%3A%20Vorgang%20nicht%20zul%C3%A4ssig%3A%20unbekannter%20Fehler%20im%20K8S-Docker-Setup.png)
Beim Versuch, einen Container in einer virtuellen Ubuntu-AWS-Maschine zu starten, tritt ein Berechtigungsfehler auf. Ich verwende kubectl apply -f test.yaml zum Bereitstellen. Nginx funktioniert in derselben VM normal. Ich habe versucht, Berechtigungen, Berechtigungsmodi und andere zu ändern, aber ohne Erfolg.
Bitte helfen Sie mir, den Fehler zu beheben. Vielen Dank im Voraus.
ubuntu@rd-testc-virtual:~/TESTc$ cat testc.yaml
apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: DaemonSet
metadata:
name: testc
labels:
app: TESTC
tier: testvc
spec:
selector:
matchLabels:
app: TESTC
tier: testc
template:
metadata:
labels:
app: TESTC
tier: testc
spec:
hostNetwork: true
restartPolicy: Always
volumes:
- name: modulepath
hostPath:
path: /lib/modules
- name: local
hostPath:
path: /local/configvol
- name: dev
hostPath:
path: /dev
- name: hugepage
emptyDir:
medium: HugePages
- name: day0-config
configMap:
name: day0-config
optional: true
items:
- key: day0-config
path: day0-config
- name: vpn-config
configMap:
name: vpn-config
optional: true
items:
- key: vpn-config
path: vpn-config
- name: interface-config
configMap:
name: interface-config
optional: true
items:
- key: interface-config
path: interface-config
- name: day0-idtoken
secret:
secretName: day0-idtoken
optional: true
items:
- key: idtoken
path: idtoken
imagePullSecrets:
- name: regtestc
containers:
- name: testc
image: dockerhub.privaterepo.com/testc-dev-docker/testc:99.22.24.5
imagePullPolicy: Never
stdin: true
tty: true
securityContext:
capabilities:
add: ["SYS_RESOURCE", "SYS_ADMIN", "NET_ADMIN"]
privileged: true
env:
- name: TEST_DOCKER
value: "1"
- name: RUN_TEST_WITH_GDB
value: "0"
- name: TESTC_MEMORY
value: "2048M"
- name: TESTC_CPUS
value: "1"
- name: DISABLE_DPDK
value: "0"
- name: TEST_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: TEST_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: TEST_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: CORE_SIZE_LIMIT
value: "200MB"
- name: COREDUMP_PATH
value: "/mnt/coredump_repo/"
- name: TESTC_DEALER_ENDPOINT
value: "localhost:5555"
- name: TESTC_STANDALONE_MODE
value: "1"
- name: TESTC_ROOT_PRIVILEGE
value: "1"
volumeMounts:
- name: modulepath
mountPath: /lib/modules
- name: local
mountPath: /config
- name: dev
mountPath: /dev
- mountPath: /hugepages
name: hugepage
- name: day0-config
mountPath: /testc-day0-config
- name: vpn-config
mountPath: /mnt/vpn-config
subPath: vpn-config
- name: day0-idtoken
mountPath: /testc-day0-idtoken
readOnly: true
- name: interface-config
mountPath: /mnt/interface-config
resources:
limits:
hugepages-2Mi: 64Mi
memory: 2Gi
requests:
hugepages-2Mi: 64Mi
memory: 2Gi
ubuntu@rd-testc-virtual:~/TESTc$
ubuntu@rd-testc-virtual:~/TESTc$ kubectl get pod
NAME READY STATUS RESTARTS AGE
testc-k28fj 0/1 RunContainerError 0 (4s ago) 4s
ubuntu@rd-testc-virtual:~/TESTc$
ubuntu@rd-testc-virtual:~/TESTc$ kubectl describe pod
Name: testc-k28fj
Namespace: default
Priority: 0
Service Account: default
Node: minikube/192.168.49.2
Start Time: Fri, 22 Sep 2023 06:35:30 +0000
Labels: app=TESTC
controller-revision-hash=6556668fd7
pod-template-generation=1
tier=testc
Annotations: <none>
Status: Running
IP: 192.168.49.2
IPs:
IP: 192.168.49.2
Controlled By: DaemonSet/testc
Containers:
testc:
Container ID: docker://110d8b8566439997dabc20ea550481e045592e2ecded34952fb5a1d601ddf4e2
Image: dockerhub.privaterepo.com/testc-dev-docker/testc:99.22.24.5
Image ID: docker://sha256:9f0691a7a21614290abd79a5fc477199cd1a705be1aefff06fc7a903ed1a686b
Port: <none>
Host Port: <none>
State: Waiting
Reason: RunContainerError
Last State: Terminated
Reason: ContainerCannotRun
Message: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: ioctl(setctty): operation not permitted: unknown
Exit Code: 128
Started: Fri, 22 Sep 2023 06:35:30 +0000
Finished: Fri, 22 Sep 2023 06:35:30 +0000
Ready: False
Restart Count: 1
Limits:
hugepages-2Mi: 64Mi
memory: 2Gi
Requests:
hugepages-2Mi: 64Mi
memory: 2Gi
Environment:
TEST_DOCKER: 1
RUN_TEST_WITH_GDB: 0
TESTC_MEMORY: 2048M
TESTC_CPUS: 1
DISABLE_DPDK: 0
TEST_POD_NAME: testc-k28fj (v1:metadata.name)
TEST_POD_NAMESPACE: default (v1:metadata.namespace)
TEST_POD_IP: (v1:status.podIP)
CORE_SIZE_LIMIT: 200MB
COREDUMP_PATH: /mnt/coredump_repo/
TESTC_DEALER_ENDPOINT: localhost:5555
TESTC_STANDALONE_MODE: 1
TESTC_ROOT_PRIVILEGE: 1
Mounts:
/testc-day0-config from day0-config (rw)
/testc-day0-idtoken from day0-idtoken (ro)
/config from local (rw)
/dev from dev (rw)
/hugepages from hugepage (rw)
/lib/modules from modulepath (rw)
/mnt/interface-config from interface-config (rw)
/mnt/vpn-config from vpn-config (rw,path="vpn-config")
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-7pb8t (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
modulepath:
Type: HostPath (bare host directory volume)
Path: /lib/modules
HostPathType:
local:
Type: HostPath (bare host directory volume)
Path: /local/configvol
HostPathType:
dev:
Type: HostPath (bare host directory volume)
Path: /dev
HostPathType:
hugepage:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium: HugePages
SizeLimit: <unset>
day0-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: day0-config
Optional: true
vpn-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: vpn-config
Optional: true
interface-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: interface-config
Optional: true
day0-idtoken:
Type: Secret (a volume populated by a Secret)
SecretName: day0-idtoken
Optional: true
kube-api-access-7pb8t:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/disk-pressure:NoSchedule op=Exists
node.kubernetes.io/memory-pressure:NoSchedule op=Exists
node.kubernetes.io/network-unavailable:NoSchedule op=Exists
node.kubernetes.io/not-ready:NoExecute op=Exists
node.kubernetes.io/pid-pressure:NoSchedule op=Exists
node.kubernetes.io/unreachable:NoExecute op=Exists
node.kubernetes.io/unschedulable:NoSchedule op=Exists
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 14s default-scheduler Successfully assigned default/testc-k28fj to minikube
Normal Pulled 1s (x3 over 14s) kubelet Container image "dockerhub.privaterepo.com/testc-dev-docker/testc:99.22.24.5" already present on machine
Normal Created 1s (x3 over 14s) kubelet Created container testc
Warning Failed 1s (x3 over 14s) kubelet Error: failed to start container "testc": Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: ioctl(setctty): operation not permitted: unknown
ubuntu@rd-testc-virtual:~/TESTc$
ubuntu@rd-testc-virtual:~/TESTc$ubuntu@rd-testc-virtual:~/TESTc$ kubectl get pod
NAME READY STATUS RESTARTS AGE
testc-k28fj 0/1 RunContainerError 0 (4s ago) 4s
ubuntu@rd-testc-virtual:~/TESTc$
ubuntu@rd-testc-virtual:~/TESTc$ kubectl describe pod
Name: testc-k28fj
Namespace: default
Priority: 0
Service Account: default
Node: minikube/192.168.49.2
Start Time: Fri, 22 Sep 2023 06:35:30 +0000
Labels: app=TESTC
controller-revision-hash=6556668fd7
pod-template-generation=1
tier=testc
Annotations: <none>
Status: Running
IP: 192.168.49.2
IPs:
IP: 192.168.49.2
Controlled By: DaemonSet/testc
Containers:
testc:
Container ID: docker://110d8b8566439997dabc20ea550481e045592e2ecded34952fb5a1d601ddf4e2
Image: dockerhub.privaterepo.com/testc-dev-docker/testc:99.22.24.5
Image ID: docker://sha256:9f0691a7a21614290abd79a5fc477199cd1a705be1aefff06fc7a903ed1a686b
Port: <none>
Host Port: <none>
State: Waiting
Reason: RunContainerError
Last State: Terminated
Reason: ContainerCannotRun
Message: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: ioctl(setctty): operation not permitted: unknown
Exit Code: 128
Started: Fri, 22 Sep 2023 06:35:30 +0000
Finished: Fri, 22 Sep 2023 06:35:30 +0000
Ready: False
Restart Count: 1
Limits:
hugepages-2Mi: 64Mi
memory: 2Gi
Requests:
hugepages-2Mi: 64Mi
memory: 2Gi
Environment:
TEST_DOCKER: 1
RUN_TEST_WITH_GDB: 0
TESTC_MEMORY: 2048M
TESTC_CPUS: 1
DISABLE_DPDK: 0
TEST_POD_NAME: testc-k28fj (v1:metadata.name)
TEST_POD_NAMESPACE: default (v1:metadata.namespace)
TEST_POD_IP: (v1:status.podIP)
CORE_SIZE_LIMIT: 200MB
COREDUMP_PATH: /mnt/coredump_repo/
TESTC_DEALER_ENDPOINT: localhost:5555
TESTC_STANDALONE_MODE: 1
TESTC_ROOT_PRIVILEGE: 1
Mounts:
/testc-day0-config from day0-config (rw)
/testc-day0-idtoken from day0-idtoken (ro)
/config from local (rw)
/dev from dev (rw)
/hugepages from hugepage (rw)
/lib/modules from modulepath (rw)
/mnt/interface-config from interface-config (rw)
/mnt/vpn-config from vpn-config (rw,path="vpn-config")
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-7pb8t (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
modulepath:
Type: HostPath (bare host directory volume)
Path: /lib/modules
HostPathType:
local:
Type: HostPath (bare host directory volume)
Path: /local/configvol
HostPathType:
dev:
Type: HostPath (bare host directory volume)
Path: /dev
HostPathType:
hugepage:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium: HugePages
SizeLimit: <unset>
day0-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: day0-config
Optional: true
vpn-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: vpn-config
Optional: true
interface-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: interface-config
Optional: true
day0-idtoken:
Type: Secret (a volume populated by a Secret)
SecretName: day0-idtoken
Optional: true
kube-api-access-7pb8t:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/disk-pressure:NoSchedule op=Exists
node.kubernetes.io/memory-pressure:NoSchedule op=Exists
node.kubernetes.io/network-unavailable:NoSchedule op=Exists
node.kubernetes.io/not-ready:NoExecute op=Exists
node.kubernetes.io/pid-pressure:NoSchedule op=Exists
node.kubernetes.io/unreachable:NoExecute op=Exists
node.kubernetes.io/unschedulable:NoSchedule op=Exists
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 14s default-scheduler Successfully assigned default/testc-k28fj to minikube
Normal Pulled 1s (x3 over 14s) kubelet Container image "dockerhub.privaterepo.com/testc-dev-docker/testc:99.22.24.5" already present on machine
Normal Created 1s (x3 over 14s) kubelet Created container testc
Warning Failed 1s (x3 over 14s) kubelet Error: failed to start container "testc": Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: ioctl(setctty): operation not permitted: unknown
ubuntu@rd-testc-virtual:~/TESTc$
ubuntu@rd-testc-virtual:~/TESTc$