docker上的Kubernetes使用空serviceaccount创建容器，并且没有导致容器崩溃和重新启动的令牌_Docker_Crash_Kubernetes_Unauthorized_Kube Dns

docker上的Kubernetes使用空serviceaccount创建容器，并且没有导致容器崩溃和重新启动的令牌

docker kubernetes

docker上的Kubernetes使用空serviceaccount创建容器，并且没有导致容器崩溃和重新启动的令牌,docker,crash,kubernetes,unauthorized,kube-dns,Docker,Crash,Kubernetes,Unauthorized,Kube Dns,仍然遇到类似的问题1.3.0和1.4.0-alpha.0 在我的情况下（基于docker的设置），trusty或kubedns都会从api服务器获得未经授权的权限奇怪的是，我发现这些秘密不在实例中，在路径/var/run/secrets/kubernetes.io/servicecomport下 [root@ ... ]# kubectl exec -it kube-dns-v13-htfjo ls /bin/sh / # / # ls /var/run/secrets/kubernetes

仍然遇到类似的问题1.3.0和1.4.0-alpha.0

在我的情况下（基于docker的设置），trusty或kubedns都会从api服务器获得未经授权的权限

奇怪的是，我发现这些秘密不在实例中，在路径/var/run/secrets/kubernetes.io/servicecomport下

[root@ ... ]#  kubectl exec -it kube-dns-v13-htfjo ls /bin/sh
/ #
/ # ls /var/run/secrets/kubernetes.io/serviceaccount
/ #

而它们似乎在节点和代理实例中

tmpfs on /var/lib/kubelet/pods/3de53b0c-45bb-11e6-9f03-08002776167a/volumes/kubernetes.io~secret/default-token-8axd8 type
tmpfs on /var/lib/kubelet/pods/3de5591e-45bb-11e6-9f03-08002776167a/volumes/kubernetes.io~secret/default-token-8axd8 type
tmpfs on /var/lib/kubelet/pods/f29f35c7-45cc-11e6-9f03-08002776167a/volumes/kubernetes.io~secret/default-token-ql88q type

删除秘密并删除播客，然后重新创建它们没有效果
卸载和删除文件夹后重新启动群集也没有效果

这自然会导致库贝德人无法启动。记录在下面

I0709 09:04:11.578816       1 dns.go:394] Received DNS Request:kubernetes.default.svc.cluster.local., exact:false
I0709 09:04:11.578873       1 dns.go:427] records:[], retval:[], path:[local cluster svc default kubernetes]
I0709 09:04:11.579657       1 dns.go:394] Received DNS Request:kubernetes.default.svc.cluster.local., exact:false
I0709 09:04:11.579677       1 dns.go:427] records:[], retval:[], path:[local cluster svc default kubernetes]
E0709 09:04:11.786646       1 reflector.go:216] pkg/dns/dns.go:128: Failed to list *api.Service: serializer for text/html; charset=utf-8 doesn't exist
E0709 09:04:11.786995       1 reflector.go:216] pkg/dns/dns.go:127: Failed to list *api.Endpoints: serializer for text/html; charset=utf-8 doesn't exist
I0709 09:04:12.488674       1 dns.go:145] Ignoring error while waiting for service default/kubernetes: serializer for text/html; charset=utf-8 doesn't exist. Sleeping 1s before retrying.
E0709 09:04:12.879701       1 reflector.go:216] pkg/dns/dns.go:128: Failed to list *api.Service: serializer for text/html; charset=utf-8 doesn't exist
E0709 09:04:12.880000       1 reflector.go:216] pkg/dns/dns.go:127: Failed to list *api.Endpoints: serializer for text/html; charset=utf-8 doesn't exist
I0709 09:04:13.582561       1 dns.go:145] Ignoring error while waiting for service default/kubernetes: serializer for text/html; charset=utf-8 doesn't exist. Sleeping 1s before retrying.

这一个似乎是一个仍然开放的错误

有效的解决方法是在kubelet挂载中添加rslave选项，如--volume=/var/lib/kubelet:/var/lib/kubelet:rw，rslave，如下所示

此解决方案也依赖于平台。阅读错误报告中的注释

## Start kubernetes master
sudo docker run \
--volume=/:/rootfs:ro \
--volume=/sys:/sys:ro \
--volume=/var/lib/docker/:/var/lib/docker:rw \
**--volume=/var/lib/kubelet:/var/lib/kubelet:rw,rslave** \
--volume=/var/run:/var/run:rw \
--net=host \
--privileged=true \
--pid=host \
-d \
gcr.io/google_containers/hyperkube-amd64:${K8S_VERSION} \
/hyperkube kubelet \
    --allow-privileged=true \
    --api-servers=http://localhost:8080 \
    --v=2 \
    --address=0.0.0.0 \
    --enable-server \
    --hostname-override=127.0.0.1 \
    --config=/etc/kubernetes/manifests-multi \
    --containerized \
    --cluster-dns=10.0.0.10 \
    --cluster-domain=cluster.local