CrashLoopBackOff部署后状态为CrashLoopBackOff
来源:4-11 Kubectl create 和 apply
扎西石
2021-12-10
root@node1 ~]# kc get pod -A |grep ingress
ingress-nginx nginx-ingress-controller-b4f59498f-vwrmc 0/1 CrashLoopBackOff 2 (12s ago) 67s
[root@node1 ~]# kc describe pod nginx-ingress-controller-b4f59498f-vwrmc -n ingress-nginx
Name: nginx-ingress-controller-b4f59498f-vwrmc
Namespace: ingress-nginx
Priority: 0
Node: node1/192.168.99.102
Start Time: Fri, 10 Dec 2021 15:29:59 +0800
Labels: app.kubernetes.io/name=ingress-nginx
app.kubernetes.io/part-of=ingress-nginx
pod-template-hash=b4f59498f
Annotations: prometheus.io/port: 10254
prometheus.io/scrape: true
Status: Running
IP: 192.168.99.102
IPs:
IP: 192.168.99.102
Controlled By: ReplicaSet/nginx-ingress-controller-b4f59498f
Containers:
nginx-ingress-controller:
Container ID: docker://a58426d936f6a33cec08d1a04ef1366cc01b8f06d21b1b6a2866669d2a117802
Image: registry.aliyuncs.com/google_containers/nginx-ingress-controller:0.32.0
Image ID: docker-pullable://registry.aliyuncs.com/google_containers/nginx-ingress-controller@sha256:251e733bf41cdf726092e079d32eed51791746560fff4d59cf067508ed635287
Ports: 80/TCP, 443/TCP
Host Ports: 80/TCP, 443/TCP
Args:
/nginx-ingress-controller
–configmap=(PODNAMESPACE)/nginx−configuration−−tcp−services−configmap=(POD_NAMESPACE)/nginx-configuration
--tcp-services-configmap=(PODNAMESPACE)/nginx−configuration−−tcp−services−configmap=(POD_NAMESPACE)/tcp-services
–udp-services-configmap=(PODNAMESPACE)/udp−services−−publish−service=(POD_NAMESPACE)/udp-services
--publish-service=(PODNAMESPACE)/udp−services−−publish−service=(POD_NAMESPACE)/ingress-nginx
–annotations-prefix=nginx.ingress.kubernetes.io
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 255
Started: Fri, 10 Dec 2021 15:33:48 +0800
Finished: Fri, 10 Dec 2021 15:33:48 +0800
Ready: False
Restart Count: 5
Liveness: http-get http://:10254/healthz delay=10s timeout=10s period=10s #success=1 #failure=3
Readiness: http-get http://:10254/healthz delay=0s timeout=10s period=10s #success=1 #failure=3
Environment:
POD_NAME: nginx-ingress-controller-b4f59498f-vwrmc (v1:metadata.name)
POD_NAMESPACE: ingress-nginx (v1:metadata.namespace)
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-bgj2g (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
kube-api-access-bgj2g:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional:
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
Normal Pulling 4m14s kubelet Pulling image "registry.aliyuncs.com/google_containers/nginx-ingress-controller:0.32.0"
Normal Scheduled 4m12s default-scheduler Successfully assigned ingress-nginx/nginx-ingress-controller-b4f59498f-vwrmc to node1
Normal Pulled 3m47s kubelet Successfully pulled image “registry.aliyuncs.com/google_containers/nginx-ingress-controller:0.32.0” in 26.49768853s
Warning Unhealthy 3m17s (x2 over 3m38s) kubelet Readiness probe failed: Get “http://192.168.99.102:10254/healthz”: dial tcp 192.168.99.102:10254: connect: connection refused
Normal Created 2m47s (x4 over 3m39s) kubelet Created container nginx-ingress-controller
Normal Started 2m47s (x4 over 3m39s) kubelet Started container nginx-ingress-controller
Normal Pulled 2m47s (x3 over 3m37s) kubelet Container image “registry.aliyuncs.com/google_containers/nginx-ingress-controller:0.32.0” already present on machine
Warning BackOff 2m44s (x10 over 3m36s) kubelet Back-off restarting failed containe
[root@node1 ~]# kc logs nginx-ingress-controller-b4f59498f-vwrmc -n ingress-nginx
W1210 07:41:39.648335 6 flags.go:249] SSL certificate chain completion is disabled (–enable-ssl-chain-completion=false)
W1210 07:41:39.648496 6 client_config.go:543] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I1210 07:41:39.648718 6 main.go:220] Creating API client for https://10.1.0.1:443
NGINX Ingress controller
Release: 0.32.0
Build: git-446845114
Repository: https://github.com/kubernetes/ingress-nginx
nginx version: nginx/1.17.10
I1210 07:41:39.675723 6 main.go:264] Running in Kubernetes cluster version v1.22 (v1.22.4) - git (clean) commit b695d79d4f967c403a96986f1750a35eb75e75f1 - platform linux/amd64
F1210 07:41:39.828634 6 ssl.go:389] unexpected error storing fake SSL Cert: could not create PEM certificate file /etc/ingress-controller/ssl/default-fake-certificate.pem: open /etc/ingress-controller/ssl/default-fake-certificate.pem: permission denied
1回答
-
清风
2021-12-13
if you download the new release (0.27.1) deployment of the Nginx ingress controller, you can see:
securityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 101
runAsUser: 101
The "runAsUser" line has a different user id. the user id in my old deployment was different so I got this error. Since I Changed the runAsUser to ID 101, the id in the kubernetes definitions is the same as the ID used in the new Nginx image and it works again
可以参考这个00
相似问题