kubernetes報錯“failed to get azure cloud..."解決
阿新 • • 發佈:2018-11-23
從1.11.3升級到1.12.1,檢視kubernetes日誌,發現報錯:
journalctl -f -u kubelet.service
經過查詢資料,發現是1.12因為在v1.12中的kubelet 的AttachVolumeLimit導致的,禁用
AttachVolumeLimit
master機器上,在kubelet啟動時禁止AttachVolumeLimit,增加引數:
--feature-gates=AttachVolumeLimit=false
增加後:
[[email protected] ~]# vim /etc/systemd/system/kubelet.service [Unit] Description=Kubernetes Kubelet Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=docker.service Requires=docker.service [Service] WorkingDirectory=/var/lib/kubelet #--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest ExecStart=/opt/kube/bin/kubelet \ --address=192.168.2.10 \ --allow-privileged=true \ --anonymous-auth=false \ --authentication-token-webhook \ --authorization-mode=Webhook \ --client-ca-file=/etc/kubernetes/ssl/ca.pem \ --cluster-dns=10.68.0.2 \ --cluster-domain=cluster.local. \ --cni-bin-dir=/opt/kube/bin \ --cni-conf-dir=/etc/cni/net.d \ --fail-swap-on=false \ --feature-gates=AttachVolumeLimit=false \ --hairpin-mode hairpin-veth \ --hostname-override=192.168.2.10 \ --kubeconfig=/etc/kubernetes/kubelet.kubeconfig \ --max-pods=110 \ --network-plugin=cni \ --pod-infra-container-image=mirrorgooglecontainers/pause-amd64:3.1 \ --register-node=true \ --root-dir=/var/lib/kubelet \ --tls-cert-file=/etc/kubernetes/ssl/kubelet.pem \ --tls-private-key-file=/etc/kubernetes/ssl/kubelet-key.pem \ --v=2 #kubelet cAdvisor 預設在所有介面監聽 4194 埠的請求, 以下iptables限制內網訪問 ExecStartPost=/sbin/iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 4194 -j ACCEPT ExecStartPost=/sbin/iptables -A INPUT -s 172.16.0.0/12 -p tcp --dport 4194 -j ACCEPT ExecStartPost=/sbin/iptables -A INPUT -s 192.168.0.0/16 -p tcp --dport 4194 -j ACCEPT ExecStartPost=/sbin/iptables -A INPUT -p tcp --dport 4194 -j DROP Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target ~ ~ ~ ~ ~ ~ ~ "/etc/systemd/system/kubelet.service" 43L, 1617C 已寫入
重新載入服務:
[[email protected] ~]# systemctl daemon-reload
[[email protected] ~]# sudo systemctl restart kubelet
再次檢視日誌已經沒有報此錯誤。