system info:
#cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
#rpm -qa|grep kubernetes
kubernetes-node-1.5.2-0.7.git269f928.el7.x86_64
kubernetes-master-1.5.2-0.7.git269f928.el7.x86_64
kubernetes-client-1.5.2-0.7.git269f928.el7.x86_64
kubernetes-1.5.2-0.7.git269f928.el7.x86_64
Issue1:
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
54m 50m 48 {replication-controller } Warning FailedCreate Error creating: No API token found for service account "default", retry after the token is automatically created and added to the service account
Solution:
注释 KUBE_ADMISSION_CONTROL
添加 KUBE_ADMISSION_CONTROL=""
重启api service. systemctl restart kube-apiserver.service
#cat /etc/kubernetes/apiserver
****
# default admission control policies
#KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_ADMISSION_CONTROL=""
****
#systemctl restart kube-apiserver.service
Issue2:
kubelet: E0125 16:34:59.486953 12941 pod_workers.go:184] Error syncing pod 4c9f86c5-01a8-11e8-bc0c-0200159c0036, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\"
Solution:
yum install python-rhsm-certificates
docker pull registry.access.redhat.com/rhel7/pod-infrastructure