由于缺少服务令牌,kube-scheduler 的 CrashLoopBackOff

Har*_*rry 2 kubernetes kube-scheduler

我的 Kubernetes 集群有问题,我的 kube-scheduler pod 卡在“CrashLoopBackOff”状态,我无法纠正它。日志抱怨缺少服务令牌:

kubectl logs kube-scheduler-master -n kube-system
I1011 09:01:04.309289       1 serving.go:319] Generated self-signed cert in-memory
W1011 09:01:20.579733       1 authentication.go:387] failed to read in-cluster kubeconfig for delegated authentication: open /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or directory
W1011 09:01:20.579889       1 authentication.go:249] No authentication-kubeconfig provided in order to lookup client-ca-file in configmap/extension-apiserver-authentication in kube-system, so client certificate authentication won't work.
W1011 09:01:20.579917       1 authentication.go:252] No authentication-kubeconfig provided in order to lookup requestheader-client-ca-file in configmap/extension-apiserver-authentication in kube-system, so request-header client certificate authentication won't work.
W1011 09:01:20.579990       1 authorization.go:177] failed to read in-cluster kubeconfig for delegated authorization: open /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or directory
W1011 09:01:20.580040       1 authorization.go:146] No authorization-kubeconfig provided, so SubjectAccessReview of authorization tokens won't work.
invalid configuration: no configuration has been provided
Run Code Online (Sandbox Code Playgroud)

任何人都可以解释什么/var/run/secrets/kubernetes.io/serviceaccount/token是,它应该存储在哪里(是主机上的路径还是容器内的路径)以及我如何重新生成它?

我在所有使用kubeadm. 自从这个错误第一次出现以来,我愚蠢地升级了集群(我读到这可能是我使用的版本中的一个错误)。我之前使用的是 1.14.* 版。

任何帮助将不胜感激; 一切都在这个集群上运行,我觉得我的手臂没有它就被切断了。

提前致谢,

哈利

Mar*_*sch 7

默认情况下/var/run/secrets/kubernetes.io/serviceaccount/token安装在每个 pod 中,并包含用于访问 Kubernetes API 服务器的身份验证令牌。

您可以通过automountServiceAccountToken: false在部署配置中指定来禁用挂载它。terraform默认情况下,某些工具(例如Kubernetes 供应商)也会禁用挂载令牌。在terraform此可以通过添加重新启用automount_service_account_token = true的部署规范。