dff-fgd5t 1/1 Running 0 16h
kubesphere-system openldap-7d7489fb64-96vgp 1/1 Running 0 151m
kubesphere-system redis-6fd6c6d6f9-8n864 1/1 Running 0 15h
openebs openebs-admission-server-5cf6864fbf-pdctb 1/1 Running 0 16h
openebs openebs-apiserver-bc55cd99b-6fb9n 1/1 Running 4 16h
openebs openebs-localpv-provisioner-85ff89dd44-k4sjj 1/1 Running 0 16h
openebs openebs-ndm-9947q 1/1 Running 0 16h
openebs openebs-ndm-dvlds 1/1 Running 0 16h
openebs openebs-ndm-operator-87df44d9-wlsc6 1/1 Running 1 16h
openebs openebs-ndm-w7xm4 1/1 Running 0 16h
openebs openebs-provisioner-7f86c6bb64-fdfr7 1/1 Running 0 16h
openebs openebs-snapshot-operator-54b9c886bf-dzvxt 2/2 Running 0 16h
