Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m34s default-scheduler Successfully assigned default/webhook-5b89cb44b-npctl to master1
Warning FailedCreatePodSandBox 2m33s kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = [failed to set up sandbox container "4c82b0a53aaf6089808bb4263e06d5a19e38e7c517694ea00e28f60758f325aa" network for pod "webhook-5b89cb44b-npctl": networkPlugin cni failed to set up pod "webhook-5b89cb44b-npctl_default" network: error getting ClusterInformation: connection is unauthorized: Unauthorized, failed to clean up sandbox container "4c82b0a53aaf6089808bb4263e06d5a19e38e7c517694ea00e28f60758f325aa" network for pod "webhook-5b89cb44b-npctl": networkPlugin cni failed to teardown pod "webhook-5b89cb44b-npctl_default" network: error getting ClusterInformation: connection is unauthorized: Unauthorized]
Normal SandboxChanged 6s (x13 over 2m33s) kubelet Pod sandbox changed, it will be killed and re-created.
在K8s中,节点污点(taint) 和 Pod调度规则(nodeSelector/nodeAffinity) 是分别在节点配置和Pod的YAML配置中设置的,具体如下:
配置位置:在master节点的资源配置中(通过kubectl操作节点)。
配置命令/方式:
给master节点添加污点(禁止调度)的命令:
kubectl taint nodes master1 node-role.kubernetes.io/master:NoSchedule
(这里master1是节点名,NoSchedule表示“禁止新Pod调度到该节点”)
查看节点污点的命令:
kubectl describe node master1 | grep Taints
配置位置:在api server的Pod对应的YAML文件中。
常见的调度配置写法(导致绑定master节点的配置):
apiVersion: v1
kind: Pod
metadata:
name: api-server
spec:
nodeSelector: # 按标签选择节点
kubernetes.io/hostname: master1 # 绑定到名为master1的节点
containers:
- name: api-server
image: xxx
修改Pod的YAML,去掉绑定master的规则,或改为允许work节点:
apiVersion: v1
kind: Pod
metadata:
name: api-server
spec:
# 去掉nodeSelector,或改为work节点的标签(比如work节点标签是node-role=worker)
nodeSelector:
node-role: worker
containers:
- name: api-server
image: xxx