我设置 kubelet 参数时遇到问题
cluster-dns
我的操作系统是 CentOS Linux 版本 7.0.1406(核心)
内核:
Linux master 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
kubelet 配置文件:
KUBELET_HOSTNAME="--hostname-override=master"
#KUBELET_API_SERVER="--api-servers=http://master:8080
KUBECONFIG="--kubeconfig=/root/.kube/config-demo"
KUBELET_DNS="–-cluster-dns=10.254.0.10"
KUBELET_DOMAIN="--cluster-domain=cluster.local"
# Add your own!
KUBELET_ARGS="--cgroup-driver=systemd --fail-swap-on=false --pod_infra_container_image=177.1.1.35/library/pause:latest"
配置文件:
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=4"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://master:8080"
kubelet.service 文件:
[Unit]
Description=Kubernetes Kubelet Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service
[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/kubelet
ExecStart=/usr/bin/kubelet \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBELET_API_SERVER \
$KUBELET_DNS \
$KUBELET_DOMAIN \
$KUBELET_ADDRESS \
$KUBELET_PORT \
$KUBELET_HOSTNAME \
$KUBE_ALLOW_PRIV \
$KUBELET_ARGS \
$KUBECONFIG
Restart=on-failure
KillMode=process
[Install]
WantedBy=multi-user.target
当我启动 kubelet 服务时,我可以看到“--cluster-dns=10.254.0.10”参数设置正确:
root 29705 1 1 13:24 ? 00:00:16 /usr/bin/kubelet --logtostderr=true --v=4 –-cluster-dns=10.254.0.10 --cluster-domain=cluster.local --hostname-override=master --allow-privileged=false --cgroup-driver=systemd --fail-swap-on=false --pod_infra_container_image=177.1.1.35/library/pause:latest --kubeconfig=/root/.kube/config-demo
但是当我使用 systemctl status kubelet 检查服务时,集群域参数只有“-”,例如:
systemctl status kubelet -l
● kubelet.service - Kubernetes Kubelet Server
Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2018-07-13 13:24:07 CST; 5s ago
Docs: https://github.com/GoogleCloudPlatform/kubernetes
Main PID: 29705 (kubelet)
Memory: 30.6M
CGroup: /system.slice/kubelet.service
└─29705 /usr/bin/kubelet --logtostderr=true --v=4 -cluster-dns=10.254.0.10 --cluster-domain=cluster.local --hostname-override=master --allow-privileged=false --cgroup-driver=systemd --fail-swap-on=false --pod_infra_container_image=177.1.1.35/library/pause:latest --kubeconfig=/root/.kube/config-demo
日志中显示 cluster-dns 标志中没有设置任何内容:
Jul 13 13:24:07 master kubelet: I0713 13:24:07.680625 29705 flags.go:27] FLAG: --cluster-dns="[]"
Jul 13 13:24:07 master kubelet: I0713 13:24:07.680636 29705 flags.go:27] FLAG: --cluster-domain="cluster.local"
有错误的 Pod:
pod: "java-deploy-69c84746b9-b2d7j_default(ce02d183-864f-11e8-9bdb-525400c4f6bf)". kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to "Default" policy.
我的 kube-dns 配置文件:
apiVersion: v1
kind: Service
metadata:
name: kube-dns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubernetes.io/name: "KubeDNS"
spec:
selector:
k8s-app: kube-dns
clusterIP: 10.254.0.10
ports:
- name: dns
port: 53
protocol: UDP
- name: dns-tcp
port: 53
protocol: TCP
---
#apiVersion: v1
#kind: ServiceAccount
#metadata:
# name: kube-dns
# namespace: kube-system
# labels:
# kubernetes.io/cluster-service: "true"
# addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: v1
kind: ConfigMap
metadata:
name: kube-dns
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: EnsureExists
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kube-dns
namespace: kube-system
labels:
k8s-app: kube-dns
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
# replicas: not specified here:
# 1. In order to make Addon Manager do not reconcile this replicas parameter.
# 2. Default is 1.
# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
strategy:
rollingUpdate:
maxSurge: 10%
maxUnavailable: 0
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
labels:
k8s-app: kube-dns
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
volumes:
- name: kube-dns-config
configMap:
name: kube-dns
optional: true
containers:
- name: kubedns
image: 177.1.1.35/library/kube-dns:1.14.8
resources:
# TODO: Set memory limits when we've profiled the container for large
# clusters, then set request = limit to keep this container in
# guaranteed class. Currently, this container falls into the
# "burstable" category so the kubelet doesn't backoff from restarting it.
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
livenessProbe:
httpGet:
path: /healthcheck/kubedns
port: 10054
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /readiness
port: 8081
scheme: HTTP
# we poll on pod startup for the Kubernetes master service and
# only setup the /readiness HTTP server once that's available.
initialDelaySeconds: 3
timeoutSeconds: 5
args:
- --domain=cluster.local.
- --dns-port=10053
- --config-dir=/kube-dns-config
- --kube-master-url=http://177.1.1.40:8080
- --v=2
env:
- name: PROMETHEUS_PORT
value: "10055"
ports:
- containerPort: 10053
name: dns-local
protocol: UDP
- containerPort: 10053
name: dns-tcp-local
protocol: TCP
- containerPort: 10055
name: metrics
protocol: TCP
volumeMounts:
- name: kube-dns-config
mountPath: /kube-dns-config
- name: dnsmasq
image: 177.1.1.35/library/dnsmasq:1.14.8
livenessProbe:
httpGet:
path: /healthcheck/dnsmasq
port: 10054
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
args:
- -v=2
- -logtostderr
- -configDir=/etc/k8s/dns/dnsmasq-nanny
- -restartDnsmasq=true
- --
- -k
- --cache-size=1000
- --no-negcache
- --log-facility=-
- --server=/cluster.local/127.0.0.1#10053
- --server=/in-addr.arpa/127.0.0.1#10053
- --server=/ip6.arpa/127.0.0.1#10053
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
# see: https://github.com/kubernetes/kubernetes/issues/29055 for details
resources:
requests:
cpu: 150m
memory: 20Mi
volumeMounts:
- name: kube-dns-config
mountPath: /etc/k8s/dns/dnsmasq-nanny
- name: sidecar
image: 177.1.1.35/library/sidecar:1.14.8
livenessProbe:
httpGet:
path: /metrics
port: 10054
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
args:
- --v=2
- --logtostderr
- --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local,5,SRV
- --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local,5,SRV
ports:
- containerPort: 10054
name: metrics
protocol: TCP
resources:
requests:
memory: 20Mi
cpu: 10m
dnsPolicy: Default # Don't use cluster DNS.
#serviceAccountName: kube-dns
重新检查您的 kubelet 配置:
KUBELET_DNS="–-cluster-dns=10.254.0.10"
在我看来,第一个破折号比第二个破折号长。
也许您所做的复制和粘贴导致了奇怪的字符。 重新输入并重试。
出现以下错误:
[root@master-node yum.repos.d]# kubeadm init W0427 14:43:28.946949 2265 kubelet.go:200]启动Kubelet时无法自动设置CgroupDriver:无法执行'docker info -f {{.CgroupDriver}}':退出状态1 I0427 14:43:29.613170 2265 version.go:251] 远程版本更新得多:v1.30.0;回落至: stable-1.20 [init] 使用 Kubernetes 版本:v1.20.15 [飞行前] 运行飞行前检查 [警告 Firewalld]:firewalld 处于活动状态,请确保端口 [6443 10250] 已打开,否则您的集群可能无法正常运行 [警告服务-Docker]:docker服务未启用,请运行“systemctl启用docker.service” [预检] 系统验证失败。打印验证的输出: 内核版本:3.10.0-1160.114.2.el7.x86_64 CONFIG_NAMESPACES:已启用 CONFIG_NET_NS:启用 CONFIG_PID_NS:启用 CONFIG_IPC_NS:启用 CONFIG_UTS_NS:启用 CONFIG_CGROUPS:启用 CONFIG_CGROUP_CPUACCT:启用 CONFIG_CGROUP_DEVICE:启用 CONFIG_CGROUP_FREEZER:启用 CONFIG_CGROUP_SCHED:启用 CONFIG_CPUSETS:启用 CONFIG_MEMCG:启用 CONFIG_INET:启用 CONFIG_EXT4_FS:启用(作为模块) CONFIG_PROC_FS:启用 CONFIG_NETFILTER_XT_TARGET_REDIRECT:启用(作为模块) CONFIG_NETFILTER_XT_MATCH_COMMENT:启用(作为模块) CONFIG_OVERLAY_FS:启用(作为模块) CONFIG_AUFS_FS:未设置 - aufs 必需的。 CONFIG_BLK_DEV_DM:启用(作为模块) 操作系统:Linux CGROUPS_CPU:已启用 CGROUPS_CPUACCT:启用 CGROUPS_CPUSET:启用 CGROUPS_DEVICES:已启用 CGROUPS_FREEZER:启用 CGROUPS_MEMORY:启用 CGROUPS_PIDS:启用 CGROUPS_HUGETLB:已启用 错误执行阶段预检:[预检]发生一些致命错误: [错误 CRI]:容器运行时未运行:输出:无法连接到位于 unix:///var/run/docker.sock 的 Docker 守护进程。 docker 守护进程是否正在运行? ,错误:退出状态1 [错误服务-Docker]:docker 服务未激活,请运行“systemctl start docker.service” [错误 IsDockerSystemdCheck]:无法执行“docker info -f {{.CgroupDriver}}”:退出状态 1 [错误文件内容--proc-sys-net-bridge-bridge-nf-call-iptables]:/proc/sys/net/bridge/bridge-nf-call-iptables 不存在 [错误 FileContent--proc-sys-net-ipv4-ip_forward]:/proc/sys/net/ipv4/ip_forward 内容未设置为 1 [错误系统验证]:执行“docker info --format '{{json .}}'”失败 输出:无法连接到位于 unix:///var/run/docker.sock 的 Docker 守护进程。 docker 守护进程是否正在运行? 错误:退出状态 1 [飞行前] 如果您知道自己在做什么,则可以使用
--ignore-preflight-errors=...
进行非致命检查
要查看此错误的堆栈跟踪,请使用 --v=5 或更高版本执行