Kubernetes Error

发表于 | 分类于

Depoloy

Zone

  1. 1 node(s) had volume node affinity conflict

The error “volume node affinity conflict” happens when the persistent volume claims that the pod is using are scheduled on different zones, rather than on one zone, and so the actual pod was not able to be scheduled because it cannot connect to the volume from another zone.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
kind: StorageClass
apiVersion: storage.k8s.io/v1beta1
metadata:
  name: pd-standard
provisioner: kubernetes.io/gce-pd
reclaimPolicy: Retain
parameters:
  type: pd-standard
volumeBindingMode: WaitForFirstConsumer
allowedTopologies:
  - matchLabelExpressions:
      - key: failure-domain.beta.kubernetes.io/zone
        values:
          - asia-east2-b

Mongo

  1. 部署集群时候出错:’pods is forbidden: User “system:serviceaccount:default:default” cannot list pods at the cluster scope: Unknown user “system:serviceaccount:default:default”‘

由于Container Engine在创建角色或ClusterRole时检查权限的方式,因此必须先创建一个RoleBinding,以授予您要创建的角色中包含的所有权限。

  • 查看当前所使用的账户
1
gcloud info | grep Account
  • 赋予上面账户管理员权限
1
2
3
kubectl create clusterrolebinding myname-cluster-admin-binding \
  --clusterrole=cluster-admin \
  --user=myname@example.org
  • 创建应用部署权限账号
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: mongo-role
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["list"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: mongo-account
  namespace: default

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: mongo-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: mongo-role
subjects:
- kind: ServiceAccount
  name: mongo-account
  namespace: default
  • 部署应用增加权限
1
2
3
4
5
6
7
8
9
10
11
12
13
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
  name: mongo-deployment
spec:
  serviceName: "mongo-headless-service"
  replicas: 3
  template:
    metadata:
      labels:
        app: mongo
    spec:
      serviceAccountName: mongo-account

PV,PVC

AttachVolume.Attach failed for volume

1
AttachVolume.Attach failed for volume "pvc-9f48652a-e478-4f91-8fc8-42b27587338d" : failed to attach e7246a1a-3def-4e33-97d1-b26ff3b66ade volume to 9e202548-f70f-4422-b870-2c9629f718b0 compute: Expected HTTP response code [200] when accessing [POST https://compute.bhs5.cloud.ovh.net/v2.1/9132a2edd6544bd794768a0286a9a24a/servers/9e202548-f70f-4422-b870-2c9629f718b0/os-volume_attachments], but got 409 instead {"conflictingRequest": {"message": "Cannot 'attach_volume' instance 9e202548-f70f-4422-b870-2c9629f718b0 while it is in task_state migrating", "code": 409}}