我尝试安装 Consul HA 以在 OpenShift 平台上配置我的 Vault HA。我首先使用 Consul Helm chart 安装它,我可以使用一些 SCC 为我的客户端和服务器 serviceAccounts 成功安装它。后来,我想通过这个 helm 部署带有 ACL init 的 consul,但我遇到了一个错误。
首先使用 helm 安装 consul:
helm upgrade -i consul-ha --namespace vault consul/ --set ui.enabled=true --set global.acls.manageSystemACLs=true
然后我的豆荚很快就会出错:
oc get pods
NAME READY STATUS RESTARTS AGE
consul-ha-consul-622vr 0/1 Init:0/1 0 43s
consul-ha-consul-kxj4n 0/1 Init:0/1 0 43s
consul-ha-consul-server-0 0/1 Running 0 43s
consul-ha-consul-server-1 0/1 ContainerCreating 0 43s
consul-ha-consul-server-2 0/1 Pending 0 43s
consul-ha-consul-server-acl-init-8jf44 0/1 Error 0 33s
consul-ha-consul-server-acl-init-cleanup-dg5dk 0/1 ContainerCreating 0 14s
consul-ha-consul-server-acl-init-cleanup-xfq4m 0/1 Error 0 42s
consul-ha-consul-server-acl-init-l86r6 0/1 Error 0 43s
consul-ha-consul-wz4mf 0/1 Init:0/1 0 43s
我在描述 acl-init pod 时收到此错误:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled <unknown> default-scheduler Successfully assigned vault/consul-ha-consul-server-acl-init-hrsk2 to compute-1
Warning Failed 2m12s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:46:12Z" level=warning msg="signal: killed"
time="2020-10-05T07:46:12Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:449: container init caused \\\"read init-p: connection reset by peer\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"read init-p: connection reset by peer\""
Warning Failed 2m3s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:46:22Z" level=warning msg="signal: killed"
time="2020-10-05T07:46:22Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:365: sending config to init process caused \\\"write init-p: broken pipe\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:365: sending config to init process caused \"write init-p: broken pipe\""
Warning Failed 114s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:46:31Z" level=fatal msg="join_namespaces:542 nsenter: failed to open /proc/1372777/ns/ipc: No such file or directory"
time="2020-10-05T07:46:31Z" level=fatal msg="nsexec:724 nsenter: failed to sync with child: next state: Invalid argument"
time="2020-10-05T07:46:31Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:319: getting the final child's pid from pipe caused \\\"EOF\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:319: getting the final child's pid from pipe caused \"EOF\""
Warning Failed 103s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:46:42Z" level=warning msg="signal: killed"
time="2020-10-05T07:46:42Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:449: container init caused \\\"read init-p: connection reset by peer\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"read init-p: connection reset by peer\""
Warning Failed 94s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:46:51Z" level=warning msg="signal: killed"
time="2020-10-05T07:46:51Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:365: sending config to init process caused \\\"write init-p: broken pipe\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:365: sending config to init process caused \"write init-p: broken pipe\""
Warning Failed 81s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:47:04Z" level=fatal msg="join_namespaces:542 nsenter: failed to open /proc/1376195/ns/ipc: No such file or directory"
time="2020-10-05T07:47:04Z" level=fatal msg="nsexec:724 nsenter: failed to sync with child: next state: Invalid argument"
time="2020-10-05T07:47:04Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:319: getting the final child's pid from pipe caused \\\"EOF\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:319: getting the final child's pid from pipe caused \"EOF\""
Warning Failed 73s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:47:12Z" level=fatal msg="join_namespaces:542 nsenter: failed to open /proc/1377778/ns/ipc: No such file or directory"
time="2020-10-05T07:47:12Z" level=fatal msg="nsexec:724 nsenter: failed to sync with child: next state: Invalid argument"
time="2020-10-05T07:47:12Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:319: getting the final child's pid from pipe caused \\\"EOF\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:319: getting the final child's pid from pipe caused \"EOF\""
Normal SandboxChanged 62s (x8 over 2m12s) kubelet, compute-1 Pod sandbox changed, it will be killed and re-created.
Warning Failed 62s kubelet, compute-1 Error: container create failed: time="2020-10-05T07:47:23Z" level=warning msg="signal: killed"
time="2020-10-05T07:47:23Z" level=error msg="container_linux.go:349: starting container process caused \"process_linux.go:449: container init caused \\\"read init-p: connection reset by peer\\\"\""
container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"read init-p: connection reset by peer\""
Normal Pulled 56s (x9 over 2m19s) kubelet, compute-1 Container image "hashicorp/consul-k8s:0.18.1" already present on machine
我不知道发生了什么事。对此有任何想法吗?