Kubernetes新建RC成功时但Pods没有自动生成的解决方

创建好yaml文件以后，为了将它发布到kubernetes集群中，在Master节点执行以下命令时，显示我们想要创建的RC已经创建成功

# kubectl create -f filename.yam
replicationcontroller "rcname" created 

但是当查看Pods时，却显示不存在

# kubectl get pods
No resources found. 

解决办法是编辑/etc/kubernetes/apiserver 去除 KUBE_ADMISSION_CONTROL 中的 SecurityContextDeny,ServiceAccount ，并重启kube-apiserver.service服务

# vim /etc/kubernetes/apiserver 
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"
# systemctl restart kube-apiserver.service

删除RC，重新执行前面的步骤就可以看到Pods的生成了

# kubectl delete -f filename.yam
replicationcontroller "rcname" deleted
# kubectl create -f filename.yam
replicationcontroller "rcname" created
# kubectl get pods
NAME          READY     STATUS              RESTARTS   AGE
mysql-sgvzt   0/1       ContainerCreating   0          3s

若是Pod一直卡在ContainerCreating状态，可以用以下命令查看具体原因

# kubectl describe pod mysql-sgvzt
Name:       mysql-sgvzt
Namespace:  default
Node:       127.0.0.1/127.0.0.1
Start Time: Thu, 26 Apr 2018 13:45:25 +0800
Labels:     app=mysql
Status:     Pending
IP:     
Controllers:    ReplicationController/mysql
Containers:
  mysql:
    Container ID:   
    Image:      docker.io/mysql
    Image ID:       
    Port:       3306/TCP
    State:      Waiting
      Reason:       ContainerCreating
    Ready:      False
    Restart Count:  0
    Volume Mounts:  <none>
    Environment Variables:
      MYSQL_ROOT_PASSWORD:  123456
Conditions:
  Type      Status
  Initialized   True 
  Ready     False 
  PodScheduled  True 
No volumes.
QoS Class:  BestEffort
Tolerations:    <none>
Events:
  FirstSeen LastSeen    Count   From            SubObjectPath   Type        Reason      Message
  --------- --------    -----   ----            -------------   --------    ------      -------
  30m       30m     1   {default-scheduler }            Normal      Scheduled   Successfully assigned mysql-sgvzt to 127.0.0.1
  30m       4m      10  {kubelet 127.0.0.1}         Warning     FailedSync  Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.  details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"

  29m   1s  132 {kubelet 127.0.0.1}     Warning FailedSync  Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\""

根据结果，可以明显看到失败原因，缺少了/etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt

pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.  details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory

而这个缺失的文件是由python-rhsm-certificates提供的，所以我们只需要用yum安装他就行了

# yum install -y *rhsm*