ReplicaFailure имеет значение FailedCreate при создании образца bookinfo с помощью istio - PullRequest
Новая
       229

ReplicaFailure имеет значение FailedCreate при создании образца bookinfo с помощью istio

0 голосов
/ 06 августа 2020

У меня установлена ​​версия istio 1.5.4. Я пытаюсь развернуть приложение bookinfo с помощью команды - kubectl apply -f samples / bookinfo / platform / kube / bookinfo.yaml 

service/details created
serviceaccount/bookinfo-details created
deployment.apps/details-v1 created
service/ratings created
serviceaccount/bookinfo-ratings created
deployment.apps/ratings-v1 created
service/reviews created
serviceaccount/bookinfo-reviews created
deployment.apps/reviews-v1 created
deployment.apps/reviews-v2 created
deployment.apps/reviews-v3 created
service/productpage created
serviceaccount/bookinfo-productpage created
deployment.apps/productpage-v1 created

-bash-4.2$ kubectl get services
NAME          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
details       ClusterIP   10.108.221.161   <none>        9080/TCP   9s
kubernetes    ClusterIP   10.96.0.1        <none>        443/TCP    35d
productpage   ClusterIP   10.106.237.68    <none>        9080/TCP   9s
ratings       ClusterIP   10.96.155.198    <none>        9080/TCP   9s
reviews       ClusterIP   10.107.119.19    <none>        9080/TCP   9s
-bash-4.2$ kubectl get pods
No resources found in default namespace.

Подд не создается. 

-bash-4.2$ kubectl get all
NAME                  TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
service/details       ClusterIP   10.108.221.161   <none>        9080/TCP   107s
service/kubernetes    ClusterIP   10.96.0.1        <none>        443/TCP    35d
service/productpage   ClusterIP   10.106.237.68    <none>        9080/TCP   107s
service/ratings       ClusterIP   10.96.155.198    <none>        9080/TCP   107s
service/reviews       ClusterIP   10.107.119.19    <none>        9080/TCP   107s

NAME                             READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/details-v1       0/1     0            0           107s
deployment.apps/productpage-v1   0/1     0            0           107s
deployment.apps/ratings-v1       0/1     0            0           107s
deployment.apps/reviews-v1       0/1     0            0           107s
deployment.apps/reviews-v2       0/1     0            0           107s
deployment.apps/reviews-v3       0/1     0            0           107s

NAME                                        DESIRED   CURRENT   READY   AGE
replicaset.apps/details-v1-78d78fbddf       1         0         0       107s
replicaset.apps/productpage-v1-85b9bf9cd7   1         0         0       107s
replicaset.apps/ratings-v1-6c9dbf6b45       1         0         0       107s
replicaset.apps/reviews-v1-564b97f875       1         0         0       107s
replicaset.apps/reviews-v2-568c7c9d8f       1         0         0       107s
replicaset.apps/reviews-v3-67b4988599       1         0         0       107s

-bash-4.2$ kubectl describe deployment.apps/reviews-v1
Name:                   reviews-v1
Namespace:              default
CreationTimestamp:      Thu, 06 Aug 2020 07:04:25 -0400
Labels:                 app=reviews
                        version=v1
Annotations:            deployment.kubernetes.io/revision: 1
                        kubectl.kubernetes.io/last-applied-configuration:
                          {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"app":"reviews","version":"v1"},"name":"reviews-v1","na...
Selector:               app=reviews,version=v1
Replicas:               1 desired | 0 updated | 0 total | 0 available | 1 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:           app=reviews
                    version=v1
  Service Account:  bookinfo-reviews
  Containers:
   reviews:
    Image:      docker.io/istio/examples-bookinfo-reviews-v1:1.15.0
    Port:       9080/TCP
    Host Port:  0/TCP
    Environment:
      LOG_DIR:  /tmp/logs
    Mounts:
      /opt/ibm/wlp/output from wlp-output (rw)
      /tmp from tmp (rw)
  Volumes:
   wlp-output:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
   tmp:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
Conditions:
  Type             Status  Reason
  ----             ------  ------
  Progressing      True    NewReplicaSetCreated
  Available        False   MinimumReplicasUnavailable
  ReplicaFailure   True    FailedCreate
OldReplicaSets:    reviews-v1-564b97f875 (0/1 replicas created)
NewReplicaSet:     <none>
Events:
  Type    Reason             Age    From                   Message
  ----    ------             ----   ----                   -------
  Normal  ScalingReplicaSet  5m54s  deployment-controller  Scaled up replica set reviews-v1-564b97f875 to 1

Я получаю ReplicaFailure для FailedCreate

Я попытался увеличить progressDeadLineSeconds, как упоминалось в другом потоке, но все равно получаю ту же проблему. 

-bash-4.2$ kubectl patch deployment.apps/reviews-v1 -p '{"spec":{"progressDeadlineSeconds":6000}}'
deployment.apps/reviews-v1 patched
-bash-4.2$ kubectl get pods
No resources found in default namespace.

Поды не создаются. Есть идеи, что могло пойти не так? 

-bash-4.2$ kubectl get events
LAST SEEN   TYPE      REASON              OBJECT                                 MESSAGE
4m32s       Warning   FailedCreate        replicaset/details-v1-78d78fbddf       Error creating: Internal error occurred: failed calling webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: x509: certificate signed by unknown authority
59m         Normal    ScalingReplicaSet   deployment/details-v1                  Scaled up replica set details-v1-78d78fbddf to 1
4m32s       Warning   FailedCreate        replicaset/productpage-v1-85b9bf9cd7   Error creating: Internal error occurred: failed calling webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: x509: certificate signed by unknown authority
59m         Normal    ScalingReplicaSet   deployment/productpage-v1              Scaled up replica set productpage-v1-85b9bf9cd7 to 1
4m32s       Warning   FailedCreate        replicaset/ratings-v1-6c9dbf6b45       Error creating: Internal error occurred: failed calling webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: x509: certificate signed by unknown authority
59m         Normal    ScalingReplicaSet   deployment/ratings-v1                  Scaled up replica set ratings-v1-6c9dbf6b45 to 1
4m31s       Warning   FailedCreate        replicaset/reviews-v1-564b97f875       Error creating: Internal error occurred: failed calling webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: x509: certificate signed by unknown authority
59m         Normal    ScalingReplicaSet   deployment/reviews-v1                  Scaled up replica set reviews-v1-564b97f875 to 1
4m32s       Warning   FailedCreate        replicaset/reviews-v2-568c7c9d8f       Error creating: Internal error occurred: failed calling webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: x509: certificate signed by unknown authority
59m         Normal    ScalingReplicaSet   deployment/reviews-v2                  Scaled up replica set reviews-v2-568c7c9d8f to 1
4m34s       Warning   FailedCreate        replicaset/reviews-v3-67b4988599       Error creating: Internal error occurred: failed calling webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: x509: certificate signed by unknown authority
59m         Normal    ScalingReplicaSet   deployment/reviews-v3                  Scaled up replica set reviews-v3-67b4988599 to 1
-bash-4.2$ kubectl describe rs replicasetname
Error from server (NotFound): replicasets.extensions "replicasetname" not found

Ответы [ 2 ]

0 голосов
/ 02 сентября 2020

У меня такая же проблема:

[root@bio DimetisOrchestrator] # kubectl get mutatingwebhookconfiguration istio-sidecar-injector -o yaml -o jsonpath = '{. Webhooks [0] .clientConfig.caBundle}' | md5sum 917d9c9007d2cd128b91c0005ac3fa84 -

[root@bio DimetisOrchestrator] # kubectl -n istio-system get secret istiod-service-account-token -o jsonpath = '{. data. root -cert.pem} md5sum

Ошибка сервера (NotFound): секреты «istiod-service-account-token» не найдены d41d8cd98f00b204e9800998ecf8427e -

Сертификаты не совпадают даже после перезапуска istiod

[ root@bio DimetisOrchestrator] # [root@bio DimetisOrchestrator] # kubectl get deployment -n istio-system istiod NAME READY UP-DATE AVAILABLE AGE istiod 1/1 1 1 16h

0 голосов
/ 06 августа 2020

Из документов здесь

x509: сертификат, подписанный неизвестным органом власти, ошибки обычно вызваны пустым caBundle в конфигурации веб-перехватчика

Убедитесь, что caBundle в конфигурации mutatingwebhook соответствует сертификату root, установленному в модуле istiod. 

$ kubectl get mutatingwebhookconfiguration istio-sidecar-injector -o yaml -o jsonpath='{.webhooks[0].clientConfig.caBundle}' | md5sum
4b95d2ba22ce8971c7c92084da31faf0  -
$ kubectl -n istio-system get secret istiod-service-account-token -o jsonpath='{.data.root-cert\.pem}' | md5sum
4b95d2ba22ce8971c7c92084da31faf0  -

Сертификат CA должен совпадать. Если это не так, перезапустите модули istiod. 

$ kubectl -n istio-system patch deployment istiod \
    -p "{\"spec\":{\"template\":{\"metadata\":{\"labels\":{\"date\":\"`date +'%s'`\"}}}}}"
deployment.extensions "istiod" patched
...