pod和flannel常見(jiàn)異常的排查方法有哪些
本篇內(nèi)容主要講解“pod和flannel常見(jiàn)異常的排查方法有哪些”�,感興趣的朋友不妨來(lái)看看。本文介紹的方法操作簡(jiǎn)單快捷���,實(shí)用性強(qiáng)。下面就讓小編來(lái)帶大家學(xué)習(xí)“pod和flannel常見(jiàn)異常的排查方法有哪些”吧!
1)pod故障排查
一般情況下���,問(wèn)題出在pod本身�����,我們可以按照如下步驟進(jìn)行分析定位問(wèn)題
- kubectl get pod 查看是否存在不正常的pod
- journalctl -u kubelet -f 查看kubelet���,是否存在異常日志
- kubectl logs pod/xxxxx -n kube-syste
2)示例排查 CrashLoopBackOff和OOMkilled異常
1 查看節(jié)點(diǎn)運(yùn)行情況
[root@k8s-m1 src]# kubectl get nodeNAME STATUS ROLES AGE VERSIONk8s-c1 Ready <none> 16h v1.14.2k8s-m1 Ready master 17h v1.14.2
2 首先查看pod狀態(tài)是否正常
[root@k8s-m1 docker]# kubectl get pod -n kube-system NAME READY STATUS RESTARTS AGEcoredns-fb8b8dccf-5g2cx 1/1 Running 0 2d14hcoredns-fb8b8dccf-c5skq 1/1 Running 0 2d14hetcd-k8s-master 1/1 Running 0 2d14hkube-apiserver-k8s-master 1/1 Running 0 2d14hkube-controller-manager-k8s-master 1/1 Running 0 2d14hkube-flannel-ds-arm64-7cr2b 0/1 CrashLoopBackOff 629 2d12hkube-flannel-ds-arm64-hnsrv 0/1 CrashLoopBackOff 4 2d12hkube-proxy-ldw8m 1/1 Running 0 2d14hkube-proxy-xkfdw 1/1 Running 0 2d14hkube-scheduler-k8s-master 1/1 Running 0 2d14h
發(fā)現(xiàn)網(wǎng)絡(luò)插件kube-flannel一直在嘗試重啟���,有時(shí)能夠正常,有時(shí)提示 CrashLoopBackOff有時(shí)OOMKilled
3 查看kublet日志[root@k8s-m1 src]# journalctl -u kubelet -f12月 09 09:12:45 k8s-m1 kubelet[35667]: E1209 09:12:45.895575 35667 pod_workers.go:190] Error syncing pod 2eaa8ef9-1822-11ea-a1d9-70fd45ac3f1f ("kube-flannel-ds-arm64-7cr2b_kube-system(2eaa8ef9-1822-11ea-a1d9-70fd45ac3f1f)"), skipping: failed to "StartContainer" for "kube-flannel" with CrashLoopBackOff: "Back-off 5m0s restarting failed container=kube-flannel pod=kube-flannel-ds-arm64-7cr2b_kube-system(2eaa8ef9-1822-11ea-a1d9-70fd45ac3f1f)"
4 查看網(wǎng)路插件kube-flannel的日志
[root@k8s-m1 src]# kubectl logs kube-flannel-ds-arm64-88rjz -n kube-systemE1209 01:20:42.527856 1 iptables.go:115] Failed to ensure iptables rules: Error checking rule existence: failed to check rule existence: running [/sbin/iptables -t nat -C POSTROUTING ! -s 10.244.0.0/16 -d 10.244.0.0/16 -j MASQUERADE --random-fully --wait]: exit status -1: E1209 01:20:46.928502 1 iptables.go:115] Failed to ensure iptables rules: Error checking rule existence: failed to check rule existence: running [/sbin/iptables -t filter -C FORWARD -s 10.244.0.0/16 -j ACCEPT --wait]: exit status -1: E1209 01:20:52.128049 1 iptables.go:115] Failed to ensure iptables rules: Error checking rule existence: failed to check rule existence: running [/sbin/iptables -t filter -C FORWARD -s 10.244.0.0/16 -j ACCEPT --wait]: exit status -1: E1209 01:20:52.932263 1 iptables.go:115] Failed to ensure iptables rules: Error checking rule existence: failed to check rule existence: fork/exec /sbin/iptables: cannot allocate memory
剛開(kāi)始一直懷疑是iptables問(wèn)題����,當(dāng)我嘗試把iptables.go中執(zhí)行命令拷貝到命令行之后可以正常執(zhí)行,這個(gè)時(shí)候就不知所以然了,直到我發(fā)現(xiàn)有時(shí)pod會(huì)提示;
kube-flannel-ds-arm64-hnsrv 0/1 OOMKilled 4 2d12h
一直在思考是不是kube-flannel內(nèi)存配置太小導(dǎo)致的�����,我直接嘗試把內(nèi)存從50M修改到200M���,直接解決問(wèn)題了����,如下所示:containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.11.0-amd64 command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN"]
3)ImagePullBackOff 異常解決
一般出現(xiàn)這個(gè)異常大多以下兩個(gè)原因造成的:- 鏡像名稱無(wú)效-例如���,你拼錯(cuò)了名稱�����,或者 image 不存在
4)網(wǎng)絡(luò)插件kube-flannel無(wú)法啟動(dòng)問(wèn)題
一般情況下是因?yàn)榫W(wǎng)絡(luò)插件flannel下載問(wèn)題����,默認(rèn)的網(wǎng)絡(luò)插件下載地址是quay.io/coreos/flannel,但是這個(gè)地址國(guó)內(nèi)網(wǎng)絡(luò)無(wú)法直接訪問(wèn)到�,這個(gè)時(shí)候我們需要從quay-mirror.qiniu.com/coreos/flannel地址下載,然后重命名城quay.io���,然后執(zhí)行
kubectl create -f kube-flannel.yml
5)子節(jié)點(diǎn)無(wú)法加入問(wèn)題
主節(jié)點(diǎn)一切安裝成功���,并且提示子節(jié)點(diǎn)加入命令,當(dāng)輸入到子節(jié)點(diǎn)時(shí)發(fā)現(xiàn)無(wú)法加入�,或者一直卡在加入shell命令行界面,無(wú)法加入�。
第一:先看防火墻 systemctl firewalld.service status 因?yàn)榧洪g需要組網(wǎng)通信,如果防火墻是打開(kāi)的建議關(guān)閉或者加入到iptables里面�。默認(rèn)可以訪問(wèn)。
第二:查看自己是否配置host組件
- 執(zhí)行cat /etc/hosts命令��,修改hosts文件���。
- 添加集群所有節(jié)點(diǎn)的IP及hostname信息
- hostnamectl --static set-hostname centos-1依次執(zhí)行
如果還是沒(méi)有解決則需要根據(jù)節(jié)點(diǎn)日志���,具體問(wèn)題具體分析解決。
6)OCI runtime create failed
12月 09 08:56:41 k8s-client1 kubelet[39382]: E1209 08:56:41.691178 39382 kuberuntime_sandbox.go:68] CreatePodSandbox for pod "kube-flannel-ds-arm64-hnsrv_kube-system(2eaafd62-1822-11ea-a1d9-70fd45ac3f1f)" failed: rpc error: code = Unknown desc = failed to start sandbox container for pod "kube-flannel-ds-arm64-hnsrv": Error response from daemon: OCI runtime create failed: systemd cgroup flag passed, but systemd support for managing cgroups is not available: unknown
查看daemon.json文件
因?yàn)橹付藄ystemd����,導(dǎo)致文件docker 運(yùn)行鏡像失敗
cat /etc/docker/daemon.json{“registry-mirrors”: [“https://registry.docker-cn.co”],“exec-opts”: [“native.cgroupdriver=systemd”]}去掉
“exec-opts”: [“native.cgroupdriver=systemd”]
重啟docker 服務(wù)
7)子節(jié)點(diǎn)不支持kubectl get node
The connection to the server localhost:8080 was refused - did you specify the right host or port?
出現(xiàn)這個(gè)問(wèn)題的原因是kubectl命令需要使用kubernetes-admin來(lái)運(yùn)行,
- 解決方法如下�����,將主節(jié)點(diǎn)中的【/etc/kubernetes/admin.conf】文件拷貝到從節(jié)點(diǎn)相同目錄下�,然后如提示配置環(huán)境變量:
Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile source ~/.bash_profile
到此,相信大家對(duì)“pod和flannel常見(jiàn)異常的排查方法有哪些”有了更深的了解��,不妨來(lái)實(shí)際操作一番吧����!這里是億速云網(wǎng)站,更多相關(guān)內(nèi)容可以進(jìn)入相關(guān)頻道進(jìn)行查詢��,關(guān)注我們����,繼續(xù)學(xué)習(xí)��!
