K8S groundnuty/k8s-wait-for 镜像无法作为 init 容器启动(带 helm)
K8S groundnuty/k8s-wait-for image failing to start as init container (with helm)
我遇到了图像问题 groundnuty/k8s-wait-for。项目 github and repo at dockerhub.
我很确定错误出在命令参数中,因为初始化容器因 Init:CrashLoopBackOff.
而失败
关于图片:
此图像用于需要推迟 pod 部署的 init 容器。图像中的脚本等待 pod 或作业完成,完成后它让主容器和所有副本开始部署。
在我的示例中,它应该等待名为 {{ .Release.Name }}-os-server-migration-{{ .Release.Revision }} 的作业完成,并且在检测到它完成后它应该让主容器启动。使用 Helm 模板。
据我了解,作业名称是 {{ .Release.Name }}-os-server-migration-{{ .Release.Revision }} 并且 deployment.yml 中 init 容器的第二个命令参数需要相同,以便 init 容器可以依赖命名的工作。对于这种方法还有其他意见或经验吗?
附有模板。
DEPLOYMENT.YML:
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-os-{{ .Release.Revision }}
namespace: {{ .Values.namespace }}
labels:
app: {{ .Values.fullname }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ .Values.fullname }}
template:
metadata:
labels:
app: {{ .Values.fullname }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 8080
resources:
{{- toYaml .Values.resources | nindent 12 }}
initContainers:
- name: "{{ .Chart.Name }}-init"
image: "groundnuty/k8s-wait-for:v1.3"
imagePullPolicy: "{{ .Values.init.pullPolicy }}"
args:
- "job"
- "{{ .Release.Name }}-os-server-migration-{{ .Release.Revision }}"
JOB.YML:
apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Release.Name }}-os-server-migration-{{ .Release.Revision }}
namespace: {{ .Values.migration.namespace }}
spec:
backoffLimit: {{ .Values.migration.backoffLimit }}
template:
spec:
{{- with .Values.migration.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Values.migration.fullname }}
image: "{{ .Values.migration.image.repository }}:{{ .Values.migration.image.tag }}"
imagePullPolicy: {{ .Values.migration.image.pullPolicy }}
command:
- sh
- /app/migration-entrypoint.sh
restartPolicy: {{ .Values.migration.restartPolicy }}
日志:
Normal Scheduled 46s default-scheduler Successfully assigned development/octopus-dev-release-os-1-68cb9549c8-7jggh to minikube
Normal Pulled 41s kubelet Successfully pulled image "groundnuty/k8s-wait-for:v1.3" in 4.277517553s
Normal Pulled 36s kubelet Successfully pulled image "groundnuty/k8s-wait-for:v1.3" in 3.083126925s
Normal Pulling 20s (x3 over 45s) kubelet Pulling image "groundnuty/k8s-wait-for:v1.3"
Normal Created 18s (x3 over 41s) kubelet Created container os-init
Normal Started 18s (x3 over 40s) kubelet Started container os-init
Normal Pulled 18s kubelet Successfully pulled image "groundnuty/k8s-wait-for:v1.3" in 1.827195139s
Warning BackOff 4s (x4 over 33s) kubelet Back-off restarting failed container
kubectl get all -n development
NAME READY STATUS RESTARTS AGE
pod/octopus-dev-release-os-1-68cb9549c8-7jggh 0/1 Init:CrashLoopBackOff 2 44s
pod/octopus-dev-release-os-1-68cb9549c8-9qbdv 0/1 Init:CrashLoopBackOff 2 44s
pod/octopus-dev-release-os-1-68cb9549c8-c8h5k 0/1 Init:Error 2 44s
pod/octopus-dev-release-os-migration-1-9wq76 0/1 Completed 0 44s
......
......
NAME COMPLETIONS DURATION AGE
job.batch/octopus-dev-release-os-migration-1 1/1 26s 44s
对于遇到相同问题的任何人,我将解释我的解决方法。
问题是 deployment.yaml 中的容器没有使用 Kube API 的权限。因此,groundnuty/k8s-wait-for:v1.3 容器无法检查作业 {{ .Release.Name }}-os-server-migration-{{ .Release.Revision }} 完成与否。这就是为什么初始化容器立即因 CrashLoopError 而失败。
添加服务帐户、角色和角色绑定后一切正常,groundnuty/k8s-wait-for:v1.3 成功等待作业(迁移)完成,为了让主容器 运行.
以下是解决问题的服务帐户、角色和角色绑定的代码示例。
sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: sa-migration
namespace: development
role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: migration-reader
rules:
- apiGroups: ["batch","extensions"]
resources: ["jobs"]
verbs: ["get","watch","list"]
作用-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: migration-reader
subjects:
- kind: ServiceAccount
name: sa-migration
roleRef:
kind: Role
name: migration-reader
apiGroup: rbac.authorization.k8s.io
我遇到了图像问题 groundnuty/k8s-wait-for。项目 github and repo at dockerhub.
我很确定错误出在命令参数中,因为初始化容器因 Init:CrashLoopBackOff.
而失败关于图片: 此图像用于需要推迟 pod 部署的 init 容器。图像中的脚本等待 pod 或作业完成,完成后它让主容器和所有副本开始部署。
在我的示例中,它应该等待名为 {{ .Release.Name }}-os-server-migration-{{ .Release.Revision }} 的作业完成,并且在检测到它完成后它应该让主容器启动。使用 Helm 模板。
据我了解,作业名称是 {{ .Release.Name }}-os-server-migration-{{ .Release.Revision }} 并且 deployment.yml 中 init 容器的第二个命令参数需要相同,以便 init 容器可以依赖命名的工作。对于这种方法还有其他意见或经验吗?
附有模板。
DEPLOYMENT.YML:
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-os-{{ .Release.Revision }}
namespace: {{ .Values.namespace }}
labels:
app: {{ .Values.fullname }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ .Values.fullname }}
template:
metadata:
labels:
app: {{ .Values.fullname }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 8080
resources:
{{- toYaml .Values.resources | nindent 12 }}
initContainers:
- name: "{{ .Chart.Name }}-init"
image: "groundnuty/k8s-wait-for:v1.3"
imagePullPolicy: "{{ .Values.init.pullPolicy }}"
args:
- "job"
- "{{ .Release.Name }}-os-server-migration-{{ .Release.Revision }}"
JOB.YML:
apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Release.Name }}-os-server-migration-{{ .Release.Revision }}
namespace: {{ .Values.migration.namespace }}
spec:
backoffLimit: {{ .Values.migration.backoffLimit }}
template:
spec:
{{- with .Values.migration.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Values.migration.fullname }}
image: "{{ .Values.migration.image.repository }}:{{ .Values.migration.image.tag }}"
imagePullPolicy: {{ .Values.migration.image.pullPolicy }}
command:
- sh
- /app/migration-entrypoint.sh
restartPolicy: {{ .Values.migration.restartPolicy }}
日志:
Normal Scheduled 46s default-scheduler Successfully assigned development/octopus-dev-release-os-1-68cb9549c8-7jggh to minikube
Normal Pulled 41s kubelet Successfully pulled image "groundnuty/k8s-wait-for:v1.3" in 4.277517553s
Normal Pulled 36s kubelet Successfully pulled image "groundnuty/k8s-wait-for:v1.3" in 3.083126925s
Normal Pulling 20s (x3 over 45s) kubelet Pulling image "groundnuty/k8s-wait-for:v1.3"
Normal Created 18s (x3 over 41s) kubelet Created container os-init
Normal Started 18s (x3 over 40s) kubelet Started container os-init
Normal Pulled 18s kubelet Successfully pulled image "groundnuty/k8s-wait-for:v1.3" in 1.827195139s
Warning BackOff 4s (x4 over 33s) kubelet Back-off restarting failed container
kubectl get all -n development
NAME READY STATUS RESTARTS AGE
pod/octopus-dev-release-os-1-68cb9549c8-7jggh 0/1 Init:CrashLoopBackOff 2 44s
pod/octopus-dev-release-os-1-68cb9549c8-9qbdv 0/1 Init:CrashLoopBackOff 2 44s
pod/octopus-dev-release-os-1-68cb9549c8-c8h5k 0/1 Init:Error 2 44s
pod/octopus-dev-release-os-migration-1-9wq76 0/1 Completed 0 44s
......
......
NAME COMPLETIONS DURATION AGE
job.batch/octopus-dev-release-os-migration-1 1/1 26s 44s
对于遇到相同问题的任何人,我将解释我的解决方法。
问题是 deployment.yaml 中的容器没有使用 Kube API 的权限。因此,groundnuty/k8s-wait-for:v1.3 容器无法检查作业 {{ .Release.Name }}-os-server-migration-{{ .Release.Revision }} 完成与否。这就是为什么初始化容器立即因 CrashLoopError 而失败。
添加服务帐户、角色和角色绑定后一切正常,groundnuty/k8s-wait-for:v1.3 成功等待作业(迁移)完成,为了让主容器 运行.
以下是解决问题的服务帐户、角色和角色绑定的代码示例。
sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: sa-migration
namespace: development
role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: migration-reader
rules:
- apiGroups: ["batch","extensions"]
resources: ["jobs"]
verbs: ["get","watch","list"]
作用-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: migration-reader
subjects:
- kind: ServiceAccount
name: sa-migration
roleRef:
kind: Role
name: migration-reader
apiGroup: rbac.authorization.k8s.io