Kubernetes排错
无法获取容器统计信息( Failed to get system container stats)
- 查看日志报错如下
[root@k8s-master ~]# tail -f /var/log/messages
Failed to get system container stats for "/system.slice/docker.service": failed to get cgroup stats for "/system.slice/docker.service": failed to get container info for "/system.slice/docker.service": unknown container "/system.slice/docker.service"
- 解决方法
vi /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
[Service]
CPUAccounting=true ## 添加 CPUAccounting=true 选项,开启 systemd CPU 统计功能
MemoryAccounting=true ## 添加 MemoryAccounting=true 选项,开启 systemd Memory 统计功能
systemctl daemon-reload
systemctl restart kubele
CS不健康(Unhealthy)
- cs状态如下
[root@k8s-master ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
controller-manager Unhealthy Get "http://127.0.0.1:10252/healthz": dial tcp 127.0.0.1:10252: connect: connection refused
scheduler Unhealthy Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused
etcd-0 Healthy {"health":"true"}
- 解决方法(进入这两个配置文件把port=0都注释并保存即可开启scheduler, control-manager的10251,10252端口)
[root@k8s-master ~]# vim /etc/kubernetes/manifests/kube-controller-manager.yaml
[root@k8s-master ~]# vim /etc/kubernetes/manifests/kube-scheduler.yaml
#- --port=0
[root@k8s-master ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health":"true"}
k8s安装CNI插件出现:dial tcp 10.96.0.1:443: i/o timeout
- 查看容器日志
[root@k8s-master ~]# kubectl logs -n kube-system calico-kube-controllers-848c5d445f-xpxrn
2023-07-27 20:56:59.010 [ERROR][1] client.go 261: Error getting cluster information config ClusterInformation="default" error=Get "https://10.96.0.1:443/apis/crd.projectcalico.org/v1/clusterinformations/default": dial tcp 10.96.0.1:443: i/o timeout
发现原因:我的Pod网段(因为只有一个calico Pod健康检查失败)与宿主机重叠了
- 解决方法:重装k8s集群并修改Pod网段
# 删除calico资源
kubectl delete -f calico.yaml
# 重置集群并删除残余文件(集群所有节点)
# kubeadm reset
# rm -rf /etc/kubernetes
# rm -rf /var/lib/etcd/
# rm -rf $HOME/.kube
# 修改配置文件
[root@k8s-master ~]# cat init-config.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.110.9 #改成你的Master节点ip地址
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: k8s-master
# taints: #污点可以直接注释
# - effect: NoSchedule
# key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
#imageRepository: k8s.gcr.io
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers #默认镜像仓库是国外的,改成阿里云的
kind: ClusterConfiguration
kubernetesVersion: v1.19.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/12 #这个不能根宿主机网段重叠
scheduler: {}
# 重新初始化master节点
[root@k8s-master ~]# kubeadm init --config=init-config.yaml
[root@k8s-master ~]# kubectl apply -f calico.yaml
- 查看Pod状态(发现全部Running)
[root@k8s-master ~]# kubectl get po -A -owide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system calico-kube-controllers-848c5d445f-8xk6m 1/1 Running 0 3m40s 10.255.156.65 k8s-node1 <none> <none>
kube-system calico-node-hdtpg 1/1 Running 0 3m40s 192.168.110.11 k8s-node2 <none> <none>
kube-system calico-node-jrldz 1/1 Running 0 3m40s 192.168.110.10 k8s-node1 <none> <none>
kube-system calico-node-xcbtg 1/1 Running 0 3m40s 192.168.110.9 k8s-master <none> <none>
kube-system coredns-6c76c8bb89-dbrmq 1/1 Running 0 14m 10.252.82.193 k8s-master <none> <none>
kube-system coredns-6c76c8bb89-qhs76 1/1 Running 0 14m 10.252.82.194 k8s-master <none> <none>
kube-system etcd-k8s-master 1/1 Running 0 14m 192.168.110.9 k8s-master <none> <none>
kube-system kube-apiserver-k8s-master 1/1 Running 0 14m 192.168.110.9 k8s-master <none> <none>
kube-system kube-controller-manager-k8s-master 1/1 Running 0 14m 192.168.110.9 k8s-master <none> <none>
kube-system kube-proxy-6bgbx 1/1 Running 0 11m 192.168.110.11 k8s-node2 <none> <none>
kube-system kube-proxy-szxlq 1/1 Running 0 11m 192.168.110.10 k8s-node1 <none> <none>
kube-system kube-proxy-wjjrc 1/1 Running 0 14m 192.168.110.9 k8s-master <none> <none>
kube-system kube-scheduler-k8s-master 1/1 Running 0 14m 192.168.110.9 k8s-master <none> <none>
etcd集群部署启动不了服务
- 查看etcd集群是否健康
[root@k8s-master1~]# etcdctl--cacert=/etc/kubernetes/pki/ca.crt--cert=/etc/etcd/pki/etcd_client.crt--key=/etc/etcd/pki/etcd_client.key--endpoints=https://192.168.110.9:2380,https://192.168.110.10:2380,https://192.168.110.11:2380endpointhealth
{"level":"warn","ts":"2023-08-02T00:31:09.970+0800","caller":"clientv3/retry_interceptor.go:62","msg":"retryingofunaryinvokerfailed","target":"endpoint://client-c05bba48-35ca-4dd8-97ca-ecfd8ffdc87b/192.168.110.11:2380","attempt":0,"error":"rpcerror:code=DeadlineExceededdesc=latestbalancererror:allSubConnsareinTransientFailure,latestconnectionerror:connectionerror:desc=\"transport:Errorwhiledialingdialtcp192.168.110.11:2380:connect:connectionrefused\""}{"level":"warn","ts":"2023-08-02T00:31:09.970+0800","caller":"clientv3/retry_interceptor.go:62","msg":"retryingofunaryinvokerfailed","target":"endpoint://client-879806a0-0f1f-4196-9c9e-71d6094b0294/192.168.110.9:2380","attempt":0,"error":"rpcerror:code=DeadlineExceededdesc=latestbalancererror:allSubConnsareinTransientFailure,latestconnectionerror:connectionerror:desc=\"transport:Errorwhiledialingdialtcp192.168.110.9:2380:connect:connectionrefused\""}{"level":"warn","ts":"2023-08-02T00:31:09.971+0800","caller":"clientv3/retry_interceptor.go:62","msg":"retryingofunaryinvokerfailed","target":"endpoint://client-562b2de9-28c9-4505-b29c-642c44b2993f/192.168.110.10:2380","attempt":0,"error":"rpcerror:code=DeadlineExceededdesc=latestbalancererror:allSubConnsareinTransientFailure,latestconnectionerror:connectionerror:desc=\"transport:Errorwhiledialingdialtcp192.168.110.10:2380:connect:connectionrefused\""}https://192.168.110.11:2380isunhealthy:failedtocommitproposal:contextdeadlineexceededhttps://192.168.110.9:2380isunhealthy:failedtocommitproposal:contextdeadlineexceededhttps://192.168.110.10:2380isunhealthy:failedtocommitproposal:contextdeadlineexceeded
- 查看日志:发现对端url发现http不等于https,那么就是配置文件写错了
[root@k8s-master1 ~]# journalctl -ex --no-pager
--initial-cluster has etcd1=https://192.168.110.9:2380 but missing from --initial-advertise-peer-urls=http://192.168.110.9:2380 ("http://192.168.110.9:2380"(resolved from "http://192.168.110.9:2380") != "https://192.168.110.9:2380"(resolved from "https://192.168.110.9:2380"))
- 解决方法:修改配置文件(etcd所有节点)
# vim /etc/etcd/etcd.conf
ETCD_LISTEN_PEER_URLS=https://192.168.110.9:2380
ETCD_INITIAL_ADVERTISE_PEER_URLS=https://192.168.110.9:2380
# 重启etcd服务
systemctl daemon-reload && systemctl restart etcd