Kubernetes kube-dns在crashloop中暂停容器,添加networking时出错:statfs \“/ proc / 54226 / ns / net \”失败:

我有一个Kubernetes onebox部署与以下(集装箱)组件,都运行--net=host ,kubelet运行作为特权的Docker容器与kubernetes标志--allow-privileged允许--allow-privileged设置为true。 

 gcr.io/google_containers/hyperkube-amd64:v1.7.9 "/bin/bash -c './hype" kubelet gcr.io/google_containers/hyperkube-amd64:v1.7.9 "/bin/bash -c './hype" kube-proxy gcr.io/google_containers/hyperkube-amd64:v1.7.9 "/bin/bash -c './hype" kube-scheduler gcr.io/google_containers/hyperkube-amd64:v1.7.9 "/bin/bash -c './hype" kube-controller-manager gcr.io/google_containers/hyperkube-amd64:v1.7.9 "/bin/bash -c './hype" kube-apiserver quay.io/coreos/etcd:v3.1.0 "/usr/local/bin/etcd " etcd

最重要的是,我启用了使用kubectl create -f https://github.com/kubernetes/kubernetes/blob/master/test/kubemark/resources/manifests/kube-addon-manager.yaml的插件pipe理器kubectl create -f https://github.com/kubernetes/kubernetes/blob/master/test/kubemark/resources/manifests/kube-addon-manager.yaml ,默认yamlperformance为挂载到/etc/kubernetes/addons/棉布2.6.1和kube-dns 1.14.5。 印花布吊舱出现了两个节点(install-cni和calico-node)。

但是,kube-dns卡在ContainerCreating或ContainerCannotRun中,尝试启动Kubernetes暂停容器时出现以下错误: 

 {"log":"I1111 00:35:19.549318 1 manager.go:913] Added container: \"/kubepods/burstable/pod3173eef3-c678-11e7-ac4b-e41d2d59689e/1dd57d6f6c996d7abe061f6236fc8a0150cf6f95d16d5c3c462c9ed7158d3c54\" (aliases: [k8s_POD_kube-dns-v20-141138543-pmdww_kube-system_3173eef3-c678-11e7-ac4b-e41d2d59689e_0 1dd57d6f6c996d7abe061f6236fc8a0150cf6f95d16d5c3c462c9ed7158d3c54], namespace: \"docker\")\n","stream":"stderr","time":"2017-11-11T00:35:19.5526284Z"} {"log":"I1111 00:35:19.549433 1 cni.go:291] About to add CNI network cni-loopback (type=loopback)\n","stream":"stderr","time":"2017-11-11T00:35:19.5526748Z"} {"log":"I1111 00:35:19.549504 1 handler.go:325] Added event \u0026{/kubepods/burstable/pod3173eef3-c678-11e7-ac4b-e41d2d59689e/1dd57d6f6c996d7abe061f6236fc8a0150cf6f95d16d5c3c462c9ed7158d3c54 2017-11-11 00:35:19.3931718 +0000 UTC containerCreation {\u003cnil\u003e}}\n","stream":"stderr","time":"2017-11-11T00:35:19.5527217Z"} {"log":"I1111 00:35:19.551134 1 container.go:407] Start housekeeping for container \"/kubepods/burstable/pod3173eef3-c678-11e7-ac4b-e41d2d59689e/1dd57d6f6c996d7abe061f6236fc8a0150cf6f95d16d5c3c462c9ed7158d3c54\"\n","stream":"stderr","time":"2017-11-11T00:35:19.5527441Z"} {"log":"E1111 00:35:19.555099 1 cni.go:294] Error adding network: failed to Statfs \"/proc/54226/ns/net\": no such file or directory\n","stream":"stderr","time":"2017-11-11T00:35:19.5553606Z"} {"log":"E1111 00:35:19.555122 1 cni.go:237] Error while adding to cni lo network: failed to Statfs \"/proc/54226/ns/net\": no such file or directory\n","stream":"stderr","time":"2017-11-11T00:35:19.5553887Z"} {"log":"I1111 00:35:19.600281 1 manager.go:970] Destroyed container: \"/kubepods/burstable/pod3173eef3-c678-11e7-ac4b-e41d2d59689e/1dd57d6f6c996d7abe061f6236fc8a0150cf6f95d16d5c3c462c9ed7158d3c54\" (aliases: [k8s_POD_kube-dns-v20-141138543-pmdww_kube-system_3173eef3-c678-11e7-ac4b-e41d2d59689e_0 1dd57d6f6c996d7abe061f6236fc8a0150cf6f95d16d5c3c462c9ed7158d3c54], namespace: \"docker\")\n","stream":"stderr","time":"2017-11-11T00:35:19.6005722Z"}

我看到\暂停容器继续出来只是稍后退出,一个无害的错误信息(这是一个旧的,我停止了集群,所以它不会产生更多的容器): 

 ubuntu@r172-16-6-39:~$ docker ps -a | grep 216e39defa36 216e39defa36 gcr.io/google_containers/pause-amd64:3.0 "/pause" About an hour ago Exited (0) About an hour ago k8s_POD_kube-dns-v20-141138543-xvdmv_kube-system_0594732f-c688-11e7-9da5-e41d2d59689e_17 ubuntu@r172-16-6-39:~$ docker logs 216e39defa36 shutting down, got signal: Terminated

我的主机上不存在dir /proc/54226 ,我猜这是CNI为什么抱怨的原因。 但是印花布的暂停容器很好,运行相同的图像,所以一定要么只有在kube-dns的情况下才能写入,要么不能在Calico的情况下写入。 我在Openshift上发现了一些类似SELinux相关错误的引用 ,但是我运行了一个没有安装SELinux的裸Ubuntu 14.04虚拟机。 

 ubuntu@r172-16-6-39:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 14.04.4 LTS Release: 14.04 Codename: trusty ubuntu@r172-16-6-39:~$ setenforce The program 'setenforce' is currently not installed. You can install it by typing: sudo apt-get install selinux-utils

我的CNI conf也非常简单,由install-cni calico容器生成: 

 ubuntu@r172-16-6-39:~$ cat /etc/cni/net.d/10-calico.conf { "name": "k8s-pod-network", "cniVersion": "0.1.0", "type": "calico", "log_level": "debug", "datastore_type": "kubernetes", "nodename": "172.16.6.39", "mtu": 1500, "ipam": { "type": "host-local", "subnet": "usePodCidr" }, "policy": { "type": "k8s", "k8s_auth_token": "****" }, "kubernetes": { "k8s_api_root": "https://168.16.0.1:443", "kubeconfig": "/etc/kubernetes/kubeconfig" } }

有没有人碰到类似的东西?

Interesting Posts

在Windows 10与Maven的Docker

如果一个服务在docker build期间启动,它应该在运行时运行吗?

在OSX上手动共享目录作为docker卷安装点

有没有办法在docker卷中列出文件?

ECR上的WebRTC Kurento Docker镜像

Kuberntes大师不在OpenStack热启动

在Docker容器内部产生的进程默认使用容器主机上的所有cpu核心吗?

获取部署Kubernetes服务的YAML?

无法访问docker容器内的瓶子应用程序

我应该创build一个虚拟机,然后使用VM内的Docker机器进行开发