通过deployment创建pod失败
在k8s集群中,deployment启动后没有成功创建pod,通过“kubectl describe deployment ${DEPLOY_NAME} ”,看到如下日志,只看到“ReplicaFailure True FailedCreate”,但是没有failed的原因。
> kubectl describe deployment ${DEPLOY_NAME}
----------------------------------------------
Conditions:
Type Status Reason
---- ------ ------
Progressing True NewReplicaSetCreated
Available False MinimumReplicasUnavailable
ReplicaFailure True FailedCreate
OldReplicaSets: <none>
NewReplicaSet: james-mtfnwnbu4z7v5umk-67cc5d6b98 (0/1 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 40s deployment-controller Scaled up replica set james-mtfnwnbu4z7v5umk-67cc5d6b98 to 1
其实原因藏在edit deployment里面。可以通过"edit deploy"来查看。
> kubectl edit deployment ${DEPLOY_NAME}
--------------------------------------------------------------
'pods "james-mtfnwnbu4z7v5umk-67cc5d6b98" is forbidden: error looking up service account ns-james/davis: serviceaccount "davis" not found'原因很清楚,这个pod是需要指定的serviceaccount创建,但是集群没有提前创建好sa导致pod启动失败。
创建serviceaccount
ns下默认有一个default的sa,其他sa需要自己创建
root@titum:~# kubectl create sa ${SA_NAME} -n ns-james
serviceaccount/davis created
root@titum:~# kubectl get sa -n test
NAME SECRETS AGE
default 1 94s
davis 1 2s
