Symptom:
Pods always crashloopbackoff
"kubectl describe pod..." does not give meaningful info, as well as "kubectl get events"
Reason:
One of the likely reason is related to pod security policy. My situation is the existing pod security policy does not allow Nginx or Apache to run. It does not have
allowedCapabilities:
- NET_BIND_SERVICE
# apache or nginx need escalation to root to function well
allowPrivilegeEscalation: true
So the pods keep crashloopbackoff. To fix it is to add the above into the pod security policy.
No comments:
Post a Comment