按照 Kelsey Hightower 在 AWS EC2 实例上的 KTHW 操作,并开始引导工作节点,但不知何故 kubelet 似乎出了问题。
未使用 KUBEADM 或 DOCKER。
现在出现以下错误。
kubelet.service - Kubernetes Kubelet
Loaded: loaded (/etc/systemd/system/kubelet.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Sun 2024-01-14 18:54:09 UTC; 86ms ago
Docs: https://github.com/kubernetes/kubernetes
Process: 8094 ExecStart=/usr/local/bin/kubelet --config=/var/lib/kubelet/kubelet-config.yaml --container-runtime=remote --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock --image-pull-progress-deadline=2m --kube>
Main PID: 8094 (code=exited, status=1/FAILURE)
CPU: 171ms
Jan 14 18:54:09 CKATRAINWK2 kubelet[8094]: Insecure values: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_A>
Jan 14 18:54:09 CKATRAINWK2 kubelet[8094]: --tls-min-version string Minimum TLS version supported. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13 (DEPRECATED: This paramet>
Jan 14 18:54:09 CKATRAINWK2 kubelet[8094]: --tls-private-key-file string File containing x509 private key matching --tls-cert-file. (DEPRECATED: This parameter should be set via the config file specifi>
Jan 14 18:54:09 CKATRAINWK2 kubelet[8094]: --topology-manager-policy string Topology Manager policy to use. Possible values: 'none', 'best-effort', 'restricted', 'single-numa-node'. (default "none") (DEPR>
Jan 14 18:54:09 CKATRAINWK2 kubelet[8094]: --topology-manager-scope string Scope to which topology hints applied. Topology Manager collects hints from Hint Providers and applies them to defined scope to >
Jan 14 18:54:09 CKATRAINWK2 kubelet[8094]: -v, --v Level number for the log level verbosity (default 0)
Jan 14 18:54:09 CKATRAINWK2 kubelet[8094]: --version version[=true] Print version information and quit
Jan 14 18:54:09 CKATRAINWK2 kubelet[8094]: --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
Jan 14 18:54:09 CKATRAINWK2 kubelet[8094]: --volume-plugin-dir string The full path of the directory in which to search for additional third party volume plugins (default "/usr/libexec/kubernetes/ku>
Jan 14 18:54:09 CKATRAINWK2 kubelet[8094]: --volume-stats-agg-period duration Specifies interval for kubelet to calculate and cache the volume disk usage for all pods and volumes. To disable volume calcula
sudo journalctl -xeu kubelet
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --seccomp-profile-root string <Warning: Alpha feature> Directory path for seccomp profiles. (default "/var/lib/kubelet/seccomp") (DEPRECATED: will be removed in 1.23, in favor of using the `<root-dir>/seccomp` directory)
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --serialize-image-pulls Pull images one at a time. We recommend *not* changing the default value on nodes that run docker daemon with version < 1.9 or an Aufs storage backend. Issue #10959 has more details. (default true) (DEPRECATED: This parameter should be set>
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --skip-headers If true, avoid header prefixes in the log messages
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --skip-log-headers If true, avoid headers when opening log files
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --stderrthreshold severity logs at or above this threshold go to stderr (default 2)
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --storage-driver-buffer-duration duration Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction (default 1m0s) (DEPRECATED: This is a cadvisor flag that was mistakenly registered with the Kubelet. Due to l>
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --storage-driver-db string database name (default "cadvisor") (DEPRECATED: This is a cadvisor flag that was mistakenly registered with the Kubelet. Due to legacy concerns, it will follow the standard CLI deprecation timeline before being removed.)
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --storage-driver-host string database host:port (default "localhost:8086") (DEPRECATED: This is a cadvisor flag that was mistakenly registered with the Kubelet. Due to legacy concerns, it will follow the standard CLI deprecation timeline before being removed.)
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --storage-driver-password string database password (default "root") (DEPRECATED: This is a cadvisor flag that was mistakenly registered with the Kubelet. Due to legacy concerns, it will follow the standard CLI deprecation timeline before being removed.)
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --storage-driver-secure use secure connection with database (DEPRECATED: This is a cadvisor flag that was mistakenly registered with the Kubelet. Due to legacy concerns, it will follow the standard CLI deprecation timeline before being removed.)
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --storage-driver-table string table name (default "stats") (DEPRECATED: This is a cadvisor flag that was mistakenly registered with the Kubelet. Due to legacy concerns, it will follow the standard CLI deprecation timeline before being removed.)
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --storage-driver-user string database username (default "root") (DEPRECATED: This is a cadvisor flag that was mistakenly registered with the Kubelet. Due to legacy concerns, it will follow the standard CLI deprecation timeline before being removed.)
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --streaming-connection-idle-timeout duration Maximum time a streaming connection can be idle before the connection is automatically closed. 0 indicates no timeout. Example: '5m' (default 4h0m0s) (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's >
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --sync-frequency duration Max period between synchronizing running containers and config (default 1m0s) (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/tasks/administer-cluster/k>
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --system-cgroups string Optional absolute name of cgroups in which to place all non-kernel processes that are not already inside a cgroup under '/'. Empty for no container. Rolling back the flag requires a reboot. (DEPRECATED: This parameter should be set via the>
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --system-reserved mapStringString A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=500Mi,ephemeral-storage=1Gi) pairs that describe resources reserved for non-kubernetes components. Currently only cpu and memory are supported. See http://kubernetes.io/docs/user>
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --system-reserved-cgroup string Absolute name of the top level cgroup that is used to manage non-kubernetes components for which compute resources were reserved via '--system-reserved' flag. Ex. '/system-reserved'. [default=''] (DEPRECATED: This parameter should be set v>
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --tls-cert-file string File containing x509 Certificate used for serving HTTPS (with intermediate certs, if any, concatenated after server cert). If --tls-cert-file and --tls-private-key-file are not provided, a self-signed certificate and key are generated for >
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --tls-cipher-suites strings Comma-separated list of cipher suites for the server. If omitted, the default Go cipher suites will be used.
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: Preferred values: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY>
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: Insecure values: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_RC4_128_SHA. (DEPRECATED: This parameter should be set via the config file spec>
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --tls-min-version string Minimum TLS version supported. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13 (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/t>
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --tls-private-key-file string File containing x509 private key matching --tls-cert-file. (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/>
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --topology-manager-policy string Topology Manager policy to use. Possible values: 'none', 'best-effort', 'restricted', 'single-numa-node'. (default "none") (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's --config flag. See https://>
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: --topology-manager-scope string Scope to which topology hints applied. Topology Manager collects hints from Hint Providers and applies them to defined scope to ensure the pod admission. Possible values: 'container', 'pod'. (default "container") (DEPRECATED: This paramete>
Jan 14 19:06:13 CKATRAINWK2 kubelet[9116]: -v, --v Level number for the log level verbosity (default 0)
尝试了很多东西,包括
- 在 kubelet-config.yaml 中将 cgroups 指定为 systemd
- 按照指南重新回顾我的步骤以确保我没有错过任何东西。
- 将 containerd 等组件升级至 1.4.4、runc 1.1.7、cni-plugins 1.1.0
(旁注) crictl 也遇到了问题。
只需要故障排除方面的指导。