kubernetes集群二進(jìn)制文件安裝方式過程中,出現(xiàn)的異常匯總
異潮窘瘢【kubelet cgroup driver:cgroupfs跟docker cgroup driver:systemd不一致】
-
異常描述
error: failed to run Kubelet: failed to create kubelet: misconfiguration: kubelet cgroup driver: "cgroupfs" is different from docker cgroup driver: "systemd"
啟動(dòng)kubelet時(shí)
#啟動(dòng)kubelet service kubelet start #查看kubelet日志 journalctl -f -u kubelet提示如下錯(cuò)誤
10月 11 20:05:18 server03 kubelet[15984]: error: failed to run Kubelet: failed to create kubelet: misconfiguration: kubelet cgroup driver: "cgroupfs" is different from docker cgroup driver: "systemd" 10月 11 20:05:18 server03 systemd[1]: kubelet.service: main process exited, code=exited, status=1/FAILURE 10月 11 20:05:18 server03 systemd[1]: Unit kubelet.service entered failed state. 10月 11 20:05:18 server03 systemd[1]: kubelet.service failed. -
原因分析
kubelet文件驅(qū)動(dòng)默認(rèn)cgroupfs, 而我們安裝的docker使用的文件驅(qū)動(dòng)是systemd, 造成不一致, 導(dǎo)致鏡像無法啟動(dòng)酥诽。
現(xiàn)在有兩種方式, 一種是修改docker, 另一種是修改kubelet斥赋。
我這里采用修改docker的方式
==注意==:
網(wǎng)上大部分教程都是說直接修改daemon.json#修改daemon.json vi /etc/docker/daemon.json #添加如下屬性 "exec-opts": [ "native.cgroupdriver=systemd" ]這樣會(huì)導(dǎo)致修改后,docker無法啟動(dòng)成功,提示
daemon.json與/lib/systemd/system/docker.service中native.cgroupdriver=systemd重復(fù)存在。 -
解決方案(修改docker)
# 修改前查看docker Cgroup Driver [root@server02 ~]# docker info ... Server Version: 1.13.1 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: journald Cgroup Driver: systemd ...# 修改docker.service vi /lib/systemd/system/docker.service找到 --exec-opt native.cgroupdriver=systemd \ 修改為: --exec-opt native.cgroupdriver=cgroupfs \# 重啟docker systemctl daemon-reload systemctl restart docker# 修改后查看docker Cgroup Driver [root@server03 sysconfig]# docker info ... Server Version: 1.13.1 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: journald Cgroup Driver: cgroupfs ...
異常【Failed to get system container stats for kubelet.service】
-
異常描述
failed to get container info for "/system.slice/kubelet.service": unknown container "/system.slice/kubelet.service"
啟動(dòng)kubelet時(shí)
service kubelet start #查看kubelet日志 journalctl -f -u kubelet提示如下錯(cuò)誤
10月 11 19:37:46 server01 kubelet[64872]: E1011 19:37:46.150198 64872 summary.go:92] Failed to get system container stats for "/system.slice/kubelet.service": failed to get cgroup stats for "/system.slice/kubelet.service": failed to get container info for "/system.slice/kubelet.service": unknown container "/system.slice/kubelet.service" -
解決方案
# 修改kubelet.service vi /lib/systemd/system/kubelet.service#在ExecStart位置最后面枪汪,添加如下配置 --runtime-cgroups=/systemd/system.slice \ --kubelet-cgroups=/systemd/system.slice修改后的/lib/systemd/system/kubelet.service
[Unit] Description=Kubernetes Kubelet Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=docker.service Requires=docker.service [Service] WorkingDirectory=/var/lib/kubelet ExecStart=/opt/modules/kubernetes-bins/kubelet \ --address=192.168.1.188 \ --hostname-override=192.168.1.188 \ --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/imooc/pause-amd64:3.0 \ --kubeconfig=/etc/kubernetes/kubelet.kubeconfig \ --network-plugin=cni \ --cni-conf-dir=/etc/cni/net.d \ --cni-bin-dir=/opt/modules/kubernetes-bins \ --cluster-dns=10.68.0.2 \ --cluster-domain=cluster.local. \ --allow-privileged=true \ --fail-swap-on=false \ --logtostderr=true \ --v=2 \ --runtime-cgroups=/systemd/system.slice \ --kubelet-cgroups=/systemd/system.slice #kubelet cAdvisor 默認(rèn)在所有接口監(jiān)聽 4194 端口的請(qǐng)求, 以下iptables限制內(nèi)網(wǎng)訪問 ExecStartPost=/sbin/iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 4194 -j ACCEPT ExecStartPost=/sbin/iptables -A INPUT -s 172.16.0.0/12 -p tcp --dport 4194 -j ACCEPT ExecStartPost=/sbin/iptables -A INPUT -s 192.168.0.0/16 -p tcp --dport 4194 -j ACCEPT ExecStartPost=/sbin/iptables -A INPUT -p tcp --dport 4194 -j DROP Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target
