报错信息

集群初始化时kube-controller-manager pod一直无法启动，查看详细信息看到报错如下 oci runtime error: container_linux.go:265: starting container process caused "process_linux.go:368: container init caused \"rootfs_linux.go:57: mounting \\\"/etc/ssl/certs\\\" to rootfs \\\"/var/lib/docker/overlay2/8e6a3e3ad21e57684e48a855293528de53a81681a12f4a8f0eaa5b8b4eb47f34/merged\\\" at \\\"/var/lib/docker/overlay2/8e6a3e3ad21e57684e48a855293528de53a81681a12f4a8f0eaa5b8b4eb47f34/merged/etc/pki/tls/certs\\\" caused \\\"mkdir /var/lib/docker/overlay2/8e6a3e3ad21e57684e48a855293528de53a81681a12f4a8f0eaa5b8b4eb47f34/merged/etc/pki/tls: read-only file system\\\"\""

解决过程

切换至这个目录，其实手动可以创建目录，并非read-only file system

对比CentOS操作系统，可以正常安装，所有的K8S集群配置一样

查看自动生成的kube-controller-manager的yaml文件

# cd /etc/kubernetes/manifests/

# vim kube-controller-manager.yaml 看到

- mountPath: /etc/pki name: ca-certs-etc-pki readOnly: true 尝试将readOnly: true这一行删除，发现Pod正常创建了