k8s部署相关问题
k8s部署相关问题执行kubeadm init报错报错[ERROR Swap]报错[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]附言执行kubeadm init报错报错内容,如:[kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:102
k8s部署相关问题
执行kubeadm init报错
报错内容,如:
[kubelet-check] The HTTP call equal to ‘curl -sSL http://localhost:10248/healthz’ failed with error: Get “http://localhost:10248/healthz”: dial tcp [::1]:10248: connect: connection refused.
错误分析:journalctl -xeu kubelet,查看fail内容
journalctl -xeu kubelet | grep fail
原因分析:
1、swap分区未关闭
2、缺少/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
# Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true --fail-swap-on=false"
# Note: This dropin only works with kubeadm and kubelet v1.11+
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
#This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/default/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
3、从节点上是否有docker镜像运行,可以在node节点上添加一个镜像并运行,如下:
docker pull redis && docker run -d -p 6379 --name myredis redis
4、在/etc/kubernetes下有manifests文件夹,需删除
rm -rf manifests/
以上执行后需要重新启动kubelet
systemctl daemon-reload && systemctl restart kubelet
报错[ERROR Swap]
解决:swapoff -a && sed -ri ‘s/.swap./#&/’ /etc/fstab
报错[ERROR FileContent–proc-sys-net-bridge-bridge-nf-call-iptables]
解决:
echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables
默认token有效期为24小时,当过期之后,该token就不可用了。这时就需要重新创建token,操作如下:
$ kubeadm token create
$ kubeadm token list
$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
63bca849e0e01691ae14eab449570284f0c3ddeea590f8da988c07fe2729e924
$ kubeadm join 192.168.31.61:6443 --token nuja6n.o3jrhsffiqs9swnu --discovery-token-ca-cert-hash sha256:63bca849e0e01691ae14eab449570284f0c3ddeea590f8da988c07fe2729e924
或者直接命令快捷生成:kubeadm token create --print-join-command
附言
在实际工作中,看到有许多人,有的甚至是工作好多年的技术人员,处理问题时,都是盲目听信网上建议。在此,建议大家在出现问题时,应尽量阅读报错信息及查阅返回状态码,还有后面的处理建议。在此基础上锁定问题,再寻找解决方法,切勿根据只言片语,从网上盲目找方法去执行代码,解决问题。以免造成更大的生产问题,或隐藏的遗留问题。一定要树立正确的处理问题的方法。
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献3条内容
所有评论(0)