kubernetes 在WSL2上安装Istio失败,pod出现“FailedMount”

bogh5gae  于 2023-08-03  发布在  Kubernetes
关注(0)|答案(2)|浏览(141)

我已经在WSL2(Ubuntu发行版)上使用kind设置了一个本地kubernetes集群。我成功地创建了一个集群。然后我尝试使用helm按照documentation安装istio。
在我使用kubectl get pods -n istio-system检查istio pod的状态并得到响应之前,一切看起来都很好

istio-egressgateway-645df98b64-tml4k    0/1     ContainerCreating   0          39m
istio-ingressgateway-6c7f679666-lxj8r   0/1     ContainerCreating   0          39m
istiod-657558ff59-fhpgl                 0/1     ContainerCreating   0          39m

字符串
Pod继续保持ContainerCreating状态。因此,我使用kubectl describe pod -n istio-system istio-egressgateway-645df98b64-tml4k检查了pod,并看到以下带有警告的事件:

Events:
  Type     Reason       Age                   From               Message
  ----     ------       ----                  ----               -------
  Normal   Scheduled    27m                   default-scheduler  Successfully assigned istio-system/istio-egressgateway-645df98b64-tml4k to msg-local-worker2
  Warning  FailedMount  25m                   kubelet            Unable to attach or mount volumes: unmounted volumes=[istio-token istiod-ca-cert], unattached volumes=[istio-token podinfo istio-envoy istio-data egressgateway-ca-certs config-volume egressgateway-certs istio-egressgateway-service-account-token-2k6nv istiod-ca-cert]: timed out waiting for the condition
  Warning  FailedMount  22m                   kubelet            Unable to attach or mount volumes: unmounted volumes=[istio-token istiod-ca-cert], unattached volumes=[istio-token istio-envoy istiod-ca-cert config-volume istio-data podinfo egressgateway-certs egressgateway-ca-certs istio-egressgateway-service-account-token-2k6nv]: timed out waiting for the condition
  Warning  FailedMount  20m (x11 over 27m)    kubelet            MountVolume.SetUp failed for volume "istio-token" : failed to fetch token: the API server does not have TokenRequest endpoints enabled
  Warning  FailedMount  20m                   kubelet            Unable to attach or mount volumes: unmounted volumes=[istiod-ca-cert istio-token], unattached volumes=[istio-envoy podinfo istiod-ca-cert istio-egressgateway-service-account-token-2k6nv istio-token config-volume egressgateway-certs istio-data egressgateway-ca-certs]: timed out waiting for the condition
  Warning  FailedMount  11m                   kubelet            Unable to attach or mount volumes: unmounted volumes=[istiod-ca-cert istio-token], unattached volumes=[podinfo istio-egressgateway-service-account-token-2k6nv istio-envoy config-volume istio-data istiod-ca-cert egressgateway-certs egressgateway-ca-certs istio-token]: timed out waiting for the condition
  Warning  FailedMount  7m2s (x3 over 9m16s)  kubelet            (combined from similar events): Unable to attach or mount volumes: unmounted volumes=[istio-token istiod-ca-cert], unattached volumes=[egressgateway-certs istio-envoy istio-token egressgateway-ca-certs istio-egressgateway-service-account-token-2k6nv istio-data istiod-ca-cert config-volume podinfo]: timed out waiting for the condition
  Warning  FailedMount  38s (x18 over 27m)    kubelet            MountVolume.SetUp failed for volume "istiod-ca-cert" : configmap "istio-ca-root-cert" not found

n3h0vuf2

n3h0vuf21#

多亏了这个GitHub issue,我们才能解决这个问题。我需要启用service account token volume projection
精确解为here。我将群集配置(kind-config.yaml)更改为

kind: Cluster
apiVersion: kind.sigs.k8s.io/v1alpha4
kubeadmConfigPatches:
  - |
    apiVersion: kubeadm.k8s.io/v1beta2
    kind: ClusterConfiguration
    metadata:
      name: config
    apiServer:
      extraArgs:
        "service-account-issuer": "kubernetes.default.svc"
        "service-account-signing-key-file": "/etc/kubernetes/pki/sa.key"
nodes:
  - role: control-plane
  - role: worker
  - role: worker

字符串
然后使用kind create cluster --name my-cluster --config ./kind-config.yaml启动集群。我在这个集群上正常安装了istio,现在pods正在运行。

6tqwzwtp

6tqwzwtp2#

验证kube-system命名空间中的配置Pod是否正在运行。
$>:kubectl -n kube-system get all
在我的例子中,有一些pod出现了ImagePullBackOff错误,我解决了图像的问题,并且pod正确运行,我能够正确安装istio。
$>:k-n istio-system get all
namespace istio-system, all runnning resources
minikube版本:v1.31.0提交:47aa 544e09f11f475f33e8d126f9eb15e34a4c0

相关问题