Docker的Cgroup driver默認使用cgroupfs作為驅動程序,而在部署k8s集群的時候,日志信息提示建議將驅動程序改為systemd.
由於集群是剛搭建的環境,此時方便修改docker驅動程序,若是已上線業務的生產環境,不建議直接修改
首先,將docker驅動程序改為systemd
]# cat /etc/docker/daemon.json { "exec-opts": ["native.cgroupdriver=systemd"], #指定驅動程序為systemd "registry-mirrors": ["和諧加速源IP地址"], "data-root":"/data/docker", "log-opts":{ "max-size":"100m" } }
]# systemctl restart docker #重啟docker
重啟后發現集群組件無法被kubelet重新拉起,重啟kubelet后發現程序報錯
]# systemctl status kubelet ● kubelet.service - kubelet: The Kubernetes Node Agent Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/kubelet.service.d └─10-kubeadm.conf Active: activating (auto-restart) (Result: exit-code) since 四 2021-01-14 23:46:09 CST; 4s ago Docs: https://kubernetes.io/docs/ Process: 17545 ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS (code=exited, status=255) Main PID: 17545 (code=exited, status=255)
這里很明顯可以推斷出是由於docker驅動程序修改導致不匹配問題,根據systemd啟動文件內容找到kubelet的配置文件路徑為/var/lib/kubelet/config.yaml
apiVersion: kubelet.config.k8s.io/v1beta1 authentication: anonymous: enabled: false webhook: cacheTTL: 0s enabled: true x509: clientCAFile: /etc/kubernetes/pki/ca.crt authorization: mode: Webhook webhook: cacheAuthorizedTTL: 0s cacheUnauthorizedTTL: 0s cgroupDriver: systemd #將該字段的cgroupfs修改為systemd clusterDNS: - 10.96.0.10 .... #以下內容省略
保存后重啟kubelet,運行正常
]# systemctl status kubelet ● kubelet.service - kubelet: The Kubernetes Node Agent Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/kubelet.service.d └─10-kubeadm.conf Active: active (running) since 四 2021-01-14 23:47:38 CST; 5min ago
... #以下內容省略
]# ss -ntlup | grep kubelet
tcp LISTEN 0 128 127.0.0.1:10248 *:* users:(("kubelet",pid=18581,fd=27))
tcp LISTEN 0 128 127.0.0.1:38504 *:* users:(("kubelet",pid=18581,fd=12))
tcp LISTEN 0 128 :::10250 :::* users:(("kubelet",pid=18581,fd=30))