|

今日天气

  • °C

  • 湖北省 武汉市 汉阳区

分类统计

博文归档

热门标签

python linux php centos mysql k8s ubuntu nginx flask windows docker gpu apache thinkphp bash nvidia pod javascript js zabbix iis layui elk redis containerd tomcat mongodb kafka etcd ecs phpcms cluster logstash ssl memory html sqlserver json oracle 二次开发

k8s级联删除(删除deployment却删除不了rs和pod)异常问题的处理办法

今天使用ubuntu22.04部署k8s集群,出现了使用yaml部署的时候,再使用yaml进行删除出现了只删除deployment的问题,但是rs和pod都没有被删除和销毁,于是查看kube-controller-manager日志有刷如下报错

202507231728299253332047.png

E0723 09:23:33.924944       1 shared_informer.go:314] unable to sync caches for garbage collector
E0723 09:23:33.925044       1 garbagecollector.go:261] timed out waiting for dependency graph builder sync during GC sync (attempt 46)
I0723 09:23:34.026951       1 shared_informer.go:311] Waiting for caches to sync for garbage collector
E0723 09:24:04.028246       1 shared_informer.go:314] unable to sync caches for garbage collector
E0723 09:24:04.028443       1 garbagecollector.go:261] timed out waiting for dependency graph builder sync during GC sync (attempt 47)
W0723 09:24:04.037159       1 reflector.go:535] vendor/k8s.io/client-go/metadata/metadatainformer/informer.go:106: failed to list *v1.PartialObjectMetadata: connection is unauthorized: bgpfilters.crd.projectc
alico.org is forbidden: User "system:serviceaccount:calico-apiserver:calico-apiserver" cannot list resource "bgpfilters" in API group "crd.projectcalico.org" at the cluster scope
E0723 09:24:04.037233       1 reflector.go:147] vendor/k8s.io/client-go/metadata/metadatainformer/informer.go:106: Failed to watch *v1.PartialObjectMetadata: failed to list *v1.PartialObjectMetadata: connecti
on is unauthorized: bgpfilters.crd.projectcalico.org is forbidden: User "system:serviceaccount:calico-apiserver:calico-apiserver" cannot list resource "bgpfilters" in API group "crd.projectcalico.org" at the
cluster scope

这个原因是由于垃圾回收器故障,实际是有Calico RBAC 权限问题导致的,这个calico就是官网的文档安装的,应该是有bug,同时日志里面提示了Calico 组件缺少 bgpfilters 资源的访问权限的问题。

按照下面方法进行修复,主要就是apply一个yaml文件修复RBAC权限

cat calico-rbac-fix.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: calico-bgpfilters-fix
rules:
- apiGroups: ["crd.projectcalico.org"]
  resources: ["bgpfilters"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: calico-bgpfilters-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: calico-bgpfilters-fix
subjects:
- kind: ServiceAccount
  name: calico-apiserver
  namespace: calico-apiserver

然后提交这个yaml文件

kubectl apply -f calico-rbac-fix.yaml

再删除kube-controller-manager这个pod以后恢复正常。

k8s集群kube-proxy从iptables模式切换到ipvs模式
docker服务无法停止的问题解决方法

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://sulao.cn/post/1099

评论列表

相关推荐

常用网站

0%
构建本站 Python Gunicorn Flask LayUI Peewee MySQL Redis Celery
Copyright © 2014-2025 Shevechco 22ms