以目前最新的稳定版本1.17.2,memo一下Scheduler在集群初次部署时的问题。
[root@host131 ansible]# kubectl get node -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME 192.168.163.131 Ready4m19s v1.17.2 192.168.163.131CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://19.3.5 [root@host131 ansible]#问题现象
- 问题1
14462 reflector.go:153] k8s.io/kubernetes/cmd/kube-scheduler/app/server.go:246: Failed to list *v1.Pod: pods is forbidden: User "system:kube-scheduler" cannot list resource "pods" in API group "" at the cluster scope
- 问题2
14462 reflector.go:153] k8s.io/client-go/informers/factory.go:135: Failed to list *v1.StatefulSet: statefulsets.apps is forbidden: User "system:kube-scheduler" cannot list resource "statefulsets" in API group "apps" at the cluster scope
- 问题3
14462 reflector.go:153] k8s.io/client-go/informers/factory.go:135: Failed to list *v1.ReplicaSet: replicasets.apps is forbidden: User "system:kube-scheduler" cannot list resource "replicasets" in API group "apps" at the cluster scope
- 问题4
14462 reflector.go:153] k8s.io/client-go/informers/factory.go:135: Failed to list *v1.PersistentVolumeClaim: persistentvolumeclaims is forbidden: User "system:kube-scheduler" cannot list resource "persistentvolumeclaims" in API group "" at the cluster scope
- 问题5
14462 reflector.go:153] k8s.io/client-go/informers/factory.go:135: Failed to list *v1.CSINode: csinodes.storage.k8s.io is forbidden: User "system:kube-scheduler" cannot list resource "csinodes" in API group "storage.k8s.io" at the cluster scope
- 问题6
14462 reflector.go:153] k8s.io/client-go/informers/factory.go:135: Failed to list *v1.Node: nodes is forbidden: User "system:kube-scheduler" cannot list resource "nodes" in API group "" at the cluster scope
- 问题7
14462 reflector.go:153] k8s.io/client-go/informers/factory.go:135: Failed to list *v1beta1.PodDisruptionBudget: poddisruptionbudgets.policy is forbidden: User "system:kube-scheduler" cannot list resource "poddisruptionbudgets" in API group "policy" at the cluster scope
- 问题8
14462 scheduler.go:638] error selecting node for pod: no nodes available to schedule pods
- 问题9
14462 scheduler.go:638] error selecting node for pod: no nodes available to schedule pods
- 问题10
14462 factory.go:494] pod is already present in unschedulableQ对应方法
经确认运行正常,K8S其他动作也均正常,重新启动之后日志不再出现,只是在集群创建最初时会出现,经确认出现的Forbidden的在实际的clusterrole中权限均存在
[root@host131 ansible]# kubectl describe clusterrole system:kube-scheduler Name: system:kube-scheduler Labels: kubernetes.io/bootstrapping=rbac-defaults Annotations: rbac.authorization.kubernetes.io/autoupdate: true PolicyRule: Resources Non-Resource URLs Resource Names Verbs --------- ----------------- -------------- ----- events [] [] [create patch update] events.events.k8s.io [] [] [create patch update] bindings [] [] [create] endpoints [] [] [create] pods/binding [] [] [create] tokenreviews.authentication.k8s.io [] [] [create] subjectaccessreviews.authorization.k8s.io [] [] [create] leases.coordination.k8s.io [] [] [create] pods [] [] [delete get list watch] nodes [] [] [get list watch] persistentvolumeclaims [] [] [get list watch] persistentvolumes [] [] [get list watch] replicationcontrollers [] [] [get list watch] services [] [] [get list watch] replicasets.apps [] [] [get list watch] statefulsets.apps [] [] [get list watch] replicasets.extensions [] [] [get list watch] poddisruptionbudgets.policy [] [] [get list watch] csinodes.storage.k8s.io [] [] [get list watch] endpoints [] [kube-scheduler] [get update] leases.coordination.k8s.io [] [kube-scheduler] [get update] pods/status [] [] [patch update] [root@host131 ansible]#
暂定对应:重启scheduler
地址- https://github.com/liumiaocn/easypack/tree/master/k8s/ansible
