#kubernetes #amazon-iam
Вопрос:
Команда,
Я успешно запустил kube2iam 10.1 и после обновления до 10.11 наблюдаю ниже в журналах модулей.. есть какие-нибудь намеки?
обновил kube2iam с 10.1 до 10.11 и заметил ошибки ниже, какие-либо подсказки? без изменения каких-либо параметров модули kube2iam выдают ошибку ниже, и если я вернусь к старой версии 10.1, она будет работать нормально.
time="2021-08-11T20:55:16Z" level=error msg="Error getting instance id Get "http://169.254.169.254/latest/meta-data/instance-id": dial tcp 169.254.169.254:80: i/o timeout"
time="2021-08-11T20:55:46Z" level=error msg="Error getting instance id Get "http://169.254.169.254/latest/meta-data/instance-id": dial tcp 169.254.169.254:80: i/o timeout"
Я попробовал эту ссылку, но не уверен, какое решение предлагается, но я попытался заверить, что у меня есть все, что он просит, однако я все еще вижу эти ошибки. кто-нибудь может пояснить, что мне нужно для этого? моя спецификация модуля приведена ниже
apiVersion: v1
items:
- apiVersion: v1
kind: Pod
metadata:
annotations:
config.checksum: f7e50c242abfca3bdb4689261ca7e21f618d3887c82bf983293b1b76a067857b
creationTimestamp: "2021-08-10T18:45:13Z"
generateName: kube2iam-
labels:
app: kube2iam
controller-revision-hash: 6dc7dcd7bc
pod-template-generation: "2"
release: kube2iam
name: kube2iam-t7df6
namespace: kube2iam
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: DaemonSet
name: kube2iam
uid: 03aa9605-f712-11eb-afcf-ac1f6b5a2020
resourceVersion: "2904898"
selfLink: /api/v1/namespaces/kube2iam/pods/kube2iam-t7df6
uid: 191752e5-fa0b-11eb-afcf-ac1f6b5a2020
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchFields:
- key: metadata.name
operator: In
values:
- xxxxxxxx
containers:
- args:
- --host-interface=cali
- --node=$(NODE_NAME)
- --host-ip=$(HOST_IP)
- --iptables=true
- --base-role-arn=arn:aws:iam::726920260722:role/
- --debug=true
- --default-role=kube2iam-default.team.kong.com
- --iam-role-key=iam.amazonaws.com/role
- --log-format=text
- --log-level=info
- --namespace-key=iam.amazonaws.com/allowed-roles
- --namespace-restrictions=true
- --verbose
- --app-port=8181
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: aws_access_key_id
name: kube2iam
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: aws_secret_access_key
name: kube2iam
- name: AWS_DEFAULT_REGION
value: us-west-1
image: xxxx.dkr.ecr.us-west-1.amazonaws.com/third_party/kube2iam:0.10.11
imagePullPolicy: IfNotPresent
name: kube2iam
ports:
- containerPort: 8181
hostPort: 8181
protocol: TCP
resources: {}
securityContext:
privileged: true
procMount: Default
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube2iam-token-bz4xb
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
hostNetwork: true
imagePullSecrets:
- name: awsecr-cred
nodeName: xxxx
nodeSelector:
team/server-type: cpu
priority: 900001000
priorityClassName: team-node-critical
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: kube2iam
serviceAccountName: kube2iam
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/disk-pressure
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/memory-pressure
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/unschedulable
operator: Exists
- effect: NoSchedule
key: node.kubernetes.io/network-unavailable
operator: Exists
volumes:
- name: kube2iam-token-bz4xb
secret:
defaultMode: 420
secretName: kube2iam-token-bz4xb
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2021-08-10T18:45:13Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2021-08-10T18:45:14Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2021-08-10T18:45:14Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2021-08-10T18:45:13Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://7f919a2c4e6e2b46613604269ddd6c7aaedc1a99e6068d0aaf514528a25f4534
image: xxxxx.dkr.ecr.us-west-1.amazonaws.com/third_party/kube2iam:0.10.11
imageID: docker-pullable://xxxx.dkr.ecr.us-west-1.amazonaws.com/third_party/kube2iam@sha256:017a44c081b27cf7f0b0fee9cf1c393c968f8ff1f2058c12cfd1f1ed6d297774
lastState: {}
name: kube2iam
ready: true
restartCount: 0
state:
running:
startedAt: "2021-08-10T18:45:14Z"
hostIP: 4.5.3.1
phase: Running
podIP: 10.1.12.3
qosClass: BestEffort
startTime: "2021-08-10T18:45:13Z"
kind: List
metadata:
resourceVersion: ""
selfLink: ""