领事HA ACL初始化在OpenShift上失败
我尝试在OpenShift平台上安装Concur HA来配置我的Vault HA。我是第一个使用Concur Helm chart安装它的,我可以使用一些SCC为我的客户机和服务器服务帐户成功安装它。 后来,我想通过这个头盔部署带有ACL init的concur,但我遇到了一个错误 首先安装带头盔的领事:领事HA ACL初始化在OpenShift上失败,openshift,kubernetes-helm,acl,consul,vault,Openshift,Kubernetes Helm,Acl,Consul,Vault,我尝试在OpenShift平台上安装Concur HA来配置我的Vault HA。我是第一个使用Concur Helm chart安装它的,我可以使用一些SCC为我的客户机和服务器服务帐户成功安装它。 后来,我想通过这个头盔部署带有ACL init的concur,但我遇到了一个错误 首先安装带头盔的领事: helm upgrade -i consul-ha --namespace vault consul/ --set ui.enabled=true --set global.acls.mana
helm upgrade -i consul-ha --namespace vault consul/ --set ui.enabled=true --set global.acls.manageSystemACLs=true
oc get pods
NAME READY STATUS RESTARTS AGE
consul-ha-consul-622vr 0/1 Init:0/1 0 43s
consul-ha-consul-kxj4n 0/1 Init:0/1 0 43s
consul-ha-consul-server-0 0/1 Running 0 43s
consul-ha-consul-server-1 0/1 ContainerCreating 0 43s
consul-ha-consul-server-2 0/1 Pending 0 43s
consul-ha-consul-server-acl-init-8jf44 0/1 Error 0 33s
consul-ha-consul-server-acl-init-cleanup-dg5dk 0/1 ContainerCreating 0 14s
consul-ha-consul-server-acl-init-cleanup-xfq4m 0/1 Error 0 42s
consul-ha-consul-server-acl-init-l86r6 0/1 Error 0 43s
consul-ha-consul-wz4mf 0/1 Init:0/1 0 43s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled <unknown> default-scheduler Successfully assigned vault/consul-ha-consul-server-acl-init-hrsk2 to compute-1
Warning Failed 2m12s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:46:12Z" level=warning msg="signal: killed"
time="2020-10-05T07:46:12Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:449: container init caused \\\"read init-p: connection reset by peer\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"read init-p: connection reset by peer\""
Warning Failed 2m3s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:46:22Z" level=warning msg="signal: killed"
time="2020-10-05T07:46:22Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:365: sending config to init process caused \\\"write init-p: broken pipe\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:365: sending config to init process caused \"write init-p: broken pipe\""
Warning Failed 114s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:46:31Z" level=fatal msg="join_namespaces:542 nsenter: failed to open /proc/1372777/ns/ipc: No such file or directory"
time="2020-10-05T07:46:31Z" level=fatal msg="nsexec:724 nsenter: failed to sync with child: next state: Invalid argument"
time="2020-10-05T07:46:31Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:319: getting the final child's pid from pipe caused \\\"EOF\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:319: getting the final child's pid from pipe caused \"EOF\""
Warning Failed 103s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:46:42Z" level=warning msg="signal: killed"
time="2020-10-05T07:46:42Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:449: container init caused \\\"read init-p: connection reset by peer\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"read init-p: connection reset by peer\""
Warning Failed 94s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:46:51Z" level=warning msg="signal: killed"
time="2020-10-05T07:46:51Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:365: sending config to init process caused \\\"write init-p: broken pipe\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:365: sending config to init process caused \"write init-p: broken pipe\""
Warning Failed 81s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:47:04Z" level=fatal msg="join_namespaces:542 nsenter: failed to open /proc/1376195/ns/ipc: No such file or directory"
time="2020-10-05T07:47:04Z" level=fatal msg="nsexec:724 nsenter: failed to sync with child: next state: Invalid argument"
time="2020-10-05T07:47:04Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:319: getting the final child's pid from pipe caused \\\"EOF\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:319: getting the final child's pid from pipe caused \"EOF\""
Warning Failed 73s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:47:12Z" level=fatal msg="join_namespaces:542 nsenter: failed to open /proc/1377778/ns/ipc: No such file or directory"
time="2020-10-05T07:47:12Z" level=fatal msg="nsexec:724 nsenter: failed to sync with child: next state: Invalid argument"
time="2020-10-05T07:47:12Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:319: getting the final child's pid from pipe caused \\\"EOF\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:319: getting the final child's pid from pipe caused \"EOF\""
Normal SandboxChanged 62s (x8 over 2m12s) kubelet, compute-1 Pod sandbox changed, it will be killed and re-created.
Warning Failed 62s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:47:23Z" level=warning msg="signal: killed"
time="2020-10-05T07:47:23Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:449: container init caused \\\"read init-p: connection reset by peer\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"read init-p: connection reset by peer\""
Normal Pulled 56s (x9 over 2m19s) kubelet, compute-1 Container image "hashicorp/consul-k8s:0.18.1" already present on machine
事件:
从消息中键入原因年龄
---- ------ ---- ---- -------
正常计划的默认计划程序已成功将vault/consu-ha-consu-server-acl-init-hrsk2分配给compute-1
警告失败2m12s kubelet,计算-1错误:容器创建失败:time=“2020-10-05T07:46:12Z”level=Warning msg=“signal:killed”
time=“2020-10-05T07:46:12Z”level=error msg=“container\u linux.go:349:启动容器进程导致的\”进程导致的\”进程\ linux.go:449:容器初始化导致的\ \ \ \“读取初始化-p:对等方重置连接\\”“
container\u linux.go:349:启动容器进程导致“进程\u linux.go:449:容器初始化导致\”read init-p:对等方重置连接\“
警告失败2m3s kubelet,计算-1错误:容器创建失败:time=“2020-10-05T07:46:22Z”level=Warning msg=“signal:killed”
time=“2020-10-05T07:46:22Z”level=error msg=“container\u linux.go:349:启动容器进程导致的\”进程导致的\”进程\ linux.go:365:向初始化进程发送配置导致的\\\\\\“write init-p:断开的管道\\”
container_linux.go:349:启动容器进程导致“进程_linux.go:365:将配置发送到init进程导致\“write init-p:断管\”
警告失败114s kubelet,计算-1错误:容器创建失败:time=“2020-10-05T07:46:31Z”level=fatal msg=“join_namespaces:542 nsenter:Failed to open/proc/1372777/ns/ipc:没有这样的文件或目录”
time=“2020-10-05T07:46:31Z”level=fatal msg=“nsexec:724 nsenter:无法与子级同步:下一个状态:无效参数”
time=“2020-10-05T07:46:31Z”level=error msg=“container\u linux.go:349:starting container process caused\”process\u linux.go:319:从pipe caused\\\\“EOF\\”获取最终子级的pid
container_linux.go:349:启动container进程导致“process_linux.go:319:从管道获取最终子进程的pid导致“EOF”
警告失败103s kubelet,计算-1错误:容器创建失败:time=“2020-10-05T07:46:42Z”level=Warning msg=“signal:killed”
time=“2020-10-05T07:46:42Z”level=error msg=“container\u linux.go:349:starting container process caused\”process\u linux.go:449:container init caused\\\\“read init-p:connection reset by peer\\”“
container\u linux.go:349:启动容器进程导致“进程\u linux.go:449:容器初始化导致\”read init-p:对等方重置连接\“
警告失败94s kubelet,计算-1错误:容器创建失败:time=“2020-10-05T07:46:51Z”level=Warning msg=“信号:已终止”
time=“2020-10-05T07:46:51Z”level=error msg=“container\u linux.go:349:启动容器进程引起的\”进程引起的\”进程\ linux.go:365:向初始化进程发送配置引起的\\\\\\“write init-p:断管\\”
container_linux.go:349:启动容器进程导致“进程_linux.go:365:将配置发送到init进程导致\“write init-p:断管\”
警告失败81s kubelet,计算-1错误:容器创建失败:time=“2020-10-05T07:47:04Z”level=fatal msg=“join_namespaces:542 nsenter:无法打开/proc/1376195/ns/ipc:没有这样的文件或目录”
time=“2020-10-05T07:47:04Z”level=fatal msg=“nsexec:724 nsenter:无法与子级同步:下一个状态:无效参数”
time=“2020-10-05T07:47:04Z”level=error msg=“container\u linux.go:349:启动容器进程引起的\”进程引起的\”进程引起的\”linux.go:319:从管道引起的\\\\“EOF\\”获取最终子进程的pid
container_linux.go:349:启动container进程导致“process_linux.go:319:从管道获取最终子进程的pid导致“EOF”
警告失败73s kubelet,计算-1错误:容器创建失败:time=“2020-10-05T07:47:12Z”level=fatal msg=“join_namespaces:542 nsenter:Failed to open/proc/1377778/ns/ipc:没有这样的文件或目录”
time=“2020-10-05T07:47:12Z”level=fatal msg=“nsexec:724 nsenter:无法与子级同步:下一个状态:无效参数”
time=“2020-10-05T07:47:12Z”level=error msg=“container\u linux.go:349:启动容器进程引起的\”进程引起的\”进程引起的\”linux.go:319:从管道引起的\\\\\“EOF\\”获取最终子进程的pid
container_linux.go:349:启动container进程导致“process_linux.go:319:从管道获取最终子进程的pid导致“EOF”
正常沙箱更改62s(x8/2m12s)kubelet,compute-1吊舱沙箱更改,它将被杀死并重新创建。
警告失败62s kubelet,计算-1错误:容器创建失败:time=“2020-10-05T07:47:23Z”level=Warning msg=“信号:已终止”
time=“2020-10-05T07:47:23Z”level=error msg=“container\u linux.go:349:启动容器进程导致的\”进程导致的\”进程\ linux.go:449:容器初始化导致的\ \ \ \“读取初始化-p:对等方重置连接\\”“
container\u linux.go:349:启动容器进程导致“进程\u linux.go:449:容器初始化导致\”read init-p:对等方重置连接\“
正常拉动56s(x9超过2m19s)kubelet,计算机上已存在compute-1容器映像“hashicorp/Concur-k8s:0.18.1”
我不知道发生了什么事。对此有何想法?Consour Helm版本0.25.0刚刚发布(2020年10月12日),其中包括对在OpenShift 4.x上部署的支持。有关详细信息,请参阅。我建议升级到此版本的图表,同时确保在
helm安装期间设置global.openshift.enabled=true
,并查看这是否解决了您的错误。好的,我将尝试并尽快给出反馈。谢谢