调试 kubelet 未启动

Question

我正在尝试kubeadm设置开发大师。我遇到了 kubelet 运行状况检查失败的问题。我正在寻找如何调试它的方向。运行建议用于调试的命令 ( systemctl status kubelet) 看不到错误原因：

\n\n

kubelet.service - kubelet: The Kubernetes Node Agent\n   Loaded: loaded (/etc/systemd/system/kubelet.service; enabled; vendor preset: disabled)\n  Drop-In: /etc/systemd/system/kubelet.service.d\n           \xe2\x94\x94\xe2\x94\x8010-kubeadm.conf\n   Active: activating (auto-restart) (Result: exit-code) since Thu 2017-10-05 15:04:23 CDT; 4s ago\n     Docs: http://kubernetes.io/docs/\n  Process: 4786 ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CGROUP_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_EXTRA_ARGS (code=exited, status=1/FAILURE)\n Main PID: 4786 (code=exited, status=1/FAILURE)\n\nOct 05 15:04:23 master.domain..com systemd[1]: Unit kubelet.service entered failed state.\nOct 05 15:04:23 master.domain.com systemd[1]: kubelet.service failed.\n

\n\n

在哪里可以找到特定的错误消息来指示其未运行的原因？

\n\n

\n

运行swapoff -a禁用交换后，我仍然无法配置 Kubernetes。

\n

\n\n

这是完整的输出kubeadm init：

\n\n

$ kubeadm init\n[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.\n[init] Using Kubernetes version: v1.8.2\n[init] Using Authorization modes: [Node RBAC]\n[preflight] Running pre-flight checks\n[preflight] WARNING: docker version is greater than the most recently validated version. Docker version: 17.09.0-ce. Max validated version: 17.03\n[preflight] Starting the kubelet service\n[kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --token-ttl 0)\n[certificates] Generated ca certificate and key.\n[certificates] Generated apiserver certificate and key.\n[certificates] apiserver serving cert is signed for DNS names [master.my-domain.com kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.xx.xx.xx 10.xx.xx.xx]\n[certificates] Generated apiserver-kubelet-client certificate and key.\n[certificates] Generated sa key and public key.\n[certificates] Generated front-proxy-ca certificate and key.\n[certificates] Generated front-proxy-client certificate and key.\n[certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"\n[kubeconfig] Wrote KubeConfig file to disk: "admin.conf"\n[kubeconfig] Wrote KubeConfig file to disk: "kubelet.conf"\n[kubeconfig] Wrote KubeConfig file to disk: "controller-manager.conf"\n[kubeconfig] Wrote KubeConfig file to disk: "scheduler.conf"\n[controlplane] Wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml"\n[controlplane] Wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml"\n[controlplane] Wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml"\n[etcd] Wrote Static Pod manifest for a local etcd instance to "/etc/kubernetes/manifests/etcd.yaml"\n[init] Waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests"\n[init] This often takes around a minute; or longer if the control plane images have to be pulled.\n[kubelet-check] It seems like the kubelet isn\'t running or healthy.\n[kubelet-check] The HTTP call equal to \'curl -sSL http://localhost:10255/healthz\' failed with error: Get http://localhost:10255/healthz: dial tcp 127.0.0.1:10255: getsockopt: connection refused.\n[kubelet-check] It seems like the kubelet isn\'t running or healthy.\n[kubelet-check] The HTTP call equal to \'curl -sSL http://localhost:10255/healthz\' failed with error: Get http://localhost:10255/healthz: dial tcp 127.0.0.1:10255: getsockopt: connection refused.\n[kubelet-check] It seems like the kubelet isn\'t running or healthy.\n[kubelet-check] The HTTP call equal to \'curl -sSL http://localhost:10255/healthz\' failed with error: Get http://localhost:10255/healthz: dial tcp 127.0.0.1:10255: getsockopt: connection refused.\n[kubelet-check] It seems like the kubelet isn\'t running or healthy.\n[kubelet-check] The HTTP call equal to \'curl -sSL http://localhost:10255/healthz/syncloop\' failed with error: Get http://localhost:10255/healthz/syncloop: dial tcp 127.0.0.1:10255: getsockopt: connection refused.\n[kubelet-check] It seems like the kubelet isn\'t running or healthy.\n[kubelet-check] The HTTP call equal to \'curl -sSL http://localhost:10255/healthz/syncloop\' failed with error: Get http://localhost:10255/healthz/syncloop: dial tcp 127.0.0.1:10255: getsockopt: connection refused.\n[kubelet-check] It seems like the kubelet isn\'t running or healthy.\n[kubelet-check] The HTTP call equal to \'curl -sSL http://localhost:10255/healthz/syncloop\' failed with error: Get http://localhost:10255/healthz/syncloop: dial tcp 127.0.0.1:10255: getsockopt: connection refused.\n[kubelet-check] It seems like the kubelet isn\'t running or healthy.\n[kubelet-check] The HTTP call equal to \'curl -sSL http://localhost:10255/healthz\' failed with error: Get http://localhost:10255/healthz: dial tcp 127.0.0.1:10255: getsockopt: connection refused.\n[kubelet-check] It seems like the kubelet isn\'t running or healthy.\n[kubelet-check] The HTTP call equal to \'curl -sSL http://localhost:10255/healthz/syncloop\' failed with error: Get http://localhost:10255/healthz/syncloop: dial tcp 127.0.0.1:10255: getsockopt: connection refused.\n[kubelet-check] It seems like the kubelet isn\'t running or healthy.\n[kubelet-check] The HTTP call equal to \'curl -sSL http://localhost:10255/healthz\' failed with error: Get http://localhost:10255/healthz: dial tcp 127.0.0.1:10255: getsockopt: connection refused.\n\nUnfortunately, an error has occurred:\n    timed out waiting for the condition\n\nThis error is likely caused by that:\n    - The kubelet is not running\n    - The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)\n    - There is no internet connection; so the kubelet can\'t pull the following control plane images:\n        - gcr.io/google_containers/kube-apiserver-amd64:v1.8.2\n        - gcr.io/google_containers/kube-controller-manager-amd64:v1.8.2\n        - gcr.io/google_containers/kube-scheduler-amd64:v1.8.2\n\nYou can troubleshoot this for example with the following commands if you\'re on a systemd-powered system:\n    - \'systemctl status kubelet\'\n    - \'journalctl -xeu kubelet\'\ncouldn\'t initialize a Kubernetes cluster\n

\n\n

我还尝试删除 docker 存储库并安装无法运行的 Docker 1.12 -Error starting daemon: SELinux is not supported with the overlay graph driver on this kernel. Either boot into a newer kernel or disable selinux ...

\n

Answer 1

--fail-swap-on=false通过在systemd脚本中进行设置解决了问题。只需对文件进行修改即可/etc/systemd/system/kubelet.service.d/10-kubeadm.conf

Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true --fail-swap-on=false"

然后运行systemctl daemon-reload然后systemctl restart kubelet