AZURE AKS 上的 HPA 但 pod 立即进入终止状态,因为它显示无法找到要安装的默认卷

编程问答 2022-05-22

问题描述

enter image description here我正在尝试在我的项目中实施 HPA,这样每当 cpu 利用率高于 15% 时,它应该自动缩放 Pod,但 HPA 正在工作,它正在创建 Pod,但 Pod 正在从容器创建state 在一秒钟内终止状态,因为 Pod 正在终止,因此也无法看到任何与 Pod 相关的日志,但 kubectl get events 显示

"**Error: cannot find volume "default-token-chcXX" to mount into container,Unable to attach or mount volumes: unmounted volumes=[default-token-chcXX[\][1],unattached volumes=[default-token-chcXX]: timed out waiting for the condition** "

error sample

apiVersion: apps/v1
kind: Deployment
Metadata:
  name: XXX
  namespace: XXX
spec:
  selector:
    matchLabels:
      app: XXX
  replicas: 2
  template:
    Metadata:
      labels:
        app: XXX 
      annotations:
        timestamp: "{{ .Values.Metadata.annotations.timestamp }}"  
    spec:
      containers:
      - name: gui
        image: ""1.0"
        volumeMounts:
        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
          name: default-token-chcXX
          readOnly: true
imagePullPolicy: Always
        resources:
          limits:
            memory: 300m
            cpu: 512Mi
         requests:
            memory: 300m
            cpu: 512Mi
     nodeselector:
        agentpool: XXX  
      tolerations:
      - key: pool-name
        operator: Equal
        value: XXX
        effect: NoSchedule   
      volumes:
      - name: default-token-chcXX
        secret:
          defaultMode: 420
          secretName: default-token-chcXX

解决方法

我认为您的 pod 崩溃了,因为您的机密和配置映射将作为只读卷安装。

Kubernetes 在 /run/secrets/kubernetes.io/serviceaccount/ 添加自己的秘密,因为 /run/secrets 是只读的,所以无法放置它们。

因此,您的 Pod 可能会崩溃。

也许是只读的:false 不起作用。

在其他一切之前,首先检查您的秘密和卷是否存在,因为错误显示:cannot find volume "default-token-chcXX" to mount into container

您可以尝试使用子路径

apiVersion: v1
kind: Secret
metadata:
  name: test-secret
data:
  test: <YOUR DATA>
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: test
spec:
  selector:
    matchLabels:
      app: test-nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: test-nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        imagePullPolicy: Always
        volumeMounts:
        - name: secret-volume
          mountPath: "/run/secrets/test"
          subPath: test
      volumes:
      - name: secret-volume
        secret:
          secretName: test-secret
          items:
          - key: test
            path: "test"

问题:https://github.com/kubernetes/kubernetes/issues/60814

azure-aksdockerhpakubernetes