本文主要是介绍kubenetes基本操作,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
在用户认证等做完后无法运行
kubectl exec -it mysql-st2ch -- /bin/bash
报错如下:
error: unable to upgrade connection: Forbidden (user=system:anonymous, verb=create, resource=nodes, subresource=proxy)
解决办法:
[Tilyp@master yaml]$ kubectl create clusterrolebinding system:anonymous --clusterrole=cluster-admin --user=system:anonymous
clusterrolebinding.rbac.authorization.k8s.io/system:anonymous created
[Tilyp@master yaml]$
查看pod详情:
[Tilyp@master kubernetes]$ kubectl describe pod mysql-st2ch
Name: mysql-st2ch
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: 192.168.4.10/192.168.4.10
Start Time: Wed, 10 Apr 2019 14:28:39 +0800
Labels: app=mysql
Annotations: <none>
Status: Running
IP: 10.254.29.2
Controlled By: ReplicationController/mysql
Containers:mysql:Container ID: docker://047d9fe9c9045a550be80f5e9ba9ef9c40fb0b28c8ef455d74b3104e81345e59Image: mysqlImage ID: docker-pullable://mysql@sha256:a7cf659a764732a27963429a87eccc8457e6d4af0ee9d5140a3b56e74986eed7Port: 3306/TCPHost Port: 0/TCPState: RunningStarted: Wed, 10 Apr 2019 14:30:04 +0800Ready: TrueRestart Count: 0Environment:MYSQL_ROOT_PASSWORD: 123456Mounts:/var/run/secrets/kubernetes.io/serviceaccount from default-token-s95s4 (ro)
Conditions:Type StatusInitialized True Ready True ContainersReady True PodScheduled True
Volumes:default-token-s95s4:Type: Secret (a volume populated by a Secret)SecretName: default-token-s95s4Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300snode.kubernetes.io/unreachable:NoExecute for 300s
Events:Type Reason Age From Message---- ------ ---- ---- -------Normal Scheduled 47m default-scheduler Successfully assigned default/mysql-st2ch to 192.168.4.10Normal Pulling 47m kubelet, 192.168.4.10 pulling image "mysql"Normal Pulled 46m kubelet, 192.168.4.10 Successfully pulled image "mysql"Normal Created 46m kubelet, 192.168.4.10 Created containerNormal Started 46m kubelet, 192.168.4.10 Started container
查看service
[Tilyp@master kubernetes]$ kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.254.0.1 <none> 443/TCP 5d22h
mysql1 NodePort 10.254.32.117 <none> 3307:32309/TCP 20m
利用kubectl在容器中执行命令
kubectl exec -it podname -c containerName -n namespace -- shell comand
查看所有命名空间
[Tilyp@master AIKubeflow]$ kubectl get namespaces
NAME STATUS AGE
default Active 5d23h
kube-public Active 5d23h
kube-system Active 5d23h
kubeflow Active 10m
[Tilyp@master AIKubeflow]$
设置master可调度
kubectl taint node k8s-master2 node-role.kubernetes.io/master-
给节点设置角色
kubectl label node k8s-node3 node-role.kubernetes.io/node=node
批量删除Evicted 状态的pod
kubectl get pods | grep Evicted | awk '{print $1}' | xargs kubectl delete pod
在执行命令时遇到以下错误
error: error upgrading connection: unable to upgrade connection: Forbidden (user=system:anonymous, verb=create, resource=nodes, subresource=proxy)
临时解决办法
kubectl create clusterrolebinding system:anonymous --clusterrole=cluster-admin --user=system:anonymous
永久解决方案:1,https://stackoverflow.com/questions/44312745/kubernetes-rbac-unable-to-upgrade-connection-forbidden-user-systemanonymous
2,https://www.v2ex.com/t/533770
问题以解决,如有问题请加技术交流群:526855734
最近在做少儿编程培训机构,欢迎大家关注
这篇关于kubenetes基本操作的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!