Kubernetes 错误:无法启动修补程序证书循环mutatingwebhookconfigurations.admissionregistration.k8s.io“;istio侧车喷油器“;找不到
从头盔图表安装istio时,未找到“istio侧车喷油器”错误Kubernetes 错误:无法启动修补程序证书循环mutatingwebhookconfigurations.admissionregistration.k8s.io“;istio侧车喷油器“;找不到,kubernetes,kubernetes-helm,istio,azure-aks,Kubernetes,Kubernetes Helm,Istio,Azure Aks,从头盔图表安装istio时,未找到“istio侧车喷油器”错误 NAME READY STATUS RESTARTS AGE certmanager-b8dc8f99c-bw52l 1/1 Running 0 2m istio-citadel-5cf47dbf7c-2brk9 1/1
NAME READY STATUS RESTARTS AGE
certmanager-b8dc8f99c-bw52l 1/1 Running 0 2m
istio-citadel-5cf47dbf7c-2brk9 1/1 Running 0 2m
istio-galley-7898b587db-n44z9 1/1 Running 0 2m
istio-ingressgateway-5d88688454-wrxsr 2/2 Running 0 2m
istio-init-crd-10-5rkt6 0/1 Completed 0 2m
istio-init-crd-11-pg447 0/1 Completed 0 2m
istio-init-crd-12-mxrhz 0/1 Completed 0 2m
istio-pilot-57b48b77bf-nbjtv 2/2 Running 0 2m
istio-policy-769664fcf7-59v2n 2/2 Running 0 2m
istio-sidecar-injector-677bd5ccc5-ckql5 0/1 CrashLoopBackOff 4 2m
istio-telemetry-f5798dbb7-z6dvz 2/2 Running 1 2m
prometheus-776fdf7479-psrf5 1/1 Running 0 2m
Name: istio-sidecar-injector-677bd5ccc5-v4shl
Namespace: istio-system
Priority: 0
PriorityClassName: <none>
Node: aks-agentpool-17141372-2/10.240.0.66
Start Time: Thu, 26 Sep 2019 14:53:55 -0400
Labels: app=sidecarInjectorWebhook
chart=sidecarInjectorWebhook
heritage=Tiller
istio=sidecar-injector
pod-template-hash=677bd5ccc5
release=istio
Annotations: sidecar.istio.io/inject=false
Status: Running
IP: 10.240.0.93
Controlled By: ReplicaSet/istio-sidecar-injector-677bd5ccc5
Containers:
sidecar-injector-webhook:
Container ID: docker://e5c96af389797e7a0488cf0dac180ff3494fe8602c2cd7a50080e8a848be207a
Image: docker.io/istio/sidecar_injector:1.2.5
Image ID: docker-pullable://istio/sidecar_injector@sha256:6c281139337df6e2f96f3d883e5dc2a75cb6234986ae4f1cd3f9f324112b46eb
Port: <none>
Host Port: <none>
Args:
--caCertFile=/etc/istio/certs/root-cert.pem
--tlsCertFile=/etc/istio/certs/cert-chain.pem
--tlsKeyFile=/etc/istio/certs/key.pem
--injectConfig=/etc/istio/inject/config
--meshConfig=/etc/istio/config/mesh
--healthCheckInterval=2s
--healthCheckFile=/health
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 255
Started: Thu, 26 Sep 2019 14:55:32 -0400
Finished: Thu, 26 Sep 2019 14:55:32 -0400
Ready: False
Restart Count: 4
Requests:
cpu: 10m
Liveness: exec [/usr/local/bin/sidecar-injector probe --probe-path=/health --interval=4s] delay=4s timeout=1s period=4s #success=1 #failure=3
Readiness: exec [/usr/local/bin/sidecar-injector probe --probe-path=/health --interval=4s] delay=4s timeout=1s period=4s #success=1 #failure=3
Environment: <none>
Mounts:
/etc/istio/certs from certs (ro)
/etc/istio/config from config-volume (ro)
/etc/istio/inject from inject-config (ro)
/var/run/secrets/kubernetes.io/serviceaccount from istio-sidecar-injector-service-account-token-nxc4z (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
config-volume:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: istio
Optional: false
certs:
Type: Secret (a volume populated by a Secret)
SecretName: istio.istio-sidecar-injector-service-account
Optional: false
inject-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: istio-sidecar-injector
Optional: false
istio-sidecar-injector-service-account-token-nxc4z:
Type: Secret (a volume populated by a Secret)
SecretName: istio-sidecar-injector-service-account-token-nxc4z
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m default-scheduler Successfully assigned istio-system/istio-sidecar-injector-677bd5ccc5-v4shl to aks-agentpool-17141372-2
Warning BackOff 1m (x10 over 2m) kubelet, aks-agentpool-17141372-2 Back-off restarting failed container
Normal Pulled 1m (x5 over 2m) kubelet, aks-agentpool-17141372-2 Container image "docker.io/istio/sidecar_injector:1.2.5" already present on machine
Normal Created 1m (x5 over 2m) kubelet, aks-agentpool-17141372-2 Created container sidecar-injector-webhook
Normal Started 1m (x5 over 2m) kubelet, aks-agentpool-17141372-2 Started container sidecar-injector-webhook
名称:istio-sidecar-injector-677BD5CC5-v4shl
名称空间:istio系统
优先级:0
PriorityClassName:
节点:aks-agentpool-17141372-2/10.240.0.66
开始时间:2019年9月26日星期四14:53:55-0400
标签:app=sidecarInjectorWebhook
图表=侧边连接器Webhook
遗产=耕耘者
istio=侧车喷油器
pod模板哈希=677BD5CC5
释放
注释:sidecar.istio.io/inject=false
状态:正在运行
IP:10.240.0.93
控制人:ReplicaSet/istio-sidecar-injector-677BD5CC5
容器:
侧车喷油器钩:
容器ID:docker://e5c96af389797e7a0488cf0dac180ff3494fe8602c2cd7a50080e8a848be207a
图:docker.io/istio/sidecar_喷油器:1.2.5
图像ID:docker-pullable://istio/sidecar_injector@sha256:6c281139337df6e2f96f3d883e5dc2a75cb6234986ae4f1cd3f9f324112b46eb
端口:
主机端口:
Args:
--caCertFile=/etc/istio/certs/root-cert.pem
--tlsCertFile=/etc/istio/certs/cert-chain.pem
--tlsKeyFile=/etc/istio/certs/key.pem
--injectConfig=/etc/istio/inject/config
--meshConfig=/etc/istio/config/mesh
--healthCheckInterval=2s
--healthCheckFile=/health
国家:等待
原因:仓促退却
最后状态:终止
原因:错误
退出代码:255
开始时间:2019年9月26日星期四14:55:32-0400
完成时间:2019年9月26日星期四14:55:32-0400
就绪:错误
重新启动计数:4
请求:
中央处理器:10米
活跃度:exec[/usr/local/bin/sidecar injector probe--probe path=/health--interval=4s]delay=4s timeout=1s period=4s#成功=1#失败=3
准备就绪:exec[/usr/local/bin/sidecar injector probe--probe path=/health--interval=4s]delay=4s timeout=1s period=4s#success=1#failure=3
环境:
挂载:
/etc/istio/certs来自证书(ro)
/来自配置卷(ro)的etc/istio/config
/etc/istio/inject from inject config(ro)
/来自istio-sidecar-injector-service-account-token-nxc4z(ro)的var/run/secrets/kubernetes.io/serviceCount
条件:
类型状态
初始化为True
准备错误
集装箱准备好了吗
播客预定为真
卷数:
配置卷:
类型:ConfigMap(由ConfigMap填充的卷)
姓名:istio
可选:false
证书:
类型:Secret(由Secret填充的卷)
SecretName:istio.istio-sidecar-injector-service-account
可选:false
注入配置:
类型:ConfigMap(由ConfigMap填充的卷)
名称:istio侧车喷油器
可选:false
istio-sidecar-injector-service-account-token-nxc4z:
类型:Secret(由Secret填充的卷)
SecretName:istio-sidecar-injector-service-account-token-nxc4z
可选:false
QoS等级:Burstable
节点选择器:
容差:node.kubernetes.io/未就绪:不执行300秒
node.kubernetes.io/不可访问:不执行300秒
活动:
从消息中键入原因年龄
---- ------ ---- ---- -------
正常计划2m默认计划程序已成功将istio系统/istio-sidecar-injector-677BD5CC5-v4shl分配给aks-agentpool-17141372-2
警告后退1米(x10超过2米)kubelet,aks-agentpool-17141372-2后退重新启动失败的容器
正常牵引1米(x5超过2米)kubelet,aks-agentpool-17141372-2容器图像“docker.io/istio/sidecar_注射器:1.2.5”已出现在机器上
正常创建1米(x5超过2米)kubelet,aks-agentpool-17141372-2创建容器侧车喷油器钩网
正常启动1米(x5超过2米)kubelet,aks-agentpool-17141372-2启动容器侧车喷油器钩网
Name: istio-sidecar-injector-677bd5ccc5-v4shl
Namespace: istio-system
Priority: 0
PriorityClassName: <none>
Node: aks-agentpool-17141372-2/10.240.0.66
Start Time: Thu, 26 Sep 2019 14:53:55 -0400
Labels: app=sidecarInjectorWebhook
chart=sidecarInjectorWebhook
heritage=Tiller
istio=sidecar-injector
pod-template-hash=677bd5ccc5
release=istio
Annotations: sidecar.istio.io/inject=false
Status: Running
IP: 10.240.0.93
Controlled By: ReplicaSet/istio-sidecar-injector-677bd5ccc5
Containers:
sidecar-injector-webhook:
Container ID: docker://e5c96af389797e7a0488cf0dac180ff3494fe8602c2cd7a50080e8a848be207a
Image: docker.io/istio/sidecar_injector:1.2.5
Image ID: docker-pullable://istio/sidecar_injector@sha256:6c281139337df6e2f96f3d883e5dc2a75cb6234986ae4f1cd3f9f324112b46eb
Port: <none>
Host Port: <none>
Args:
--caCertFile=/etc/istio/certs/root-cert.pem
--tlsCertFile=/etc/istio/certs/cert-chain.pem
--tlsKeyFile=/etc/istio/certs/key.pem
--injectConfig=/etc/istio/inject/config
--meshConfig=/etc/istio/config/mesh
--healthCheckInterval=2s
--healthCheckFile=/health
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 255
Started: Thu, 26 Sep 2019 14:55:32 -0400
Finished: Thu, 26 Sep 2019 14:55:32 -0400
Ready: False
Restart Count: 4
Requests:
cpu: 10m
Liveness: exec [/usr/local/bin/sidecar-injector probe --probe-path=/health --interval=4s] delay=4s timeout=1s period=4s #success=1 #failure=3
Readiness: exec [/usr/local/bin/sidecar-injector probe --probe-path=/health --interval=4s] delay=4s timeout=1s period=4s #success=1 #failure=3
Environment: <none>
Mounts:
/etc/istio/certs from certs (ro)
/etc/istio/config from config-volume (ro)
/etc/istio/inject from inject-config (ro)
/var/run/secrets/kubernetes.io/serviceaccount from istio-sidecar-injector-service-account-token-nxc4z (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
config-volume:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: istio
Optional: false
certs:
Type: Secret (a volume populated by a Secret)
SecretName: istio.istio-sidecar-injector-service-account
Optional: false
inject-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: istio-sidecar-injector
Optional: false
istio-sidecar-injector-service-account-token-nxc4z:
Type: Secret (a volume populated by a Secret)
SecretName: istio-sidecar-injector-service-account-token-nxc4z
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m default-scheduler Successfully assigned istio-system/istio-sidecar-injector-677bd5ccc5-v4shl to aks-agentpool-17141372-2
Warning BackOff 1m (x10 over 2m) kubelet, aks-agentpool-17141372-2 Back-off restarting failed container
Normal Pulled 1m (x5 over 2m) kubelet, aks-agentpool-17141372-2 Container image "docker.io/istio/sidecar_injector:1.2.5" already present on machine
Normal Created 1m (x5 over 2m) kubelet, aks-agentpool-17141372-2 Created container sidecar-injector-webhook
Normal Started 1m (x5 over 2m) kubelet, aks-agentpool-17141372-2 Started container sidecar-injector-webhook
我不知道是什么导致了上述错误。CrashLoopBackOff状态表示pod正在启动并在循环中崩溃 因此,尝试调查
istio-sidecar-injector-677bd5ccc5-ckql5- MutatingWebhook和ValidatingWebhook插件需要在准入控制器插件列表中按照
- 用于创建群集
是否检查节点中资源的使用情况?您好。请显示
kubectl get mutatingwebhookconfigurationhelm模板而不是tiller
安装istio时,它起作用了。但是,我找不到真正的原因。