記錄coredns bug修復

kubectl get pods -n kube-system

[root@k8s-master coredns]# kubectl get pods  -n kube-system
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-846b5f484d-r75st   1/1     Running   0          15d
calico-node-jnqq7                          1/1     Running   0          15d
calico-node-pv7gq                          1/1     Running   0          15d
calico-node-qmh6s                          1/1     Running   0          15d
coredns-54d44bbdf8-s2qmr                   0/1     Running   0          10d
coredns-54d44bbdf8-zf497                   0/1     Running   0          10d
etcd-k8s-master                            1/1     Running   0          15d
etcd-k8s-node1                             1/1     Running   0          15d
kube-apiserver-k8s-master                  1/1     Running   0          10d
kube-apiserver-k8s-node1                   1/1     Running   0          15d
kube-controller-manager-k8s-master         1/1     Running   0          6d4h
kube-controller-manager-k8s-node1          1/1     Running   0          15d
kube-proxy-99v9z                           1/1     Running   0          10d
kube-proxy-drrv4                           1/1     Running   0          10d
kube-proxy-p5nkl                           1/1     Running   0          10d
kube-scheduler-k8s-master                  1/1     Running   0          6d4h
kube-scheduler-k8s-node1                   1/1     Running   0          15d

coredns pod雖然是running 的狀態，但是他是notready

查看cordnslog

kubectl logs -f coredns-54d44bbdf8-s2qmr -n kube-system

E1125 06:56:14.489039       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.21.1/tools/cache/reflector.go:167: Failed to watch *v1.EndpointSlice: failed to list *v1.EndpointSlice: endpointslices.discovery.k8s.io is forbidden: User "system:serviceaccount:kube-system:coredns" cannot list resource "endpointslices" in API group "discovery.k8s.io" at the cluster scope
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
E1125 06:56:50.693019       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.21.1/tools/cache/reflector.go:167: Failed to watch *v1.EndpointSlice: failed to list *v1.EndpointSlice: endpointslices.discovery.k8s.io is forbidden: User "system:serviceaccount:kube-system:coredns" cannot list resource "endpointslices" in API group "discovery.k8s.io" at the cluster scope
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"
[INFO] plugin/ready: Still waiting on: "kubernetes"

system:serviceaccount:kube-system:coredns 缺少權限

次錯誤是由於coredns bug導致，需要修復coredns角色權限

kubectl edit clusterrole system:coredns

在后面追加內容

- apiGroups:
  - discovery.k8s.io
  resources:
  - endpointslices
  verbs:
  - list
  - watch

修改好后過一會再執行命令查看

kubectl get pods -n kube-system

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 CoreDNS筆記 coredns 安裝部署coredns coredns介紹 CoreDNS介紹我是這樣部署coredns的 BUG coredns CrashLoopBackOff 報錯 CoreDNS解析異常記錄 CoreDNS for kubernetes Service Discovery