coredns bug

记录coredns bug修复

kubectl get pods  -n kube-system

[root@k8s-master coredns]# kubectl get pods  -n kube-system
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-846b5f484d-r75st   1/1     Running   0          15d
calico-node-jnqq7                          1/1     Running   0          15d
calico-node-pv7gq                          1/1     Running   0          15d
calico-node-qmh6s                          1/1     Running   0          15d
coredns-54d44bbdf8-s2qmr                   0/1     Running   0          10d
coredns-54d44bbdf8-zf497                   0/1     Running   0          10d
etcd-k8s-master                            1/1     Running   0          15d
etcd-k8s-node1                             1/1     Running   0          15d
kube-apiserver-k8s-master                  1/1     Running   0          10d
kube-apiserver-k8s-node1                   1/1     Running   0          15d
kube-controller-manager-k8s-master         1/1     Running   0          6d4h
kube-controller-manager-k8s-node1          1/1     Running   0          15d
kube-proxy-99v9z                           1/1     Running   0          10d
kube-proxy-drrv4                           1/1     Running   0          10d
kube-proxy-p5nkl                           1/1     Running   0          10d
kube-scheduler-k8s-master                  1/1     Running   0          6d4h
kube-scheduler-k8s-node1                   1/1     Running   0          15d

  

coredns pod虽然是running 的状态,但是他是notready

查看cordnslog

kubectl logs  -f coredns-54d44bbdf8-s2qmr -n kube-system

E1125 06:56:14.489039       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.21.1/tools/cache/reflector.go:167: Failed to watch *v1.EndpointSlice: failed to list *v1.EndpointSlice: endpointslices.discovery.k8s.io is forbidden: User "system:serviceaccount:kube-system:coredns" cannot list resource "endpointslices" in API group "discovery.k8s.io" at the cluster scope
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
E1125 06:56:50.693019       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.21.1/tools/cache/reflector.go:167: Failed to watch *v1.EndpointSlice: failed to list *v1.EndpointSlice: endpointslices.discovery.k8s.io is forbidden: User "system:serviceaccount:kube-system:coredns" cannot list resource "endpointslices" in API group "discovery.k8s.io" at the cluster scope
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"

 

system:serviceaccount:kube-system:coredns 缺少权限

次错误是由于coredns bug导致,需要修复coredns角色权限

kubectl edit clusterrole system:coredns

在后面追加内容

- apiGroups:
  - discovery.k8s.io
  resources:
  - endpointslices
  verbs:
  - list
  - watch

  

修改好后过一会再执行命令查看

kubectl get pods  -n kube-system 

【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/Tempted/p/15602850.html