更新 Arch Linux(sudo pacman -Syu)并重启系统后,Minikube 因 kube-proxy 而无法启动。日志显示它正在尝试修改,/proc/sys/net/netfilter/nf_conntrack_max但遇到了权限被拒绝的问题。
我尝试运行sudo chmod 777 /proc/sys/net/netfilter/nf_conntrack_max,但系统不允许。我也删除~/.minikube并重新启动,但它仍然无法工作。启动时出现同样的问题kind。有人能告诉我如何解决这个问题吗?
$ kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-74ff55c5b-2hkpd 0/1 Running 0 22s
etcd-minikube 0/1 Running 0 30s
kube-apiserver-minikube 1/1 Running 0 30s
kube-controller-manager-minikube 0/1 Running 0 30s
kube-proxy-qhhx9 0/1 Error 2 22s
kube-scheduler-minikube 0/1 Running 0 30s
storage-provisioner 1/1 Running 0 35s
kubectl logs kube-proxy-qhhx9 -n kube-system
I0511 04:47:08.189373 1 node.go:172] Successfully retrieved node IP: 192.168.49.2
I0511 04:47:08.189422 1 server_others.go:142] kube-proxy node IP is an IPv4 address (192.168.49.2), assume IPv4 operation
W0511 04:47:08.207109 1 server_others.go:578] Unknown proxy mode "", assuming iptables proxy
I0511 04:47:08.207314 1 server_others.go:185] Using iptables Proxier.
I0511 04:47:08.208192 1 server.go:650] Version: v1.20.2
I0511 04:47:08.209006 1 conntrack.go:100] Set sysctl 'net/netfilter/nf_conntrack_max' to 131072
F0511 04:47:08.209060 1 server.go:495] open /proc/sys/net/netfilter/nf_conntrack_max: permission denied
内核版本
$ uname -r
5.12.2-arch1-1
$ iptables --version
iptables v1.8.7 (legacy)
答案1
更改maxPerCore为 0 以configMap保持kube-proxy限制不变并忽略 conntrack-min
答案2
尽管使用了 kind,但仍然遇到同样的问题。FWIW 它有助于将内核降级到 5.11。
答案3
答案4
升级到 kindv0.11.1可以解决这个问题。
$ kind version
kind v0.11.1 go1.16.4 linux/amd64
$ uname -r
5.4.0-80-generic