kubernetes 集群中 dapr sidecar 容器突然无法启动
0
悬赏园豆:30
[已解决问题]
解决于 2023-08-06 18:55
之前好好的,今天在发布一个应用时,总是 CrashLoopBackOff,daprd 容器怎么也无法启动,对应的 pod 日志:
Normal Pulled 7m59s Successfully pulled image "docker.io/daprio/daprd:1.11.2" in 59.298330391s (59.298345949s including waiting)
Normal Killing 7m41s Container daprd failed liveness probe, will be restarted
Normal Created 7m40s Created container daprd
Normal Started 7m40s Started container daprd
Warning Unhealthy 7m29s Readiness probe failed: Get "http://192.168.46.204:3501/v1.0/healthz": dial tcp 192.168.46.204:3501: connect: connection refused
Warning Unhealthy 7m23s Liveness probe failed: Get "http://192.168.46.204:3501/v1.0/healthz": dial tcp 192.168.46.204:3501: connect: connection refused
Exit Code: 2
请问如何解决?
问题补充:
通过下面的命令查看 dapr-operator 日志
kubectl logs -l app=dapr-operator -n dapr-system
发现下面的错误
failed to ensure dapr service present, err: Operation cannot be fulfilled on services \"i-web-dapr\": the object has been modified; please apply your changes to the latest version and try again
最佳答案
0
通过这篇博文 Ensuring Seamless Operations: Troubleshooting and Resolving Dapr Certificate Expiry 终于知道了原来是 dapr 使用的证书过期引起的
- 通过
kubectl logs -l app=dapr-sentry -n dapr-system命令发现下面的日志:
level=warning msg="Dapr root certificate expiration warning: certificate has expired."
- 通过
dapr mtls expiry命令确认正好今天下午证书过期:
Root certificate expires in -5 hours. Expiry date: 2023-08-06 05:03:51 +0000 UTC
- 通过下面的命令更新证书后解决
dapr mtls renew-certificate -k --valid-until 1000 --restart
注:valid-until 的单位是天
