在kubernetes中,如果使用其自帶的單機啟動腳本./hack/local-up-cluster.sh來啟動一個本地集群的話,會在kubelet的日志中觀察到類似以下內容的日志:
Failed to get system container stats for "/user.slice/user-1000.slice/session-c2.scope": failed to get cgroup stats for "/user.slice/user-1000.slice/session-c2.scope": failed to get container info for "/user.slice/user-1000.slice/session-c2.scope": unknown container "/user.slice/user-1000.slice/session-c2.scope"
經過一番調查,問題的根源在:
if cm.KubeletCgroupsName != "" { cont := newSystemCgroups(cm.KubeletCgroupsName) allowAllDevices := true manager := fs.Manager{ Cgroups: &configs.Cgroup{ Parent: "/", Name: cm.KubeletCgroupsName, Resources: &configs.Resources{ AllowAllDevices: &allowAllDevices, }, }, } cont.ensureStateFunc = func(_ *fs.Manager) error { return ensureProcessInContainerWithOOMScore(os.Getpid(), qos.KubeletOOMScoreAdj, &manager) } systemContainers = append(systemContainers, cont) } else { cm.periodicTasks = append(cm.periodicTasks, func() { if err := ensureProcessInContainerWithOOMScore(os.Getpid(), qos.KubeletOOMScoreAdj, nil); err != nil { klog.Error(err) return } klog.V(1).Infof("jay the pid is %#v\n", os.Getpid()) cont, err := getContainer(os.Getpid()) if err != nil { klog.Errorf("failed to find cgroups of kubelet - %v", err) return } cm.Lock() defer cm.Unlock() cm.KubeletCgroupsName = cont }) }
這里的核心代碼是: cont, err := getContainer(os.Getpid())
理論上來說,該代碼所執行的所在進程就應該是kubelet進程,因此它根據當前進程的pid找到自己所在的cgroup, 然后生成一個manager去監控kubelet進程所
消耗的資源。但是這里的問題是,使用./hack/local-up-cluster.sh腳本啟動的本地集群是使用docker啟動一個container,然后在這個container里面去運行這個kubelet進程的,因此
這里就會產生一些沖突。