kube-batch 创建的pod 一直是Pending
官网的例子
apiVersion: batch/v1
kind: Job
metadata:
name: qj-1
spec:
backoffLimit: 6
completions: 6
parallelism: 6
template:
metadata:
annotations:
scheduling.k8s.io/group-name: qj-1
spec:
containers:
- image: busybox
imagePullPolicy: IfNotPresent
name: busybox
resources:
requests:
cpu: "1"
restartPolicy: Never
schedulerName: kube-batch
---
apiVersion: scheduling.incubator.k8s.io/v1alpha1
kind: PodGroup
metadata:
name: qj-1
spec:
minMember: 6
现象:pod 一直处于Pending 状态
[root@YZ-222-23-201 batch]#kubectl get pod -n test-sx |grep qj-1
qj-1-bwfjh 0/1 Pending 0 19h
查看podgroups信息
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "podgroups.scheduling.incubator.k8s.io \"qj-1\" is forbidden: User \"system:serviceaccount:kube-system:default\" cannot get resource \"podgroups\" in API group \"scheduling.incubator.k8s.io\" in the namespace \"test-sx\"",
"reason": "Forbidden",
"details": {
"name": "qj-1",
"group": "scheduling.incubator.k8s.io",
"kind": "podgroups"
},
"code": 403
}
解决办法
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: default-sa-admin
subjects:
- kind: ServiceAccount
name: default
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
不要小瞧女程序员
