问题1:
虽然每次通过yaml创建rc都显示成功了,但是 kubectl get pod却没显示任何的pod.问题2:
直接通过yaml创建pod提示apixxx问题3:
通过.json文件创建pod 未验证原因是身份认证
解决方法有两种,我用的第一种:1.跳过认证
创建pod:# kubectl create -f nginx.yaml此时有如下报错:Error from server: error when creating "nginx.yaml": Pod "nginx" is forbidden: no API token found for service account default/default, retry after the token is automatically created and added to the service account解决办法是编辑/etc/kubernetes/apiserver 去除 KUBE_ADMISSION_CONTROL中的SecurityContextDeny,ServiceAccount,并重启kube-apiserver.service服务:#vim /etc/kubernetes/apiserverKUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"#systemctl restart kube-apiserver.service之后重新创建pod:# kubectl create -f nginx.yamlpods/nginx
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
2.解决认证
出处:
To get your setup working, you can do the same thing local-up-cluster.sh is doing:
Generate a signing key:
openssl genrsa -out /tmp/serviceaccount.key 2048Update /etc/kubernetes/apiserver:
KUBE_API_ARGS=”–service_account_key_file=/tmp/serviceaccount.key”Update /etc/kubernetes/controller-manager:
KUBE_CONTROLLER_MANAGER_ARGS=”–service_account_private_key_file=/tmp/serviceaccount.key”From
完了之后可以看到pod了,但是发现是挂起状态,pending,于是查了下发现是因为无法从gcr.io拉取pause0.8.0的镜像。那么很简单 就找个可用的镜像拉取即可。
pull docker.io/kubernetes/pause现在再来看看pod:
OK了!。至此,问题解决。
http://blog.csdn.net/jinzhencs/article/details/51435020