kubernetes叢集二進位制檔案安裝方式過程中,出現的異常彙總
異常【kubelet cgroup driver:cgroupfs跟docker cgroup driver:systemd不一致】
-
異常描述
error: failed to run Kubelet: failed to create kubelet: misconfiguration: kubelet cgroup driver: "cgroupfs" is different from docker cgroup driver: "systemd"
啟動kubelet時
#啟動kubelet service kubelet start #檢視kubelet日誌 journalctl -f -u kubelet 複製程式碼提示如下錯誤
10月 11 20:05:18 server03 kubelet[15984]: error: failed to run Kubelet: failed to create kubelet: misconfiguration: kubelet cgroup driver: "cgroupfs" is different from docker cgroup driver: "systemd" 10月 11 20:05:18 server03 systemd[1]: kubelet.service: main process exited, code=exited, status=1/FAILURE 10月 11 20:05:18 server03 systemd[1]: Unit kubelet.service entered failed state. 10月 11 20:05:18 server03 systemd[1]: kubelet.service failed. 複製程式碼 -
原因分析
kubelet檔案驅動預設cgroupfs, 而我們安裝的docker使用的檔案驅動是systemd, 造成不一致, 導致映象無法啟動。
現在有兩種方式, 一種是修改docker, 另一種是修改kubelet。 我這裡採用修改docker的方式
==注意==:
網上大部分教程都是說直接修改daemon.json#修改daemon.json vi /etc/docker/daemon.json #新增如下屬性 "exec-opts": [ "native.cgroupdriver=systemd" ] 複製程式碼這樣會導致修改後,docker無法啟動成功,提示
daemon.json與/lib/systemd/system/docker.service中native.cgroupdriver=systemd重複存在。 -
解決方案(修改docker)
# 修改前檢視docker Cgroup Driver [root@server02 ~]# docker info ... Server Version: 1.13.1 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: journald Cgroup Driver: systemd ... 複製程式碼# 修改docker.service vi /lib/systemd/system/docker.service 複製程式碼找到 --exec-opt native.cgroupdriver=systemd \ 修改為: --exec-opt native.cgroupdriver=cgroupfs \ 複製程式碼# 重啟docker systemctl daemon-reload systemctl restart docker 複製程式碼# 修改後檢視docker Cgroup Driver [root@server03 sysconfig]# docker info ... Server Version: 1.13.1 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: journald Cgroup Driver: cgroupfs ... 複製程式碼
異常【Failed to get system container stats for kubelet.service】
-
異常描述
failed to get container info for "/system.slice/kubelet.service": unknown container "/system.slice/kubelet.service"
啟動kubelet時
service kubelet start #檢視kubelet日誌 journalctl -f -u kubelet 複製程式碼提示如下錯誤
10月 11 19:37:46 server01 kubelet[64872]: E1011 19:37:46.150198 64872 summary.go:92] Failed to get system container stats for "/system.slice/kubelet.service": failed to get cgroup stats for "/system.slice/kubelet.service": failed to get container info for "/system.slice/kubelet.service": unknown container "/system.slice/kubelet.service" 複製程式碼 -
解決方案
# 修改kubelet.service vi /lib/systemd/system/kubelet.service 複製程式碼#在ExecStart位置最後面,新增如下配置 --runtime-cgroups=/systemd/system.slice \ --kubelet-cgroups=/systemd/system.slice 複製程式碼修改後的/lib/systemd/system/kubelet.service
[Unit] Description=Kubernetes Kubelet Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=docker.service Requires=docker.service [Service] WorkingDirectory=/var/lib/kubelet ExecStart=/opt/modules/kubernetes-bins/kubelet \ --address=192.168.1.188 \ --hostname-override=192.168.1.188 \ --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/imooc/pause-amd64:3.0 \ --kubeconfig=/etc/kubernetes/kubelet.kubeconfig \ --network-plugin=cni \ --cni-conf-dir=/etc/cni/net.d \ --cni-bin-dir=/opt/modules/kubernetes-bins \ --cluster-dns=10.68.0.2 \ --cluster-domain=cluster.local. \ --allow-privileged=true \ --fail-swap-on=false \ --logtostderr=true \ --v=2 \ --runtime-cgroups=/systemd/system.slice \ --kubelet-cgroups=/systemd/system.slice #kubelet cAdvisor 預設在所有介面監聽 4194 埠的請求, 以下iptables限制內網訪問 ExecStartPost=/sbin/iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 4194 -j ACCEPT ExecStartPost=/sbin/iptables -A INPUT -s 172.16.0.0/12 -p tcp --dport 4194 -j ACCEPT ExecStartPost=/sbin/iptables -A INPUT -s 192.168.0.0/16 -p tcp --dport 4194 -j ACCEPT ExecStartPost=/sbin/iptables -A INPUT -p tcp --dport 4194 -j DROP Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target 複製程式碼