- 系统环境
#系统版本cat /etc/redhat-releaseCentOS Linux release 7.4.1708 (Core)#kubelet版本kubelet --versionKubernetes v1.10.0#selinux状态getenforceDisabled#系统防火墙状态systemctl status firewalld● firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)Active: inactive (dead) Docs: man:firewalld(1) - Pod 异常问题
#dns的Pod 一直处于 Waiting 或 ContainerCreating 状态kubectl get po -n kube-systemNAME ???????????????????????????????????READY ????STATUS ????????????RESTARTS ??AGEkube-dns-86f4d74b45-ffwjf ???????0/3 ??????ContainerCreating ??0 ?????????6m#查看Pod详细情况kubectl ?describe pod kube-dns-86f4d74b45-ffwjf ?-n kube-system##我们看到如下信息:Error syncing podPod sandbox changed, it will be killed and re-created.##可以发现,该 Pod 的 Sandbox 容器无法正常启动,具体原因需要查看 Kubelet 日志。#查看Pod的logjournalctl -u kubelet##看到如下报错内容:RunPodSandbox from runtime service failed: rpc error: code = 2 desc = NetworkPlugin cni failed to set up pod "kube-dns-86f4d74b45-ffwjf" network: failed to set bridge addr: "cni0" already has an IP address different from 10.244.4.1/24##说明
这里的一个Pod中启动了多个容器,所以,我们使用kubectl logs 命令查看日志很有局限性,关于kubectl logs的使用,请参考kubernetes中的Pod简述与实践和kubernetes中文文档。 - 处理步骤
#在master节点之外的节点进行操作kubeadm resetsystemctl stop kubeletsystemctl stop dockerrm -rf /var/lib/cni/rm -rf /var/lib/kubelet/*rm -rf /etc/cni/ifconfig cni0 downifconfig flannel.1 downifconfig docker0 downip link delete cni0ip link delete flannel.1##重启kubeletsystemctl restart kubelet##重启dockersystemctl restart docker#说明##如果上面操作之后还是报相同的错误或是如下错误:"CreatePodSandbox for pod \" kube-dns-86f4d74b45-ffwjf _default(78e796f5-eb7c-11e7-b903-b827ebd42d30)\" failed: rpc error: code = Unknown desc = NetworkPlugin cni failed to set up pod \" kube-dns-86f4d74b45-ffwjf _default\"network: failed to allocate for range 0: no IP addresses available in range set:10.244.1.1-10.244.1.254"#执行如下操作步骤:##在master主机上kubeadm resetsystemctl stop kubeletsystemctl stop dockerrm -rf /var/lib/cni/rm -rf /var/lib/kubelet/*rm -rf /etc/cni/ifconfig cni0 downifconfig flannel.1 downifconfig docker0 downip link delete cni0ip link delete flannel.1##重启kubeletsystemctl restart kubelet##重启dockersystemctl restart docker##初始化kubeadm init --kubernetes-version=v1.10.1 --pod-network-cidr=10.244.0.0/16--apiserver-advertise-address=10.0.0.39##说明:最后给出了将节点加入集群的命令:kubeadm join 10.0.0.39:6443 --token 4g0p8w.w5p29ukwvitim2ti --discovery-token-ca-cert-hash sha256:21d0adbfcb409dca97e655641573b2ee51c77a212f194e20a307cb459e5f77c8这条命令一定保存好,因为后期没法重现的!!##建立.kuberm -rf /root/.kube/mkdir -p /root/.kube/cp -i /etc/kubernetes/admin.conf /root/.kube/configchown root:root /root/.kube/config#在node(非master)节点上kubeadm resetsystemctl stop kubeletsystemctl stop dockerrm -rf /var/lib/cni/rm -rf /var/lib/kubelet/*rm -rf /etc/cni/ifconfig cni0 downifconfig flannel.1 downifconfig docker0 downip link delete cni0ip link delete flannel.1##重启kubeletsystemctl restart kubelet##重启dockersystemctl restart docker## kubeadm joinkubeadm join 10.0.0.39:6443 --token 4g0p8w.w5p29ukwvitim2ti --discovery-token-ca-cert-hash sha256:21d0adbfcb409dca97e655641573b2ee51c77a212f194e20a307cb459e5f77c8 - 总结
除了以上错误,其他可能的原因还有:
镜像拉取失败,比如:
(1)配置了错误的镜像
(2)Kubelet 无法访问镜像(国内环境访问 gcr.io 需要特殊处理
(3)私有镜像的密钥配置错误
(4)镜像太大,拉取超时(可以适当调整 kubelet 的 --image-pull-progress-deadline 和 --runtime-request-timeout 选项)
CNI 网络错误,一般需要检查 CNI 网络插件的配置,比如:
(1)无法配置 Pod 网络
(2)无法分配 IP 地址
容器无法启动,需要检查是否打包了正确的镜像或者是否配置了正确的容器参数等。 - 参考文章
https://github.com/kubernetes/kubernetes/issues/57280
kubernetes中网络报错问题
原文地址:http://blog.51cto.com/wutengfei/2121202