在 kubernetes 上部署时出现 CreateContainerConfigError
CreateContainerConfigError while deploying on kubernetes
这是我的部署文件:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
service: udagram-user
name: udagram-user
spec:
replicas: 1
selector:
matchLabels:
service: udagram-user
template:
metadata:
labels:
service: udagram-user
spec:
containers:
- image: pranjal121997/udagram-user
name: udagram-user
imagePullPolicy: Always
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "1024Mi"
cpu: "500m"
env:
- name: POSTGRESS_PASSWORD
valueFrom:
configMapKeyRef:
name: env-config
key: POSTGRESS_PASSWORD
- name: POSTGRESS_USERNAME
valueFrom:
configMapKeyRef:
name: env-config
key: POSTGRESS_USERNAME
- name: URL
valueFrom:
configMapKeyRef:
name: env-config
key: URL
- name: JWT_SECRET
valueFrom:
configMapKeyRef:
name: env-config
key: JWT_SECRET
- name: POSTGRESS_DATABASE
valueFrom:
configMapKeyRef:
name: env-config
key: POSTGRESS_DATABASE
- name: POSTGRESS_HOST
valueFrom:
configMapKeyRef:
name: env-config
key: POSTGRESS_HOST
restartPolicy: Always
在通过 kubectl create 部署时,遇到 CreateContainerConfigError。以下是 kubectl describe pod 的输出:
Name: udagram-user-f57f44889-5jtxf
Namespace: default
Priority: 0
Node: ip-172-31-43-242.ap-south-1.compute.internal/172.31.43.242
Start Time: Wed, 20 May 2020 17:58:34 +0530
Labels: pod-template-hash=f57f44889
service=udagram-user
Annotations: kubernetes.io/psp: eks.privileged
Status: Pending
IP: 172.31.33.34
Controlled By: ReplicaSet/udagram-user-f57f44889
Containers:
udagram-user:
Container ID:
Image: pranjal121997/udagram-user
Image ID:
Port: <none>
Host Port: <none>
State: Waiting
Reason: CreateContainerConfigError
Ready: False
Restart Count: 0
Limits:
cpu: 500m
memory: 1Gi
Requests:
cpu: 250m
memory: 64Mi
Environment:
POSTGRESS_PASSWORD: <set to the key 'POSTGRESS_PASSWORD' of config map 'env-config'> Optional: false
POSTGRESS_USERNAME: <set to the key 'POSTGRESS_USERNAME' of config map 'env-config'> Optional: false
URL: <set to the key 'URL' of config map 'env-config'> Optional: false
JWT_SECRET: <set to the key 'JWT_SECRET' of config map 'env-config'> Optional: false
POSTGRESS_DATABASE: <set to the key 'POSTGRESS_DATABASE' of config map 'env-config'> Optional: false
POSTGRESS_HOST: <set to the key 'POSTGRESS_HOST' of config map 'env-config'> Optional: false
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-skqmw (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-skqmw:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-skqmw
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m9s default-scheduler Successfully assigned default/udagram-user-f57f44889-5jtxf to ip-172-31-43-242.ap-south-1.compute.internal
Warning FailedCreatePodSandBox 3m8s kubelet, ip-172-31-43-242.ap-south-1.compute.internal Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "93df5832a932be9ad03d0cfd1bbaaae2c44fed0073f1325e02697fd9f6b391e9" network for pod "udagram-user-f57f44889-5jtxf": NetworkPlugin cni failed to set up pod "udagram-user-f57f44889-5jtxf_default" network: add cmd: failed to assign an IP address to container
Warning FailedCreatePodSandBox 3m7s kubelet, ip-172-31-43-242.ap-south-1.compute.internal Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "ebcf88c3b4d88a19994f6fdd5eee011f257d9e40348f559758e94e7c368da3b2" network for pod "udagram-user-f57f44889-5jtxf": NetworkPlugin cni failed to set up pod "udagram-user-f57f44889-5jtxf_default" network: add cmd: failed to assign an IP address to container
Warning FailedCreatePodSandBox 3m6s kubelet, ip-172-31-43-242.ap-south-1.compute.internal Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "486dd729e6f9781f7440305cadd0ec6a8eb82129b07efaed2dc1b707c5d03f64" network for pod "udagram-user-f57f44889-5jtxf": NetworkPlugin cni failed to set up pod "udagram-user-f57f44889-5jtxf_default" network: add cmd: failed to assign an IP address to container
Warning FailedCreatePodSandBox 3m5s kubelet, ip-172-31-43-242.ap-south-1.compute.internal Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "35e39b69cd153b1a9b76b2fc672dec151afb5aebbce5999712891ab6c2329e9f" network for pod "udagram-user-f57f44889-5jtxf": NetworkPlugin cni failed to set up pod "udagram-user-f57f44889-5jtxf_default" network: add cmd: failed to assign an IP address to container
Normal SandboxChanged 3m4s (x4 over 3m7s) kubelet, ip-172-31-43-242.ap-south-1.compute.internal Pod sandbox changed, it will be killed and re-created.
Warning Failed 2m9s (x5 over 3m2s) kubelet, ip-172-31-43-242.ap-south-1.compute.internal Error: Couldn't find key POSTGRESS_DATABASE in ConfigMap default/env-config
Normal Pulling 114s (x6 over 3m4s) kubelet, ip-172-31-43-242.ap-south-1.compute.internal Pulling image "pranjal121997/udagram-user"
Normal Pulled 112s (x6 over 3m2s) kubelet, ip-172-31-43-242.ap-south-1.compute.internal Successfully pulled image "pranjal121997/udagram-user"
我还有 2 个其他文件:aws-secret.yaml 和 env-secret.yaml 包含我的 postgress 用户名、密码和访问 ID,但不知何故 kubernetes 希望所有密钥都出现在 env-configmap.yaml。我如何强制我的集群从机密文件中获取机密?
在部署 yaml 中,env-config 在所有地方都被称为 configMapKeyRef。因此 kubernetes 期望 POSTGRESS_DATABASE 出现在 env-config configMap 中。您可以使用 secretKeyRef 引用包含密钥 POSTGRESS_DATABASE 密钥的秘密。
这是一个例子。
apiVersion: v1
kind: Pod
metadata:
name: env-single-secret
spec:
containers:
- name: envars-test-container
image: nginx
env:
- name: POSTGRESS_DATABASE
valueFrom:
secretKeyRef:
name: postgres-database-secret-name
key: POSTGRESS_DATABASE
这是我的部署文件:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
service: udagram-user
name: udagram-user
spec:
replicas: 1
selector:
matchLabels:
service: udagram-user
template:
metadata:
labels:
service: udagram-user
spec:
containers:
- image: pranjal121997/udagram-user
name: udagram-user
imagePullPolicy: Always
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "1024Mi"
cpu: "500m"
env:
- name: POSTGRESS_PASSWORD
valueFrom:
configMapKeyRef:
name: env-config
key: POSTGRESS_PASSWORD
- name: POSTGRESS_USERNAME
valueFrom:
configMapKeyRef:
name: env-config
key: POSTGRESS_USERNAME
- name: URL
valueFrom:
configMapKeyRef:
name: env-config
key: URL
- name: JWT_SECRET
valueFrom:
configMapKeyRef:
name: env-config
key: JWT_SECRET
- name: POSTGRESS_DATABASE
valueFrom:
configMapKeyRef:
name: env-config
key: POSTGRESS_DATABASE
- name: POSTGRESS_HOST
valueFrom:
configMapKeyRef:
name: env-config
key: POSTGRESS_HOST
restartPolicy: Always
在通过 kubectl create 部署时,遇到 CreateContainerConfigError。以下是 kubectl describe pod 的输出:
Name: udagram-user-f57f44889-5jtxf
Namespace: default
Priority: 0
Node: ip-172-31-43-242.ap-south-1.compute.internal/172.31.43.242
Start Time: Wed, 20 May 2020 17:58:34 +0530
Labels: pod-template-hash=f57f44889
service=udagram-user
Annotations: kubernetes.io/psp: eks.privileged
Status: Pending
IP: 172.31.33.34
Controlled By: ReplicaSet/udagram-user-f57f44889
Containers:
udagram-user:
Container ID:
Image: pranjal121997/udagram-user
Image ID:
Port: <none>
Host Port: <none>
State: Waiting
Reason: CreateContainerConfigError
Ready: False
Restart Count: 0
Limits:
cpu: 500m
memory: 1Gi
Requests:
cpu: 250m
memory: 64Mi
Environment:
POSTGRESS_PASSWORD: <set to the key 'POSTGRESS_PASSWORD' of config map 'env-config'> Optional: false
POSTGRESS_USERNAME: <set to the key 'POSTGRESS_USERNAME' of config map 'env-config'> Optional: false
URL: <set to the key 'URL' of config map 'env-config'> Optional: false
JWT_SECRET: <set to the key 'JWT_SECRET' of config map 'env-config'> Optional: false
POSTGRESS_DATABASE: <set to the key 'POSTGRESS_DATABASE' of config map 'env-config'> Optional: false
POSTGRESS_HOST: <set to the key 'POSTGRESS_HOST' of config map 'env-config'> Optional: false
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-skqmw (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-skqmw:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-skqmw
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m9s default-scheduler Successfully assigned default/udagram-user-f57f44889-5jtxf to ip-172-31-43-242.ap-south-1.compute.internal
Warning FailedCreatePodSandBox 3m8s kubelet, ip-172-31-43-242.ap-south-1.compute.internal Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "93df5832a932be9ad03d0cfd1bbaaae2c44fed0073f1325e02697fd9f6b391e9" network for pod "udagram-user-f57f44889-5jtxf": NetworkPlugin cni failed to set up pod "udagram-user-f57f44889-5jtxf_default" network: add cmd: failed to assign an IP address to container
Warning FailedCreatePodSandBox 3m7s kubelet, ip-172-31-43-242.ap-south-1.compute.internal Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "ebcf88c3b4d88a19994f6fdd5eee011f257d9e40348f559758e94e7c368da3b2" network for pod "udagram-user-f57f44889-5jtxf": NetworkPlugin cni failed to set up pod "udagram-user-f57f44889-5jtxf_default" network: add cmd: failed to assign an IP address to container
Warning FailedCreatePodSandBox 3m6s kubelet, ip-172-31-43-242.ap-south-1.compute.internal Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "486dd729e6f9781f7440305cadd0ec6a8eb82129b07efaed2dc1b707c5d03f64" network for pod "udagram-user-f57f44889-5jtxf": NetworkPlugin cni failed to set up pod "udagram-user-f57f44889-5jtxf_default" network: add cmd: failed to assign an IP address to container
Warning FailedCreatePodSandBox 3m5s kubelet, ip-172-31-43-242.ap-south-1.compute.internal Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "35e39b69cd153b1a9b76b2fc672dec151afb5aebbce5999712891ab6c2329e9f" network for pod "udagram-user-f57f44889-5jtxf": NetworkPlugin cni failed to set up pod "udagram-user-f57f44889-5jtxf_default" network: add cmd: failed to assign an IP address to container
Normal SandboxChanged 3m4s (x4 over 3m7s) kubelet, ip-172-31-43-242.ap-south-1.compute.internal Pod sandbox changed, it will be killed and re-created.
Warning Failed 2m9s (x5 over 3m2s) kubelet, ip-172-31-43-242.ap-south-1.compute.internal Error: Couldn't find key POSTGRESS_DATABASE in ConfigMap default/env-config
Normal Pulling 114s (x6 over 3m4s) kubelet, ip-172-31-43-242.ap-south-1.compute.internal Pulling image "pranjal121997/udagram-user"
Normal Pulled 112s (x6 over 3m2s) kubelet, ip-172-31-43-242.ap-south-1.compute.internal Successfully pulled image "pranjal121997/udagram-user"
我还有 2 个其他文件:aws-secret.yaml 和 env-secret.yaml 包含我的 postgress 用户名、密码和访问 ID,但不知何故 kubernetes 希望所有密钥都出现在 env-configmap.yaml。我如何强制我的集群从机密文件中获取机密?
在部署 yaml 中,env-config 在所有地方都被称为 configMapKeyRef。因此 kubernetes 期望 POSTGRESS_DATABASE 出现在 env-config configMap 中。您可以使用 secretKeyRef 引用包含密钥 POSTGRESS_DATABASE 密钥的秘密。
这是一个例子。
apiVersion: v1
kind: Pod
metadata:
name: env-single-secret
spec:
containers:
- name: envars-test-container
image: nginx
env:
- name: POSTGRESS_DATABASE
valueFrom:
secretKeyRef:
name: postgres-database-secret-name
key: POSTGRESS_DATABASE