728x90
반응형
kubevirt pod 생성 시 kubevirt-operator-xxxxxxxxxxxxxx-xxxx 생성 이후 kubevirt 관련 pod이 생성되지 않는 현상이 발생한다면, kubevirt-operator의 pod 로그를 다음과 같이 확인가능하다.
root@Compute:~/kubevirt/virt-v1.3# vi /var/log/pods/kubevirt_virt-operator-xxxxxxx8d6-c4bbs_bba94770-b446-aaaaa-b987-xxxxxxd8d/virt-operator/0.log
or
root@Compute:~/kubevirt/virt-v1.3# kubectl logs -f virt-operator-xxxxxxx8d6-xxclh -n kubevirt
로그 중 다음과 같이 " ~ grant RBAC permissions not currently ~" 에러가 확인 될 경우
~ grant RBAC permissions not currently ~
{
"log":"{\"component\":\"virt-operator\",\"kind\":\"\",\"level\":\"error\",\"msg\":\"Failed to create
all resources: unable to create clusterrole \\u0026ClusterRole{ObjectMeta:k8s_io_apimachinery_pkg_ap
is_meta_v1.ObjectMeta{Name:kubevirt.io:admin,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:
,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:\\u003cnil\\u003e,Del
etionGracePeriodSeconds:nil,Labels:map[string]string{app.kubernetes.io/managed-by: kubevirt-operator,
kubevirt.io: ,rbac.authorization.k8s.io/aggregate-to-admin: true,},Annotations:map[string]string{kube
virt.io/install-strategy-identifier: xxxxx277b42267fcdf156cf9451ce4f2964bc006,kubevirt.io/install-str
ategy-registry: 172.21.xxx.56:5000/index.docker.io/kubevirt,kubevirt.io/install-strategy-version: lates
t,},OwnerReferences:[{kubevirt.io/v1alpha3 KubeVirt kubevirt 2bf12ae9-feee-aaaaa-ad10-xxxxxbfbb0f4 0xc
00155f989 0xc00155f988}],Finalizers:[],ClusterName:,Initializers:nil,},Rules:[{[get] [subresources.ku
bevirt.io] [virtualmachineinstances/console virtualmachineinstances/vnc virtualmachineinstances/pause
virtualmachineinstances/unpause] [] []} {[update] [subresources.kubevirt.io] [virtualmachines/start
virtualmachines/stop virtualmachines/restart] [] []} {[get delete create update patch list watch dele
tecollection] [kubevirt.io] [virtualmachines virtualmachineinstances virtualmachineinstancepresets vi
rtualmachineinstancereplicasets virtualmachineinstancemigrations] [] []}],AggregationRule:nil,}: clus
terroles.rbac.authorization.k8s.io \\\"kubevirt.io:admin\\\" is forbidden: user \\\"system:serviceacc
ount:kubevirt:kubevirt-operator\\\" (groups=[\\\"system:serviceaccounts\\\" \\\"system:serviceaccount
s:kubevirt\\\" \\\"system:authenticated\\\"]) is attempting to grant RBAC permissions not currently h
eld:\\n{APIGroups:[\\\"subresources.kubevirt.io\\\"], Resources:[\\\"virtualmachineinstances/pause\\\
"
],
Verbs:[
\\\ "get\\\"]}\\n{APIGroups:[\\\"subresources.kubevirt.io\\\"], Resources:[\\\"virtualmachi
neinstances/unpause\\\"], Verbs:[\\\"get\\\"]}\",\"name\":\"kubevirt\",\"namespace\":\"kubevirt\",\"p
os\":\"kubevirt.go:932\",\"timestamp\":\"2020-01-10T05:27:57.471863Z\",\"uid\":\"2bf12ae9-feee-aaaaa-a
d10-xxxxxxbfbb0f4\"}\n",
"stream": "stderr",
"time": "2020-01-10T05:27:57.471985593Z"
}
다음과 같이 cluster role binding 권한을 조정해주면 문제가 해결된다.
root@Compute:~/kubevirt/virt-v1.3# kubectl create clusterrolebinding kubevirt --clusterrole=cluster-admin --serviceaccount=kubevirt:kubevirt-operator728x90
반응형
'IT기술 > 클라우드 시스템 (Cloud System)' 카테고리의 다른 글
| [Docker] 도커 소개 및 사용 (0) | 2022.08.22 |
|---|---|
| [Docker] 도커 이미지(image) 삭제 방법(repository, registry) (0) | 2022.07.14 |
| [Docker] 도커 이미지(Image) 생성 및 레지스트리(registry) 업로드 (0) | 2022.07.12 |
| [kubernetes] Pod 소개 (0) | 2022.07.04 |
| [kubernetes] k8s 소개 (0) | 2022.03.28 |
| [AWS] Cloud 시스템 구성도(Webserver-ElastiCache-RDS) (0) | 2022.03.21 |
댓글