Docker的Cgroup driver默认使用cgroupfs作为驱动程序,而在部署k8s集群的时候,日志信息提示建议将驱动程序改为systemd.
由于集群是刚搭建的环境,此时方便修改docker驱动程序,若是已上线业务的生产环境,不建议直接修改
首先,将docker驱动程序改为systemd
]# cat /etc/docker/daemon.json { "exec-opts": ["native.cgroupdriver=systemd"], #指定驱动程序为systemd "registry-mirrors": ["和谐加速源IP地址"], "data-root":"/data/docker", "log-opts":{ "max-size":"100m" } }
]# systemctl restart docker #重启docker
重启后发现集群组件无法被kubelet重新拉起,重启kubelet后发现程序报错
]# systemctl status kubelet ● kubelet.service - kubelet: The Kubernetes Node Agent Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/kubelet.service.d └─10-kubeadm.conf Active: activating (auto-restart) (Result: exit-code) since 四 2021-01-14 23:46:09 CST; 4s ago Docs: https://kubernetes.io/docs/ Process: 17545 ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS (code=exited, status=255) Main PID: 17545 (code=exited, status=255)
这里很明显可以推断出是由于docker驱动程序修改导致不匹配问题,根据systemd启动文件内容找到kubelet的配置文件路径为/var/lib/kubelet/config.yaml
apiVersion: kubelet.config.k8s.io/v1beta1 authentication: anonymous: enabled: false webhook: cacheTTL: 0s enabled: true x509: clientCAFile: /etc/kubernetes/pki/ca.crt authorization: mode: Webhook webhook: cacheAuthorizedTTL: 0s cacheUnauthorizedTTL: 0s cgroupDriver: systemd #将该字段的cgroupfs修改为systemd clusterDNS: - 10.96.0.10 .... #以下内容省略
保存后重启kubelet,运行正常
]# systemctl status kubelet ● kubelet.service - kubelet: The Kubernetes Node Agent Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/kubelet.service.d └─10-kubeadm.conf Active: active (running) since 四 2021-01-14 23:47:38 CST; 5min ago
... #以下内容省略
]# ss -ntlup | grep kubelet
tcp LISTEN 0 128 127.0.0.1:10248 *:* users:(("kubelet",pid=18581,fd=27))
tcp LISTEN 0 128 127.0.0.1:38504 *:* users:(("kubelet",pid=18581,fd=12))
tcp LISTEN 0 128 :::10250 :::* users:(("kubelet",pid=18581,fd=30))