首先來看看採坑記錄

1-檢視日誌：kubectl logs得到具體的報錯：

1 [root@i-F998A4DE ~]# kubectl logs -n kube-system coredns-fb8b8dccf-hhkfm
2 log is DEPRECATED and will be removed in a future version. Use logs instead.
3 E1230 03:03:51.298180       1 reflector.go:134] github.com/coredns/coredns/plugin/kubernetes/controller.go:315: Failed to list *v1.Service: Get https://
 
10.96.0.1:443/api/v1/services?limit=500&resourceVersion=0: dial tcp 10.96.0.1:443: connect: no route to host
4 E1230 03:03:51.298180       1 reflector.go:134] github.com/coredns/coredns/plugin/kubernetes/controller.go:315: Failed to list *v1.Service: Get https://10.96.0.1:443/api/v1/services?limit=500&resourceVersion=0: dial tcp 10.96.0.1:443: connect: no route to host
 

5 log: exiting because of error: log: cannot create log: open /tmp/coredns.coredns-fb8b8dccf-hhkfm.unknownuser.log.ERROR.20201230-030351.1: no such file or directory

2-檢視pod具體資訊：kubectl describe pod得到一些可能比較沒用的資訊：

 1 [root@i-F998A4DE ~]# kubectl describe po -n kube-system coredns-fb8b8dccf-s2nj9
 2 Name:               coredns-fb8b8dccf-s2nj9
 
 3 Namespace:          kube-system
 4 Priority:           2000000000
 5 PriorityClassName:  system-cluster-critical
 6 Node:               master/10.252.37.41
 7 Start Time:         Wed, 30 Dec 2020 10:28:40 +0800
 8 Labels:             k8s-app=kube-dns
 9                     pod-template-hash=fb8b8dccf
10 Annotations:        <none>
11 Status:             Running
12 IP:                 10.244.0.3
13 Controlled By:      ReplicaSet/coredns-fb8b8dccf
14 Containers:
15   coredns:
16     Container ID:  docker://50bab6b378f236af89bec945083bfe1af293a71f1276c3c8df324cfbe6540a54
17     Image:         k8s.gcr.io/coredns:1.3.1
18     Image ID:      docker://sha256:eb516548c180f8a6e0235034ccee2428027896af16a509786da13022fe95fe8c
19     Ports:         53/UDP, 53/TCP, 9153/TCP
20     Host Ports:    0/UDP, 0/TCP, 0/TCP
21     Args:
22       -conf
23       /etc/coredns/Corefile
24     State:          Waiting
25       Reason:       CrashLoopBackOff
26     Last State:     Terminated
27       Reason:       Error
28       Exit Code:    2
29       Started:      Wed, 30 Dec 2020 10:29:00 +0800
30       Finished:     Wed, 30 Dec 2020 10:29:01 +0800
31     Ready:          False
32     Restart Count:  2
33     Limits:
34       memory:  170Mi
35     Requests:
36       cpu:        100m
37       memory:     70Mi
38     Liveness:     http-get http://:8080/health delay=60s timeout=5s period=10s #success=1 #failure=5
39     Readiness:    http-get http://:8080/health delay=0s timeout=1s period=10s #success=1 #failure=3
40     Environment:  <none>
41     Mounts:
42       /etc/coredns from config-volume (ro)
43       /var/run/secrets/kubernetes.io/serviceaccount from coredns-token-2gw5w (ro)
44 Conditions:
45   Type              Status
46   Initialized       True 
47   Ready             False 
48   ContainersReady   False 
49   PodScheduled      True 
50 Volumes:
51   config-volume:
52     Type:      ConfigMap (a volume populated by a ConfigMap)
53     Name:      coredns
54     Optional:  false
55   coredns-token-2gw5w:
56     Type:        Secret (a volume populated by a Secret)
57     SecretName:  coredns-token-2gw5w
58     Optional:    false
59 QoS Class:       Burstable
60 Node-Selectors:  beta.kubernetes.io/os=linux
61 Tolerations:     CriticalAddonsOnly
62                  node-role.kubernetes.io/master:NoSchedule
63                  node.kubernetes.io/not-ready:NoExecute for 300s
64                  node.kubernetes.io/unreachable:NoExecute for 300s
65 Events:
66   Type     Reason            Age                From               Message
67   ----     ------            ----               ----               -------
68   Warning  FailedScheduling  38s (x4 over 48s)  default-scheduler  0/1 nodes are available: 1 node(s) had taints that the pod didn't tolerate.
69   Normal   Scheduled         30s                default-scheduler  Successfully assigned kube-system/coredns-fb8b8dccf-s2nj9 to master
70   Normal   Pulled            11s (x3 over 29s)  kubelet, master    Container image "k8s.gcr.io/coredns:1.3.1" already present on machine
71   Normal   Created           11s (x3 over 29s)  kubelet, master    Created container coredns
72   Normal   Started           10s (x3 over 28s)  kubelet, master    Started container coredns
73   Warning  BackOff           2s (x6 over 26s)   kubelet, master    Back-off restarting failed container

3-修改coredns配置資訊也沒有效果

  1 [root@master ~]# kubectl edit deployment coredns -n kube-system
  2 # Please edit the object below. Lines beginning with a '#' will be ignored,
  3 # and an empty file will abort the edit. If an error occurs while saving this file will be
  4 # reopened with the relevant failures.
  5 apiVersion: extensions/v1beta1
  6 kind: Deployment
  7 metadata:
  8   annotations:
  9     deployment.kubernetes.io/revision: "1"
 10   creationTimestamp: "2020-12-30T02:28:07Z"
 11   generation: 3
 12   labels:
 13     k8s-app: kube-dns
 14   name: coredns
 15   namespace: kube-system
 16   resourceVersion: "6088"
 17   selfLink: /apis/extensions/v1beta1/namespaces/kube-system/deployments/coredns
 18   uid: a718d791-4a46-11eb-91a1-d00df998a4de
 19 spec:
 20   progressDeadlineSeconds: 600
 21   replicas: 2 #先將這裡改為0，k8s更新完之後，再將這裡改回2
 22   revisionHistoryLimit: 10
 23   selector:
 24     matchLabels:
 25       k8s-app: kube-dns
 26   strategy:
 27     rollingUpdate:
 28       maxSurge: 25%
 29       maxUnavailable: 1
 30     type: RollingUpdate
 31   template:
 32     metadata:
 33       creationTimestamp: null
 34       labels:
 35         k8s-app: kube-dns
 36     spec:
 37       containers:
 38       - args:
 39         - -conf
 40         - /etc/coredns/Corefile
 41         image: k8s.gcr.io/coredns:1.3.1
 42         imagePullPolicy: IfNotPresent
 43         livenessProbe:
 44           failureThreshold: 5
 45           httpGet:
 46             path: /health
 47             port: 8080
 48             scheme: HTTP
 49           periodSeconds: 10
 50           successThreshold: 1
 51           timeoutSeconds: 1
 52         resources:
 53           limits:
 54             memory: 170Mi
 55           requests:
 56             cpu: 100m
 57             memory: 70Mi
 58         securityContext:
 59           allowPrivilegeEscalation: false
 60           capabilities:
 61             add:
 62             - NET_BIND_SERVICE
 63             drop:
 64             - all
 65           procMount: Default
 66           readOnlyRootFilesystem: true
 67         terminationMessagePath: /dev/termination-log
 68         terminationMessagePolicy: File
 69         volumeMounts:
 70         - mountPath: /etc/coredns
 71           name: config-volume
 72           readOnly: true
 73       dnsPolicy: Default
 74       nodeSelector:
 75         beta.kubernetes.io/os: linux
 76       priorityClassName: system-cluster-critical
 77       restartPolicy: Always
 78       schedulerName: default-scheduler
 79       securityContext: {}
 80       serviceAccount: coredns
 81       serviceAccountName: coredns
 82       terminationGracePeriodSeconds: 30
 83       tolerations:
 84       - key: CriticalAddonsOnly
 85         operator: Exists
 86       - effect: NoSchedule
 87         key: node-role.kubernetes.io/master
 88       volumes:
 89       - configMap:
 90           defaultMode: 420
 91           items:
 92           - key: Corefile
 93             path: Corefile
 94           name: coredns
 95         name: config-volume
 96 status:
 97   availableReplicas: 2
 98   conditions:
 99   - lastTransitionTime: "2020-12-30T03:00:38Z"
100     lastUpdateTime: "2020-12-30T03:00:38Z"
101     message: ReplicaSet "coredns-fb8b8dccf" has successfully progressed.
102     reason: NewReplicaSetAvailable
103     status: "True"
104     type: Progressing
105   - lastTransitionTime: "2020-12-30T03:38:49Z"
106     lastUpdateTime: "2020-12-30T03:38:49Z"
107     message: Deployment has minimum availability.
108     reason: MinimumReplicasAvailable
109     status: "True"
110     type: Available
111   observedGeneration: 3
112   readyReplicas: 2
113   replicas: 2 #先將這裡改為0，k8s更新完後，這裡不用動
114   updatedReplicas: 2

4-強制刪除coredns pod沒有效果

1 [root@i-F998A4DE ~]# kubectl delete po coredns-fb8b8dccf-hhkfm --grace-period=0 --force -n kube-system 
2 warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
3 pod "coredns-fb8b8dccf-hhkfm" force deleted
4 [root@i-F998A4DE flannel-dashboard]# kubectl delete po coredns-fb8b8dccf-ll2mp --grace-period=0 --force -n kube-system 
5 warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
6 pod "coredns-fb8b8dccf-ll2mp" force deleted

5-檢視kubelet的訪問也是coredns出錯

1 [root@i-F998A4DE ~]# journalctl -f -u kubelet
2 -- Logs begin at Tue 2020-12-29 11:56:05 CST. --
3 Dec 30 11:30:38 master kubelet[20570]: W1230 11:30:38.307384   20570 container.go:409] Failed to create summary reader for "/libcontainer_16449_systemd_test_default.slice": none of the resources are being tracked.
4 Dec 30 11:30:40 master kubelet[20570]: E1230 11:30:40.356882   20570 pod_workers.go:190] Error syncing pod 2c0dffd5-4a4f-11eb-8c6b-d00df998a4de ("coredns-fb8b8dccf-jnj5h_kube-system(2c0dffd5-4a4f-11eb-8c6b-d00df998a4de)"), skipping: failed to "StartContainer" for "coredns" with CrashLoopBackOff: "Back-off 1m20s restarting failed container=coredns pod=coredns-fb8b8dccf-jnj5h_kube-system(2c0dffd5-4a4f-11eb-8c6b-d00df998a4de)"
5 Dec 30 11:30:41 master kubelet[20570]: E1230 11:30:41.375798   20570 pod_workers.go:190] Error syncing pod 2c0dffd5-4a4f-11eb-8c6b-d00df998a4de ("coredns-fb8b8dccf-jnj5h_kube-system(2c0dffd5-4a4f-11eb-8c6b-d00df998a4de)"), skipping: failed to "StartContainer" for "coredns" with CrashLoopBackOff: "Back-off 1m20s restarting failed container=coredns pod=coredns-fb8b8dccf-jnj5h_kube-system(2c0dffd5-4a4f-11eb-8c6b-d00df998a4de)"
6 Dec 30 11:30:45 master kubelet[20570]: E1230 11:30:45.899200   20570 pod_workers.go:190] Error syncing pod 1ed96c42-4a4f-11eb-8c6b-d00df998a4de ("coredns-fb8b8dccf-24sxn_kube-system(1ed96c42-4a4f-11eb-8c6b-d00df998a4de)"), skipping: failed to "StartContainer" for "coredns" with CrashLoopBackOff: "Back-off 1m20s restarting failed container=coredns pod=coredns-fb8b8dccf-24sxn_kube-system(1ed96c42-4a4f-11eb-8c6b-d00df998a4de)"

6-本地dns配置也沒有什麼問題

1 [root@i-F998A4DE ~]# cat /etc/resolv.conf 
2 # Generated by NetworkManager
3 nameserver 114.114.114.114
4 nameserver 8.8.8.8

最後解決方案

這個問題很可能是由iptables規則的錯亂或者快取導致的，可以依次執行以下命令解決：

1 [root@master ~]# systemctl stop kubelet
2 [root@master ~]# systemctl stop docker
3 [root@master ~]# iptables --flush
4 [root@master ~]# iptables -tnat --flush
5 [root@master ~]# systemctl start kubelet
6 [root@master ~]# systemctl start docker