工作区中的 EKS pod 获取 Fargate 的默认调度程序

Question

这是我遇到的问题：

我正在使用eksctl create cluster --name abc_name --profile profile_aws_creds

创建集群后，我将使用kubectl create namespace airflow-dev

在这个命名空间上，我使用 helm 来安装 flux helm upgrade -i flux fluxcd/flux --set git.url=https://github.com/******/airflow-eks-config.git -n airflow-dev

当我查看命名空间中的 pod 时，它们始终处于 Pending state 中。

apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubectl.kubernetes.io/restartedAt: "2022-10-04T10:41:54-04:00"
    kubernetes.io/psp: eks.privileged
  creationTimestamp: "2022-10-04T14:41:54Z"
  generateName: flux-596f88f8b5-
  labels:
    app: flux
    pod-template-hash: 596f88f8b5
    release: flux
  name: flux-596f88f8b5-9jglf
  namespace: airflow-dev
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name: flux-596f88f8b5
    uid: 5e86a479-96ca-46be-bec5-99a6ca64cb7b
  resourceVersion: "11948"
  uid: 672f236f-3a5e-4a40-a7f3-6b371e7434fc
spec:
  containers:
  - args:
    - --log-format=fmt
    - --ssh-keygen-dir=/var/fluxd/keygen
    - --ssh-keygen-format=RFC4716
    - --k8s-secret-name=flux-git-deploy
    - --memcached-hostname=flux-memcached
    - --sync-state=git
    - --memcached-service=
    - --git-url=https://github.com/****/airflow-eks-config.git
    - --git-branch=master
    - --git-path=
    - --git-readonly=false
    - --git-user=Weave Flux
    - --git-email=support@weave.works
    - --git-verify-signatures=false
    - --git-set-author=false
    - --git-poll-interval=5m
    - --git-timeout=20s
    - --sync-interval=5m
    - --git-ci-skip=false
    - --automation-interval=5m
    - --registry-rps=200
    - --registry-burst=125
    - --registry-trace=false
    env:
    - name: KUBECONFIG
      value: /root/.kubectl/config
    image: docker.io/fluxcd/flux:1.25.4
    imagePullPolicy: IfNotPresent
    livenessProbe:
      failureThreshold: 3
      httpGet:
        path: /api/flux/v6/identity.pub
        port: 3030
        scheme: HTTP
      initialDelaySeconds: 5
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 5
    name: flux
    ports:
    - containerPort: 3030
      name: http
      protocol: TCP
    readinessProbe:
      failureThreshold: 3
      httpGet:
        path: /api/flux/v6/identity.pub
        port: 3030
        scheme: HTTP
      initialDelaySeconds: 5
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 5
    resources:
      requests:
        cpu: 50m
        memory: 64Mi
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /root/.kubectl
      name: kubedir
    - mountPath: /etc/fluxd/ssh
      name: git-key
      readOnly: true
    - mountPath: /var/fluxd/keygen
      name: git-keygen
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-srqn4
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  nodeSelector:
    kubernetes.io/os: linux
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: flux
  serviceAccountName: flux
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - configMap:
      defaultMode: 420
      name: flux-kube-config
    name: kubedir
  - name: git-key
    secret:
      defaultMode: 256
      secretName: flux-git-deploy
  - emptyDir:
      medium: Memory
    name: git-keygen
  - name: kube-api-access-srqn4
    projected:
      defaultMode: 420
      sources:
      - serviceAccountToken:
          expirationSeconds: 3607
          path: token
      - configMap:
          items:
          - key: ca.crt
            path: ca.crt
          name: kube-root-ca.crt
      - downwardAPI:
          items:
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
            path: namespace
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2022-10-04T14:41:54Z"
    message: '0/2 nodes are available: 2 node(s) had taint {eks.amazonaws.com/compute-type:
      fargate}, that the pod didn''t tolerate.'
    reason: Unschedulable
    status: "False"
    type: PodScheduled
  phase: Pending
  qosClass: Burstable

正如您在上面看到的，pods 从未被调度，调度程序名称是 default-scheduler。 当我在不将 flux 部署到命名空间（意味着部署到默认值）的情况下执行相同操作时，schedulerName 是 fargate-scheduler 并且 pod 启动。

对做错了什么有什么想法吗？ 谢谢

Answer 1

在 Fargate 中，需要先创建 fargate-profile。 创建完成后，就可以创建命名空间，一切正常。