现在无法在 AWS 上安装 autoscaler?
Can't install autoscaler on AWS now?
在 AWS 上安装 autoscaler 时:
https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler/cloudprovider/aws
出现错误:
cluster-autoscaler-5f69cdcd84-4kpqw 0/1 RunContainerError 0 3s
查看详情:
$ kubectl describe po cluster-autoscaler-5b454d874c-4f85w -n kube-system
...
Last State: Terminated
Reason: ContainerCannotRun
Message: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: container init caused \"rootfs_linux.go:54: mounting \\"/etc/ssl/certs/ca-certificates.crt\\" to rootfs \\"/var/lib/docker/overlay/f45f8b9b739167c3b6bb5
275c7ca6285508b52ecf940b3759e3ca99b87fadd53/merged\\" at \\"/var/lib/docker/overlay/f45f8b9b739167c3b6bb5275c7ca6285508b52ecf940b3759e3ca99b87fadd53/merged/etc/ssl/certs/ca-certificates.crt\\" caused \\"not a directory\\"\""
: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 55s default-scheduler Successfully assigned cluster-autoscaler-5b454d874c-4f85w to ip-100.200.0.1.ap-northeast-1.compute.internal
Normal SuccessfulMountVolume 55s kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal MountVolume.SetUp succeeded for volume "ssl-certs"
Normal SuccessfulMountVolume 55s kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal MountVolume.SetUp succeeded for volume "default-token-2wmct"
Warning Failed 53s kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal Error: failed to start container "cluster-autoscaler": Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux
.go:359: container init caused \"rootfs_linux.go:54: mounting \\"/etc/ssl/certs/ca-certificates.crt\\" to rootfs \\"/var/lib/docker/overlay/3796432b43abb86f70886e31d3bc555bd6beb54a2854d1e09ee6cdc74cab3af3/merged\\" at \\"/var/lib/docker/overlay/3796432b43abb86f70886e
31d3bc555bd6beb54a2854d1e09ee6cdc74cab3af3/merged/etc/ssl/certs/ca-certificates.crt\\" caused \\"not a directory\\"\""
: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
Warning Failed 51s kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal Error: failed to start container "cluster-autoscaler": Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: contain
er init caused \"rootfs_linux.go:54: mounting \\"/etc/ssl/certs/ca-certificates.crt\\" to rootfs \\"/var/lib/docker/overlay/2c1fac03d81e1e77df060a70035adf2442840705198e5c887825bc3b1eb80f8f/merged\\" at \\"/var/lib/docker/overlay/2c1fac03d81e1e77df060a70035adf24428407
05198e5c887825bc3b1eb80f8f/merged/etc/ssl/certs/ca-certificates.crt\\" caused \\"not a directory\\"\""
: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
Warning Failed 33s kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal Error: failed to start container "cluster-autoscaler": Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: contain
er init caused \"rootfs_linux.go:54: mounting \\"/etc/ssl/certs/ca-certificates.crt\\" to rootfs \\"/var/lib/docker/overlay/f45f8b9b739167c3b6bb5275c7ca6285508b52ecf940b3759e3ca99b87fadd53/merged\\" at \\"/var/lib/docker/overlay/f45f8b9b739167c3b6bb5275c7ca6285508b52
ecf940b3759e3ca99b87fadd53/merged/etc/ssl/certs/ca-certificates.crt\\" caused \\"not a directory\\"\""
: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
Warning BackOff 22s (x2 over 47s) kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal Back-off restarting failed container
Normal Pulling 8s (x4 over 55s) kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal pulling image "k8s.gcr.io/cluster-autoscaler:v0.6.0"
Normal Created 7s (x4 over 53s) kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal Created container
Warning FailedSync 7s (x6 over 53s) kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal Error syncing pod
Normal Pulled 7s (x4 over 53s) kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal Successfully pulled image "k8s.gcr.io/cluster-autoscaler:v0.6.0"
是图片 k8s.gcr.io/cluster-autoscaler:v0.6.0 问题吗?
您 运行 在 AWS 上使用的是哪个版本的 Kubernetes?如果你是 运行 Kubernetes 1.8+
,请参考 compatibility matrix. You also may find my pull request 对 Kops 的帮助
问题似乎与 CA 证书挂载有关。意思是 Check if the specified host path exists and is the expected type.
cluster-autoscaler 镜像不附带任何 CA 证书,因此您必须将它们从主机安装到容器中。也许您正在使用的 OS 将这些证书放在不同的位置?检查主机上是否存在 /etc/ssl/certs/ca-certificates.crt,如果不存在,找出主机上 CA 证书的正确路径并相应地更新部署的 volume: 配置。
在AWS EKS(Elastic Kubernetes Service)上,cluster-autoscaler所需的sslCertPath似乎确实是/etc/ssl/certs/ca-bundle.crt
示例:
helm install stable/cluster-autoscaler
--set "autoscalingGroups[0].name=myasgname-worker-nodes-3-NodeGroup-HHTVNI2VF9DF,autoscalingGroups[0].maxSize=10,autoscalingGroups[0].minSize=2"
--name cluster-autoscaler
--namespace kube-system
--set rbac.create=true
--set sslCertPath=/etc/ssl/certs/ca-bundle.crt
在 AWS 上安装 autoscaler 时:
https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler/cloudprovider/aws
出现错误:
cluster-autoscaler-5f69cdcd84-4kpqw 0/1 RunContainerError 0 3s
查看详情:
$ kubectl describe po cluster-autoscaler-5b454d874c-4f85w -n kube-system
...
Last State: Terminated
Reason: ContainerCannotRun
Message: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: container init caused \"rootfs_linux.go:54: mounting \\"/etc/ssl/certs/ca-certificates.crt\\" to rootfs \\"/var/lib/docker/overlay/f45f8b9b739167c3b6bb5
275c7ca6285508b52ecf940b3759e3ca99b87fadd53/merged\\" at \\"/var/lib/docker/overlay/f45f8b9b739167c3b6bb5275c7ca6285508b52ecf940b3759e3ca99b87fadd53/merged/etc/ssl/certs/ca-certificates.crt\\" caused \\"not a directory\\"\""
: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 55s default-scheduler Successfully assigned cluster-autoscaler-5b454d874c-4f85w to ip-100.200.0.1.ap-northeast-1.compute.internal
Normal SuccessfulMountVolume 55s kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal MountVolume.SetUp succeeded for volume "ssl-certs"
Normal SuccessfulMountVolume 55s kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal MountVolume.SetUp succeeded for volume "default-token-2wmct"
Warning Failed 53s kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal Error: failed to start container "cluster-autoscaler": Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux
.go:359: container init caused \"rootfs_linux.go:54: mounting \\"/etc/ssl/certs/ca-certificates.crt\\" to rootfs \\"/var/lib/docker/overlay/3796432b43abb86f70886e31d3bc555bd6beb54a2854d1e09ee6cdc74cab3af3/merged\\" at \\"/var/lib/docker/overlay/3796432b43abb86f70886e
31d3bc555bd6beb54a2854d1e09ee6cdc74cab3af3/merged/etc/ssl/certs/ca-certificates.crt\\" caused \\"not a directory\\"\""
: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
Warning Failed 51s kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal Error: failed to start container "cluster-autoscaler": Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: contain
er init caused \"rootfs_linux.go:54: mounting \\"/etc/ssl/certs/ca-certificates.crt\\" to rootfs \\"/var/lib/docker/overlay/2c1fac03d81e1e77df060a70035adf2442840705198e5c887825bc3b1eb80f8f/merged\\" at \\"/var/lib/docker/overlay/2c1fac03d81e1e77df060a70035adf24428407
05198e5c887825bc3b1eb80f8f/merged/etc/ssl/certs/ca-certificates.crt\\" caused \\"not a directory\\"\""
: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
Warning Failed 33s kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal Error: failed to start container "cluster-autoscaler": Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: contain
er init caused \"rootfs_linux.go:54: mounting \\"/etc/ssl/certs/ca-certificates.crt\\" to rootfs \\"/var/lib/docker/overlay/f45f8b9b739167c3b6bb5275c7ca6285508b52ecf940b3759e3ca99b87fadd53/merged\\" at \\"/var/lib/docker/overlay/f45f8b9b739167c3b6bb5275c7ca6285508b52
ecf940b3759e3ca99b87fadd53/merged/etc/ssl/certs/ca-certificates.crt\\" caused \\"not a directory\\"\""
: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
Warning BackOff 22s (x2 over 47s) kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal Back-off restarting failed container
Normal Pulling 8s (x4 over 55s) kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal pulling image "k8s.gcr.io/cluster-autoscaler:v0.6.0"
Normal Created 7s (x4 over 53s) kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal Created container
Warning FailedSync 7s (x6 over 53s) kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal Error syncing pod
Normal Pulled 7s (x4 over 53s) kubelet, ip-100.200.0.1.ap-northeast-1.compute.internal Successfully pulled image "k8s.gcr.io/cluster-autoscaler:v0.6.0"
是图片 k8s.gcr.io/cluster-autoscaler:v0.6.0 问题吗?
您 运行 在 AWS 上使用的是哪个版本的 Kubernetes?如果你是 运行 Kubernetes 1.8+
,请参考 compatibility matrix. You also may find my pull request 对 Kops 的帮助问题似乎与 CA 证书挂载有关。意思是 Check if the specified host path exists and is the expected type.
cluster-autoscaler 镜像不附带任何 CA 证书,因此您必须将它们从主机安装到容器中。也许您正在使用的 OS 将这些证书放在不同的位置?检查主机上是否存在 /etc/ssl/certs/ca-certificates.crt,如果不存在,找出主机上 CA 证书的正确路径并相应地更新部署的 volume: 配置。
在AWS EKS(Elastic Kubernetes Service)上,cluster-autoscaler所需的sslCertPath似乎确实是/etc/ssl/certs/ca-bundle.crt
示例:
helm install stable/cluster-autoscaler
--set "autoscalingGroups[0].name=myasgname-worker-nodes-3-NodeGroup-HHTVNI2VF9DF,autoscalingGroups[0].maxSize=10,autoscalingGroups[0].minSize=2"
--name cluster-autoscaler
--namespace kube-system
--set rbac.create=true
--set sslCertPath=/etc/ssl/certs/ca-bundle.crt