Kubernetes FAQs
crictl images 命令执行失败
-
适用版本: Kubernetes 1.35.3,内核版本 < 4.11
-
错误信息:
FATA[0000] validate service connection: validate CRI v1 image API for endpoint "unix:///run/containerd/containerd.sock": rpc error: code = Unimplemented desc = unknown service runtime.v1.ImageService -
解决方案:
关闭 containerd 中的
enable_unprivileged_ports和enable_unprivileged_icmp配置:# 检查当前配置项grep -nE 'unprivileged_(icmp|port)' /etc/containerd/config.toml# 将两项配置改为 falsesed -i \-e 's/^\(\s*enable_unprivileged_ports\s*=\s*\)true/\1false/' \-e 's/^\(\s*enable_unprivileged_icmp\s*=\s*\)true/\1false/' \/etc/containerd/config.toml# 验证修改结果grep -nE 'unprivileged_(icmp|port)' /etc/containerd/config.tomlsystemctl restart containerd-
重启后执行以下命令验证插件状态,所有插件均为
ok代表正常:ctr plugin ls | grep -E 'cri|io.containerd.grpc.v1.cri'预期输出示例
io.containerd.cri.v1 images - okio.containerd.cri.v1 runtime linux/amd64 okio.containerd.grpc.v1 cri - ok
-
安装 Calico 失败
-
适用版本: Kubernetes 1.35.3
-
错误信息:
kubectl -n kube-system logs calico-node-xxx -c upgrade-ipamThis program can only be run on AMD64 processors with v2 microarchitecture support. -
原因: CPU 不支持 x86-64-v2 架构。Calico v3.31.1 起仅支持 x86-64-v2 及以上架构。参考:Calico GitHub Issue #11352
-
解决方案: 改用 Calico 3.30.7 版本
-
下载并解压安装包,导入镜像
wget https://pdpublic.mingdao.com/private-deployment/offline/common/kubernetes-1.35.3/calico-3.30.7-yaml-images-amd64.tar.gztar xzvf calico-3.30.7-yaml-images-amd64.tar.gzcd calico-3.30.7-yaml-images-amd64gunzip -d calico-3.30.7-images-amd64.tar.gzctr -n k8s.io image import calico-3.30.7-images-amd64.tar -
将 calico.yaml 移至安装目录
需在安装包目录
calico-3.30.7-yaml-images-amd64下执行mv calico.yaml /usr/local/kubernetes/ -
修改配置文件
-
替换镜像仓库地址
sed -ri 's|image: docker.io/calico|image: 127.0.0.1:5000|g' /usr/local/kubernetes/calico.yamlgrep image: /usr/local/kubernetes/calico.yaml输出结果示例
image: 127.0.0.1:5000/cni:v3.30.7image: 127.0.0.1:5000/cni:v3.30.7image: 127.0.0.1:5000/node:v3.30.7image: 127.0.0.1:5000/node:v3.30.7image: 127.0.0.1:5000/kube-controllers:v3.30.7 -
配置 Pod 网段
sed -ri '/# - name: CALICO_IPV4POOL_CIDR/,/# value: ".*"/ {s/# - name: CALICO_IPV4POOL_CIDR/- name: CALICO_IPV4POOL_CIDR/s/# value: ".*"/ value: "10.244.0.0\/16"/}' /usr/local/kubernetes/calico.yamlgrep -C 2 CALICO_IPV4POOL_CIDR /usr/local/kubernetes/calico.yaml输出结果示例
# chosen from this range. Changing this value after installation will have# no effect. This should fall within `--cluster-cidr`.- name: CALICO_IPV4POOL_CIDRvalue: "10.244.0.0/16"# Disable file logging so `kubectl logs` works. -
配置 CNI 二进制路径
sed -i '/- name: cni-bin-dir/,/type:/s|path: .*|path: /usr/local/kubernetes/cni/bin|' /usr/local/kubernetes/calico.yamlgrep -C 2 cni-bin-dir /usr/local/kubernetes/calico.yaml输出结果示例
name: host-local-net-dir- mountPath: /host/opt/cni/binname: cni-bin-dirsecurityContext:privileged: true--volumeMounts:- mountPath: /host/opt/cni/binname: cni-bin-dir- mountPath: /host/etc/cni/net.dname: cni-net-dir--path: /proc# Used to install CNI.- name: cni-bin-dirhostPath:path: /usr/local/kubernetes/cni/bin
-
-
部署 Calico
kubectl apply -f /usr/local/kubernetes/calico.yaml
-
calico-node Pod 健康检查失败
-
适用版本: Kubernetes 1.35.3
-
错误信息:
Warning Unhealthy 115s kubelet Readiness probe errored and resulted in unknown state: rpc error: code = Unknown desc = failed to exec in container: failed to start exec "...": OCI runtime exec failed: exec failed: unable to start container process: error adding pid 23804 to cgroups: Unknown method 'AttachProcessesToUnit' or interface 'org.freedesktop.systemd1.Manager' -
原因: 系统不支持
systemdcgroup 驱动,containerd 与 kubelet 的 cgroup 驱动不兼容。 -
解决方案:
将 containerd 的 cgroup 驱动从
systemd改为cgroupfs,并重新初始化集群:-
修改 containerd 配置
sed -i 's/SystemdCgroup = true/SystemdCgroup = false/g' /etc/containerd/config.tomlgrep -n "SystemdCgroup" /etc/containerd/config.tomlsystemctl restart containerd -
在
kubeadm-config.yaml中追加 kubelet cgroup 配置,然后重新执行kubeadm init初始化cd /usr/local/kubernetes/cat >> kubeadm-config.yaml <<'EOF'---apiVersion: kubelet.config.k8s.io/v1beta1kind: KubeletConfigurationcgroupDriver: cgroupfsEOF
-