[TimLinux] k8s 故障分析全集

Posted TimLinux

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了[TimLinux] k8s 故障分析全集相关的知识,希望对你有一定的参考价值。

节点NotReady

Traints:

  • node.kubernetes.io/unreachable:NoExecute
  • node.kubernetes.io/unreachable:NoSchedule

解决办法:

  1. 查看 kube-controller-manager, kube-scheduler, kube-apiserver, kube-proxy 等的日志,都显示:
Error from server (InternalError): Internal error occurred: Authorization error 
(user=kube-apiserver-kubelet-client, verb=get, resource=nodes, subresource=proxy)
  1. 尝试登陆进去看下:
# kubectl -n kube-system exec -it kube-proxy-xxxx sh
error: unable to upgrade connection: Authorization error
(user=kube-apiserver-kubelet-client, verb=create, resource=nodes, subresource=proxy)
  1. 查看其它节点都 Kube-proxy 日志
kubectl -n kube-system logs kube-proxy-xxx
...
endpoints is forbidden: User "system:serviceaccount:kube-system:kube-proxy" cannot list resource "endpoints" in 
API group "" at the cluster scope: RBAC: [clusterrole.rbac.authorization.k8s.io "system:basic-user" not found,
clusterrole.rbac.authorization.k8s.io "system:node-proxier" not found,
clusterrole.rbac.authorization.k8s.io "system:discovery" not found,
clusterrole.rbac.authorization.k8s.io "system:public-info-viewer" not found]
...

以上是关于[TimLinux] k8s 故障分析全集的主要内容,如果未能解决你的问题,请参考以下文章

微服务从代码到k8s部署应有尽有系列全集

k8s学习-CKA真题-集群故障排查kubelet

k8s学习-CKA真题-集群故障排查kubelet

这些 K8S 日常故障处理集锦,运维请收藏~

K8S 日常故障处理集锦

JVM故障问题排查心得「内存诊断系列」Docker容器经常被kill掉,k8s中该节点的pod也被驱赶,怎么分析?