calico-kube-controllers 启动失败处理

最新推荐文章于 2024-07-22 22:17:12 发布
最新推荐文章于 2024-07-22 22:17:12 发布
阅读量6.6k 收藏 3
点赞数 3
分类专栏: k8s 文章标签: k8s Powered by 金山文档
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/greenery/article/details/129138654
版权

故障描述

calico-kube-controllers 异常,不断重启

日志信息如下

2023-02-21 01:26:47.085 [INFO][1] main.go 92: Loaded configuration from environment config=&config.Config{LogLevel:"info", WorkloadEndpointWorkers:1, ProfileWorkers:1, PolicyWorkers:1, NodeWorkers:1, Kubeconfig:"", DatastoreType:"kubernetes"}
W0221 01:26:47.086980       1 client_config.go:615] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
2023-02-21 01:26:47.087 [INFO][1] main.go 113: Ensuring Calico datastore is initialized
2023-02-21 01:26:47.106 [INFO][1] main.go 153: Getting initial config snapshot from datastore
2023-02-21 01:26:47.120 [INFO][1] main.go 156: Got initial config snapshot
2023-02-21 01:26:47.120 [INFO][1] watchersyncer.go 89: Start called
2023-02-21 01:26:47.120 [INFO][1] main.go 173: Starting status report routine
2023-02-21 01:26:47.120 [INFO][1] main.go 182: Starting Prometheus metrics server on port 9094
2023-02-21 01:26:47.120 [INFO][1] main.go 418: Starting controller ControllerType="Node"
2023-02-21 01:26:47.120 [INFO][1] watchersyncer.go 127: Sending status update Status=wait-for-ready
2023-02-21 01:26:47.120 [INFO][1] node_syncer.go 65: Node controller syncer status updated: wait-for-ready
2023-02-21 01:26:47.120 [INFO][1] watchersyncer.go 147: Starting main event processing loop
2023-02-21 01:26:47.120 [INFO][1] watchercache.go 174: Full resync is required ListRoot="/calico/ipam/v2/assignment/"
2023-02-21 01:26:47.120 [INFO][1] node_controller.go 143: Starting Node controller
2023-02-21 01:26:47.121 [INFO][1] watchercache.go 174: Full resync is required ListRoot="/calico/resources/v3/projectcalico.org/nodes"
2023-02-21 01:26:47.121 [INFO][1] resources.go 349: Main client watcher loop
2023-02-21 01:26:47.121 [ERROR][1] status.go 138: Failed to write readiness file: open /status/status.json: permission denied
2023-02-21 01:26:47.121 [WARNING][1] status.go 66: Failed to write status error=open /status/status.json: permission denied
2023-02-21 01:26:47.121 [ERROR][1] status.go 138: Failed to write readiness file: open /status/status.json: permission denied
2023-02-21 01:26:47.121 [WARNING][1] status.go 66: Failed to write status error=open /status/status.json: permission denied
2023-02-21 01:26:47.124 [INFO][1] watchercache.go 271: Sending synced update ListRoot="/calico/ipam/v2/assignment/"
2023-02-21 01:26:47.125 [INFO][1] watchersyncer.go 127: Sending status update Status=resync
2023-02-21 01:26:47.125 [INFO][1] node_syncer.go 65: Node controller syncer status updated: resync
2023-02-21 01:26:47.125 [INFO][1] watchersyncer.go 209: Received InSync event from one of the watcher caches
2023-02-21 01:26:47.125 [ERROR][1] status.go 138: Failed to write readiness file: open /status/status.json: permission denied
2023-02-21 01:26:47.125 [WARNING][1] status.go 66: Failed to write status error=open /status/status.json: permission denied
2023-02-21 01:26:47.129 [INFO][1] watchercache.go 271: Sending synced update ListRoot="/calico/resources/v3/projectcalico.org/nodes"
2023-02-21 01:26:47.129 [ERROR][1] status.go 138: Failed to write readiness file: open /status/status.json: permission denied
2023-02-21 01:26:47.129 [WARNING][1] status.go 66: Failed to write status error=open /status/status.json: permission denied
2023-02-21 01:26:47.129 [INFO][1] watchersyncer.go 209: Received InSync event from one of the watcher caches
2023-02-21 01:26:47.129 [INFO][1] watchersyncer.go 221: All watchers have sync'd data - sending data and final sync
2023-02-21 01:26:47.129 [INFO][1] watchersyncer.go 127: Sending status update Status=in-sync
2023-02-21 01:26:47.129 [INFO][1] node_syncer.go 65: Node controller syncer status updated: in-sync
2023-02-21 01:26:47.137 [INFO][1] hostendpoints.go 90: successfully synced all hostendpoints
2023-02-21 01:26:47.221 [INFO][1] node_controller.go 159: Node controller is now running
2023-02-21 01:26:47.226 [INFO][1] ipam.go 69: Synchronizing IPAM data
2023-02-21 01:26:47.236 [INFO][1] ipam.go 78: Node and IPAM data is in sync

定位问题在这里

Failed to write status error=open /status/status.json: permission denied

进入容器检查目录

尝试进入容器,但是该容器居然没 cat , ls 等常规命令,无法查看容器问题

检查配置

查看pod的配置,对比其它集群,没任何问题,一样的

[grg@i-A8259010 ~]$ kubectl describe pod calico-kube-controllers-9f49b98f6-njs2f -n kube-system
Name:                 calico-kube-controllers-9f49b98f6-njs2f
Namespace:            kube-system
Priority:             2000000000
Priority Class Name:  system-cluster-critical
Node:                 10.254.39.2/10.254.39.2
Start Time:           Thu, 16 Feb 2023 11:14:35 +0800
Labels:               k8s-app=calico-kube-controllers
                      pod-template-hash=9f49b98f6
Annotations:          cni.projectcalico.org/podIP: 10.244.29.73/32
                      cni.projectcalico.org/podIPs: 10.244.29.73/32
Status:               Running
IP:                   10.244.29.73
IPs:
  IP:           10.244.29.73
Controlled By:  ReplicaSet/calico-kube-controllers-9f49b98f6
Containers:
  calico-kube-controllers:
    Container ID:   docker://21594e3517a3fc8ffc5224496cec373117138acf5417d9a335a1c5e80e0c3802
    Image:          registry.custom.local:12480/kubeadm-ha/calico_kube-controllers:v3.19.1
    Image ID:       docker-pullable://registry.cn-beijing.aliyuncs.com/dotbalo/kube-controllers@sha256:2ff71ba65cd7fe10e183ad80725ad3eafb59899d6f1b2610446b90c84bf2425a
    Port:           <none>
    Host Port:      <none>
    State:          Waiting
      Reason:       CrashLoopBackOff
    Last State:     Terminated
      Reason:       Error
      Exit Code:    2
      Started:      Tue, 21 Feb 2023 09:34:06 +0800
      Finished:     Tue, 21 Feb 2023 09:35:15 +0800
    Ready:          False
    Restart Count:  1940
    Liveness:       exec [/usr/bin/check-status -l] delay=10s timeout=1s period=10s #success=1 #failure=6
    Readiness:      exec [/usr/bin/check-status -r] delay=0s timeout=1s period=10s #success=1 #failure=3
    Environment:
      ENABLED_CONTROLLERS:  node
      DATASTORE_TYPE:       kubernetes
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-55jbn (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  kube-api-access-55jbn:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              kubernetes.io/os=linux
Tolerations:                 CriticalAddonsOnly op=Exists
                             node-role.kubernetes.io/master:NoSchedule
                             node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason     Age                        From     Message
  ----     ------     ----                       ----     -------
  Warning  Unhealthy  31m (x15164 over 4d22h)    kubelet  Readiness probe failed: Failed to read status file /status/status.json: unexpected end of JSON input
  Warning  BackOff    6m23s (x23547 over 4d22h)  kubelet  Back-off restarting failed container
  Warning  Unhealthy  79s (x11571 over 4d22h)    kubelet  Liveness probe failed: Failed to read status file /status/status.json: unexpected end of JSON input

对比镜像

检查镜像版本,与其它集群一致,没问题

Image:          registry.custom.local:12480/kubeadm-ha/calico_kube-controllers:v3.19.1    
Image ID:       docker-pullable://registry.cn-beijing.aliyuncs.com/dotbalo/kube-controllers@sha256:2ff71ba65cd7fe10e183ad80725ad3eafb59899d6f1b2610446b90c84bf2425a

检查其余集群配置差异

检查与其它集群的配置信息,该机器的 docker 是原来已经安装的,版本是 19,其它机器是新安装的版本 20 。

处理方案

在无法重装 docker 的情况下

重启 pod,无效

百度,无相关信息

调整 calico-kube-controllers 配置

配置文件在 /etc/kubernetes/plugins/network-plugin/calico-typha.yaml

我们针对无法写入目录 /status ,添加卷映射

应用配置

mkdir /var/run/calico/status
chmod 777/var/run/calico/status
kubectl apply -f  /etc/kubernetes/plugins/network-plugin/calico-typha.yaml

到此系统恢复

greenery
关注
  • 3
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
基于containerd搭建的K8S集群calico与coredns组件一直处于pending状态
江晓龙的博客
02-09 8877
基于containerd搭建的K8S集群calico与coredns组件一直处于pending状态 问题描述 搭建完K8S1.22版本,容器服务采用的containerd,集群部署完成后calico和coredns组件一直处于pending状态,如下图所示。 排查过程 首先查看下资源为什么一直处于pending状态。 使用kubectl describe 命令查看calico等资源的属性,提示信息说是由于K8S集群中Node节点没有准备就绪导致。 我的集群刚刚搭建完毕,calico组件一直处于pendin
记录一次K8s 集群故障(路由&Calico
qq_43024789的博客
02-16 1252
除了 kube-system下的api-server, etcd-admin, scheduler, controller manager, 以及各个3个节点的kube-proxy 处于running状态,因为kube-proxy和calico-node都是ds, 使用Hostnetwork,因此IP就是所在节点IP。确定它就是k8s kube-apiserver-admin这个pod所单独暴露出来的svc, 是单例的pod,不属于任何rs/ds/deployment/sts。
云原生之史上最全K8S环境搭建(强烈建议收藏)
CSDN新星计划JAVA赛道TOP5、CSDN内容合伙人、JAVA领域优质创作者、资深JAVA开发深耕JAVA领域。
09-03 1万+
云原生之史上最全K8S环境搭建(强烈建议收藏)
k8s部署calico遇到的问题
m0_53166211的博客
05-29 633
error: resource mapping not found for name: "tigera-operator" namespace: "" from "tigera-operator.yaml": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1" ensure CRDs are installed first ojectcalico.org/v3: the server is currently unable
Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work
热门推荐
weixin_41831919的博客
07-04 1万+
当下载ingress-nginx的yaml wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml -O nginx-ingress-controller.yaml 部署ingress-nginx时,查看pod日志,报如下错误 解决方式: 添加如下hostNetwork: true在yaml中,重新部署,或修改pod的deployment文
kube-controllers:用于CalicoKubernetes控制器
04-09
Kubernetes的Calico控制器 该存储库包含用于Calicokubernetes控制器的集合。 有几个控制器,每个控制器监视Kubernetes API中的资源并响应事件执行特定的工作。 可以在目录中找到每个控制器的源代码。 有关每种功能的更多信息,请参见。 开始使用Calico 对于想要了解有关该项目的更多信息或开始使用Calico的用户,请参阅上的文档。 开始开发Calico 依存关系 整个构建都可以在容器中运行,这意味着您唯一需要的依赖项就是可以。 如果要在容器外部本地运行构建和测试,则需要以下依赖项: 建筑 欢迎对此代码做出贡献! 可以使用Makefile来构建和测试此存储库中的代码。 make docker-image将产生一个包含适用于部署到kubernetes的工件的docker映像。 make binary将仅构建控制器二进制文件,以便可以在本地运行
calico-kube-controllers open /status/status.json: permission denied
weixin_42324368的博客
07-06 1062
###### 在一台机器上装k8s单节点集群,因/目录空间较小,便将docker和kubelet的存储目录迁移至新盘挂载目录。将数据拷贝时没注意目录权限问题,导致重启docker和kubelet后 ,calico容器未就绪,查看日志提示没有权限写入就绪状态到/sttaus/status.json文件。因为进入pod命令行提示无bash ,sh,故通过修改calico-kube-controllers deployments,增加volume挂载到本地,赋权修改属组后容器就绪正常。
k8scalico网络组件部署时一个节点一直处于Pending状态
weixin_45294285的博客
03-12 1960
default-scheduler 0/3 nodes are available: 1 Insufficient cpu, 2 node(s) didn't match Pod's node affinity/selector
K8S配置Calico网络报错解决:error: error parsing https://raw.githubusercontent.com/projectcalico/calico/v3.26.
分享式获得也是一种学习的态度
12-15 696
每个人都有惰性,但不断学习是好好生活的根本,共勉!
calico v3.20.3-kube-controller镜像包
12-15
calico v3.20.3-kube-controller镜像包,在安装镜像的时候一直无法下载下来,导致项目无法部署,上传本地镜像到linux服务器,解压包,导入对应的tar包镜像包,通过docker load 导入本地镜像包,镜像包名字通过docker...
calico-3.26.1
04-19
Calico 是一个开源的网络和网络策略项目,主要用于 Kubernetes (K8s) 集群。它提供了高性能的网络连接和强大的网络策略控制,使容器内的应用能够在集群中安全地通信。Calico 的核心功能包括网络插件、网络策略、以及...
calico-3.13.1的所有包
12-19
k8s安装calico安装包一直失败,而且下载tar.gz包,以为是镜像,镜像使用docker import - 镜像:tag calico.tar,使用kubectl get pod pod名 -n kube-system -o yaml 查看显示,启动容器message: 'Error response from ...
calico-v3.20.6版本容器镜像+calico.yaml文件
06-26
3. **kube-controllers_v3.20.6.tar**: 这是 Calico 控制器的镜像,它们是 Kubernetes 集群的一部分,负责处理与网络策略和IP地址管理相关的任务,例如自动配置网络策略,或者在Pod创建和删除时更新网络状态。...
Pod提示NetworkPlugin cni failed to set up .. network:open/run/flannel/subnet.env:nosuchfileordirectory
hedao0515的专栏
02-15 4814
k8s创建Pod提示NetworkPlugin cni failed to set up .. network:open/ run/flannel/subnet.env: no such file or directory
[Microk8s] calico-kube-controller not running: Failed to initialize Calico datastore error... 解决方法
pcj_888的博客
05-08 1690
[Microk8s] calico-kube-controller not running: `Failed to initialize Calico datastore error=Get “https://10.152.183.1:443/apis/crd.projectcalico.org/v1/clusterinformations/default”: context deadline exceeded` 解决方法
k8s故障处理篇】calico-kube-controllers状态为“ImagePullBackOff”解决办法
最新发布
jks212454的博客
07-22 376
k8s故障处理篇】calico-kube-controllers状态为“ImagePullBackOff”解决办法
k8s集群使用calico遇到的问题,报错内容如:“Readiness probe failed: caliconode is not ready: BIRD is not ready:
qq_43659763的博客
09-08 1万+
k8s集群使用caliico遇到的问题,报错内容如:“Readiness probe failed: caliconode is not ready: BIRD is not ready: BGP not established with” 一、下载和安装calicoctl工具,注意calico版本 cd /usr/local/bin curl -O -L https://github.com/projectcalico/calicoctl/releases/download/v3.9.2/calicoct
calico的CrashLoopBackOff 解决办法
之城的专栏
05-30 1万+
今天查看k8s集群的状态发现, calico-node的status是CrashLoopBackOff 。 于是各种查找资料, 现在把解决方法记下。 查看日志 其实k8s的日志记录十分详细,只要查看下日志结合搜索引擎, 很快就能知道问题, 查看问题pod的日志: kubectl logs -f -n kube-system calico-node-wzmz5 -c calico-node 这个命令的日志信息很长, 很多。 直接拉到底部查看最新的日志。 日志中已经说了, linux系统内核的RPF
2021-06-26 calico-node-xxx pod 状态反复CrashLoopBackOff
qimingstack的博客
06-26 2393
calico-node-xxx pod 状态反复CrashLoopBackOff [root@k8s-master ~]# kubectl get pods -n kube-system -owide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES cali
calico-kube-controllers pending
12-24
calico-kube-controllers pending表示calico-kube-controllers正在等待处理中。这可能是因为系统资源不足、网络连接问题或者其他未知的原因导致。要解决这个问题,可以尝试以下几种方法:首先,可以检查系统的资源利用情况,确保系统有足够的内存和CPU可用来处理calico-kube-controllers的请求。其次,可以尝试重新启动calico-kube-controllers服务,看是否能够解决问题。另外,也可以检查网络连接是否正常,确保calico-kube-controllers能够正常地访问其他组件和服务。最后,如果以上方法都无法解决问题,可以尝试更新calico-kube-controllers到最新版本,或者查看官方文档寻求帮助。总之,要解决calico-kube-controllers pending的问题,需要仔细排查可能的原因,并逐一尝试解决方法,直到问题得以解决。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值