helm upgrade repo在我的 Kubernetes 集群上执行,但命令失败并出现超时错误,因为其中一个 Pod 卡在了阶段。检查 Pod 后,我发现它遇到了卷挂载错误,因为 Pod 被安排在 Windows 节点上,而卷挂载与 Windows 不兼容。ContainerCreating
以下是我使用过的 helm upgrade 命令。
helm upgrade prometheus prometheus-community/kube-prometheus-stack --install --namespace monitoring --create-namespace --timeout 10m --wait --set prometheus.prometheusSpec.nodeSelector.agentpool=default --set-string prometheus.'service.annotations.service\.beta\.kubernetes\.io\/azure-load-balancer-internal=true' --set prometheus.service.type=LoadBalancer --set prometheus.service.loadBalancerIP=10.100.31.253 -f values.yaml
Azure 管道错误
错误:升级失败:升级前挂钩失败:发生 1 个错误:等待条件超时
检查时发现其中一个 Pod 卡在 ContainerCreating 阶段
prometheus-kube-prometheus-admission-create-8j76f 0/1 ContainerCreating 0 153m
pod 的错误信息提示存在卷挂载问题,似乎该 Pod 已被调度到 Windows 节点上,这与卷挂载配置不兼容
卷“kube-api-access-wlr8t”的 MountVolume.SetUp 失败:chown c:\var\lib\kubelet\pods\5ba15997-b7e4-4379-90b7-be6a081bb0a8\volumes\kubernetes.io~projected\kube-api-access-wlr8t..2024_07_03_17_40_02.2636769889\token:不受 Windows 支持
Pod yaml 如下所示
kind: Pod
apiVersion: v1
metadata:
name: prometheus-kube-prometheus-admission-create-9km9z
generateName: prometheus-kube-prometheus-admission-create-
namespace: monitoring
uid: 5ba15997-b7e4-4379-90b7-be6a081bb0a8
resourceVersion: '366287489'
creationTimestamp: '2024-07-03T17:40:02Z'
labels:
app: kube-prometheus-stack-admission-create
app.kubernetes.io/component: prometheus-operator-webhook
app.kubernetes.io/instance: prometheus
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kube-prometheus-stack-prometheus-operator
app.kubernetes.io/part-of: kube-prometheus-stack
app.kubernetes.io/version: 61.2.0
batch.kubernetes.io/controller-uid: dbb71161-30b5-40bc-9ecb-371f0a097bd0
batch.kubernetes.io/job-name: prometheus-kube-prometheus-admission-create
chart: kube-prometheus-stack-61.2.0
controller-uid: dbb71161-30b5-40bc-9ecb-371f0a097bd0
heritage: Helm
job-name: prometheus-kube-prometheus-admission-create
release: prometheus
ownerReferences:
- apiVersion: batch/v1
kind: Job
name: prometheus-kube-prometheus-admission-create
uid: dbb71161-30b5-40bc-9ecb-371f0a097bd0
controller: true
blockOwnerDeletion: true
finalizers:
- batch.kubernetes.io/job-tracking
spec:
volumes:
- name: kube-api-access-wlr8t
projected:
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
name: kube-root-ca.crt
items:
- key: ca.crt
path: ca.crt
- downwardAPI:
items:
- path: namespace
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
defaultMode: 420
containers:
- name: create
image: >-
registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6
args:
- create
- >-
--host=prometheus-kube-prometheus-operator,prometheus-kube-prometheus-operator.monitoring.svc
- '--namespace=monitoring'
- '--secret-name=prometheus-kube-prometheus-admission'
resources: {}
volumeMounts:
- name: kube-api-access-wlr8t
readOnly: true
mountPath: /var/run/secrets/kubernetes.io/serviceaccount
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
restartPolicy: OnFailure
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
serviceAccountName: prometheus-kube-prometheus-admission
serviceAccount: prometheus-kube-prometheus-admission
nodeName: akswin22000000
securityContext:
runAsUser: 2000
runAsGroup: 2000
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
schedulerName: default-scheduler
tolerations:
- key: node.kubernetes.io/not-ready
operator: Exists
effect: NoExecute
tolerationSeconds: 300
- key: node.kubernetes.io/unreachable
operator: Exists
effect: NoExecute
tolerationSeconds: 300
priority: 0
enableServiceLinks: true
preemptionPolicy: PreemptLowerPriority
status:
phase: Pending
conditions:
- type: Initialized
status: 'True'
lastProbeTime: null
lastTransitionTime: '2024-07-03T17:40:02Z'
- type: Ready
status: 'False'
lastProbeTime: null
lastTransitionTime: '2024-07-03T17:40:02Z'
reason: ContainersNotReady
message: 'containers with unready status: [create]'
- type: ContainersReady
status: 'False'
lastProbeTime: null
lastTransitionTime: '2024-07-03T17:40:02Z'
reason: ContainersNotReady
message: 'containers with unready status: [create]'
- type: PodScheduled
status: 'True'
lastProbeTime: null
lastTransitionTime: '2024-07-03T17:40:02Z'
hostIP: 10.204.0.94
startTime: '2024-07-03T17:40:02Z'
containerStatuses:
- name: create
state:
waiting:
reason: ContainerCreating
lastState: {}
ready: false
restartCount: 0
我如何修改这个 pod 规范以确保 Pod 仅在使用 values.yaml 文件在 Linux 节点上进行调度。
有任何建议或指示可以让这个 pod 在 kube 集群上启动并运行吗?
|