Fatal编程技术网
  • image/
  • Image Can';现在不能在AWS上安装autoscaler吗?

Image Can';现在不能在AWS上安装autoscaler吗?

image amazon-web-services kubernetes

Image Can';现在不能在AWS上安装autoscaler吗?,image,amazon-web-services,kubernetes,containers,autoscaling,Image,Amazon Web Services,Kubernetes,Containers,Autoscaling,在AWS上安装自动缩放仪时,如下所示: 出现错误: cluster-autoscaler-5f69cdcd84-4kpqw 0/1 RunContainerError 0 3s 详情见: $ kubectl describe po cluster-autoscaler-5b454d874c-4f85w -n kube-system ... Last State: Terminated Reason: ContainerCannotRun Messa

在AWS上安装自动缩放仪时,如下所示:

出现错误:

cluster-autoscaler-5f69cdcd84-4kpqw  0/1  RunContainerError   0   3s
详情见:

$ kubectl describe po cluster-autoscaler-5b454d874c-4f85w -n kube-system
...
Last State:  Terminated
      Reason:    ContainerCannotRun
      Message:   oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: container init caused \"rootfs_linux.go:54: mounting \\\"/etc/ssl/certs/ca-certificates.crt\\\" to rootfs \\\"/var/lib/docker/overlay/f45f8b9b739167c3b6bb5
275c7ca6285508b52ecf940b3759e3ca99b87fadd53/merged\\\" at \\\"/var/lib/docker/overlay/f45f8b9b739167c3b6bb5275c7ca6285508b52ecf940b3759e3ca99b87fadd53/merged/etc/ssl/certs/ca-certificates.crt\\\" caused \\\"not a directory\\\"\""
: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
...
Events:
  Type     Reason                 Age   From                                                      Message
  ----     ------                 ----  ----                                                      -------
  Normal   Scheduled              55s   default-scheduler                                         Successfully assigned cluster-autoscaler-5b454d874c-4f85w to ip-100.200.0.1.ap-northeast-1.compute.internal
  Normal   SuccessfulMountVolume  55s   kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal  MountVolume.SetUp succeeded for volume "ssl-certs"
  Normal   SuccessfulMountVolume  55s   kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal  MountVolume.SetUp succeeded for volume "default-token-2wmct"
  Warning  Failed                 53s   kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal  Error: failed to start container "cluster-autoscaler": Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux
.go:359: container init caused \"rootfs_linux.go:54: mounting \\\"/etc/ssl/certs/ca-certificates.crt\\\" to rootfs \\\"/var/lib/docker/overlay/3796432b43abb86f70886e31d3bc555bd6beb54a2854d1e09ee6cdc74cab3af3/merged\\\" at \\\"/var/lib/docker/overlay/3796432b43abb86f70886e
31d3bc555bd6beb54a2854d1e09ee6cdc74cab3af3/merged/etc/ssl/certs/ca-certificates.crt\\\" caused \\\"not a directory\\\"\""
: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
  Warning  Failed  51s  kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal  Error: failed to start container "cluster-autoscaler": Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: contain
er init caused \"rootfs_linux.go:54: mounting \\\"/etc/ssl/certs/ca-certificates.crt\\\" to rootfs \\\"/var/lib/docker/overlay/2c1fac03d81e1e77df060a70035adf2442840705198e5c887825bc3b1eb80f8f/merged\\\" at \\\"/var/lib/docker/overlay/2c1fac03d81e1e77df060a70035adf24428407
05198e5c887825bc3b1eb80f8f/merged/etc/ssl/certs/ca-certificates.crt\\\" caused \\\"not a directory\\\"\""
: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
  Warning  Failed  33s  kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal  Error: failed to start container "cluster-autoscaler": Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: contain
er init caused \"rootfs_linux.go:54: mounting \\\"/etc/ssl/certs/ca-certificates.crt\\\" to rootfs \\\"/var/lib/docker/overlay/f45f8b9b739167c3b6bb5275c7ca6285508b52ecf940b3759e3ca99b87fadd53/merged\\\" at \\\"/var/lib/docker/overlay/f45f8b9b739167c3b6bb5275c7ca6285508b52
ecf940b3759e3ca99b87fadd53/merged/etc/ssl/certs/ca-certificates.crt\\\" caused \\\"not a directory\\\"\""
: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
  Warning  BackOff     22s (x2 over 47s)  kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal  Back-off restarting failed container
  Normal   Pulling     8s (x4 over 55s)   kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal  pulling image "k8s.gcr.io/cluster-autoscaler:v0.6.0"
  Normal   Created     7s (x4 over 53s)   kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal  Created container
  Warning  FailedSync  7s (x6 over 53s)   kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal  Error syncing pod
  Normal   Pulled      7s (x4 over 53s)   kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal  Successfully pulled image "k8s.gcr.io/cluster-autoscaler:v0.6.0"
这是映像
k8s.gcr.io/cluster autoscaler:v0.6.0
问题吗?

您在AWS上运行的Kubernetes是什么版本?请参阅。如果您正在运行Kubernetes 1.8+

您在AWS上运行的Kubernetes版本是什么,您可能会发现Kops也很有用?请参阅。如果您正在运行Kubernetes 1.8+

的话,您可能会发现Kops对您很有帮助。问题似乎与CA证书装载有关。它的意思是
检查指定的主机路径是否存在,是否为预期类型

群集autoscaler映像没有任何CA证书,因此您必须将它们从主机装载到容器中。也许您正在使用的操作系统将这些证书放在不同的位置?检查主机上是否存在
/etc/ssl/certs/ca certificates.crt
,如果不存在,请找出主机上ca证书的正确路径,并相应地更新部署的
卷:
配置。

问题似乎与ca证书装载有关。它的意思是
检查指定的主机路径是否存在,是否为预期类型

群集autoscaler映像没有任何CA证书,因此您必须将它们从主机装载到容器中。也许您正在使用的操作系统将这些证书放在不同的位置?检查主机上是否存在
/etc/ssl/certs/ca certificates.crt
,如果不存在,请找出主机上ca证书的正确路径,并相应地更新部署的
卷:
配置。

在AWS EKS(弹性Kubernetes服务)上,群集自动缩放器所需的sslCertPath似乎确实是
/etc/ssl/certs/ca bundle.crt

例如:

helm install stable/cluster-autoscaler 
  --set "autoscalingGroups[0].name=myasgname-worker-nodes-3-NodeGroup-HHTVNI2VF9DF,autoscalingGroups[0].maxSize=10,autoscalingGroups[0].minSize=2" 
  --name cluster-autoscaler
  --namespace kube-system 
  --set rbac.create=true 
  --set sslCertPath=/etc/ssl/certs/ca-bundle.crt
在AWS EKS(弹性Kubernetes服务)上,群集自动缩放器所需的sslCertPath似乎确实是
/etc/ssl/certs/ca bundle.crt

例如:

helm install stable/cluster-autoscaler 
  --set "autoscalingGroups[0].name=myasgname-worker-nodes-3-NodeGroup-HHTVNI2VF9DF,autoscalingGroups[0].maxSize=10,autoscalingGroups[0].minSize=2" 
  --name cluster-autoscaler
  --namespace kube-system 
  --set rbac.create=true 
  --set sslCertPath=/etc/ssl/certs/ca-bundle.crt
非常感谢你。这也许就是原因!我在主机上查看了
/etc/ssl/certs/
路径下的
crt
文件。未找到
ca证书.crt
,但具有
ca bundle.crt
ca bundle.trust.crt
。我使用
ca bundle.crt
设置到清单文件中并再次运行。它也失败了。这次,错误是:
警告失败同步3m(16小时x4411)kubelet,ip-11.22.33.44.ap-northeast-1.compute.internal error Synching pod
(我更改了ip名称)。是的
ca bundle.crt
听起来不错。如果没有更多信息,很难说这个新错误是什么。如果你对此不确定,请发布另一个问题,并提供更多细节,或者跳到Kubernetes slack上,在那里问这个问题(那里有很多有帮助的人)。等待片刻。吊舱成功了!我不确定它为什么会出现
FailedSync
错误。而且,当我试图在k8s集群中安装
alertmanager
时,它也遇到了同样的
FailedSync
问题。但是其他与普罗米修斯相关的豆荚进展顺利。非常感谢。这也许就是原因!我在主机上查看了
/etc/ssl/certs/
路径下的
crt
文件。未找到
ca证书.crt
,但具有
ca bundle.crt
ca bundle.trust.crt
。我使用
ca bundle.crt
设置到清单文件中并再次运行。它也失败了。这次,错误是:
警告失败同步3m(16小时x4411)kubelet,ip-11.22.33.44.ap-northeast-1.compute.internal error Synching pod
(我更改了ip名称)。是的
ca bundle.crt
听起来不错。如果没有更多信息,很难说这个新错误是什么。如果你对此不确定,请发布另一个问题,并提供更多细节,或者跳到Kubernetes slack上,在那里问这个问题(那里有很多有帮助的人)。等待片刻。吊舱成功了!我不确定它为什么会出现
FailedSync
错误。而且,当我试图在k8s集群中安装
alertmanager
时,它也遇到了同样的
FailedSync
问题。但其他与普罗米修斯相关的吊舱运行良好。我使用的是1.8.4。我使用的是1.8.4。