K8s二进制部署-flanneld报(Couldn‘t fetch network config)
1、报错提示
将网络配置信息写入了ETCD中,启动flanneld测试时一直报错,具体报错如下:
[root@master1 ~]# tail -100f /var/log/messages
Dec 15 23:39:22 localhost flanneld: E1215 23:39:22.688405 31176 main.go:382] Couldn't fetch network config: 100: Key not found (/coreos.com) [10]
Dec 15 23:39:23 localhost flanneld: timed out
Dec 15 23:39:23 localhost flanneld: E1215 23:39:23.701707 31176 main.go:382] Couldn't fetch network config: 100: Key not found (/coreos.com) [10]
Dec 15 23:39:24 localhost flanneld: timed out
Dec 15 23:39:24 localhost flanneld: E1215 23:39:24.717330 31176 main.go:382] Couldn't fetch network config: 100: Key not found (/coreos.com) [10]
Dec 15 23:39:25 localhost flanneld: timed out
Dec 15 23:39:25 localhost flanneld: E1215 23:39:25.725860 31176 main.go:382] Couldn't fetch network config: 100: Key not found (/coreos.com) [10]
Dec 15 23:39:26 localhost flanneld: timed out
Dec 15 23:39:26 localhost flanneld: E1215 23:39:26.733186 31176 main.go:382] Couldn't fetch network config: 100: Key not found (/coreos.com) [10]
Dec 15 23:39:27 localhost flanneld: timed out
Dec 15 23:39:27 localhost flanneld: E1215 23:39:27.744882 31176 main.go:382] Couldn't fetch network config: 100: Key not found (/coreos.com) [10]
Dec 15 23:39:28 localhost flanneld: timed out
Dec 15 23:39:28 localhost flanneld: E1215 23:39:28.755176 31176 main.go:382] Couldn't fetch network config: 100: Key not found (/coreos.com) [10]
Dec 15 23:39:29 localhost systemd: flanneld.service start operation timed out. Terminating.
Dec 15 23:39:29 localhost flanneld: I1215 23:39:29.528718 31176 main.go:370] shutdownHandler sent cancel signal...
Dec 15 23:39:29 localhost systemd: Failed to start Flanneld overlay address etcd agent.
Dec 15 23:39:29 localhost systemd: Unit flanneld.service entered failed state.
Dec 15 23:39:29 localhost systemd: flanneld.service failed.
Dec 15 23:39:29 localhost systemd: flanneld.service holdoff time over, scheduling restart.
Dec 15 23:39:29 localhost systemd: Stopped Flanneld overlay address etcd agent.
Dec 15 23:39:29 localhost systemd: Starting Flanneld overlay address etcd agent...
Dec 15 23:39:29 localhost flanneld: warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
Dec 15 23:39:29 localhost flanneld: I1215 23:39:29.975581 31202 main.go:514] Determining IP address of default interface
Dec 15 23:39:29 localhost flanneld: I1215 23:39:29.976573 31202 main.go:527] Using interface with name ens33 and address 192.168.31.101
Dec 15 23:39:29 localhost flanneld: I1215 23:39:29.976606 31202 main.go:544] Defaulting external address to interface address (192.168.31.101)
Dec 15 23:39:29 localhost flanneld: I1215 23:39:29.983495 31202 main.go:244] Created subnet manager: Etcd Local Manager with Previous Subnet: None
Dec 15 23:39:29 localhost flanneld: I1215 23:39:29.983525 31202 main.go:247] Installing signal handlers
2、配置过程
(1)配置Falnnel使用的子网信息并存储到etcd
[root@master1 ~]# /opt/etcd/bin/etcdctl --cacert=/opt/etcd/ssl/ca.pem --cert=/opt/etcd/ssl/server.pem --key=/opt/etcd/ssl/server-key.pem --endpoints="https://192.
168.31.101:2379,https://192.168.31.102:2379,https://192.168.31.103:2379" put /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'OK
(2)获取配置的子网信息
[root@master1 ~]# /opt/etcd/bin/etcdctl --cacert=/opt/etcd/ssl/ca.pem --cert=/opt/etcd/ssl/server.pem --key=/opt/etcd/ssl/server-key.pem --endpoints="https://192.
168.31.101:2379,https://192.168.31.102:2379,https://192.168.31.103:2379" get /coreos.com/network/config/coreos.com/network/config
{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}
(3)配置flanneld信息
[root@master1 ~]# vim /opt/kubernetes/cfg/flanneld
FLANNEL_OPTIONS="--etcd-endpoints=https://192.168.31.101:2379,https://192.168.31.102:2379,https://192.168.31.103:2379 -etcd-cafile=/opt/etcd/ssl/ca.pem -etcd-certfile=/opt/etcd/ssl/server.pem -etcd-keyfile=/opt/etcd/ssl/server-key.pem"
(4)systemd管理Flannel:
[root@master1 ~]# vim /usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network-online.target network.target
Before=docker.service[Service]
Type=notify
EnvironmentFile=/opt/kubernetes/cfg/flanneld
ExecStart=/opt/kubernetes/bin/flanneld --ip-masq $FLANNEL_OPTIONS
ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env
Restart=on-failure[Install]
WantedBy=multi-user.target
(5)启动flanneld服务
[root@master1 ~]# iptables -I INPUT -s 192.168.0.0/24 -j ACCEPT
[root@master1 ~]# iptables -I INPUT -s 172.17.0.0/24 -j ACCEPT
[root@master1 ~]# systemctl daemon-reload
[root@master1 ~]# systemctl start flanneld
[root@master1 ~]# systemctl enable flanneld
提示开篇所示的错误!!
3、问题原因
github上与此问题相关的一些issues,也即flanneld目前不能与etcdV3直接交互
https://github.com/coreos/flannel/issues/554
https://github.com/coreos/flannel/issues/755
4、解决办法
按如下方法调整后,flanneld服务正常启动。
(1) 开启etcd 支持V2api功能,在etcd启动参数中加入 --enable-v2参数,并重启etcd2
[root@master1 ~]# vim /usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target[Service]
Type=notify
EnvironmentFile=/opt/etcd/cfg/etcd.conf
ExecStart=/opt/etcd/bin/etcd --cert-file=/opt/etcd/ssl/server.pem \
--key-file=/opt/etcd/ssl/server-key.pem \
--peer-cert-file=/opt/etcd/ssl/server.pem \
--peer-key-file=/opt/etcd/ssl/server-key.pem \
--trusted-ca-file=/opt/etcd/ssl/ca.pem \
--peer-trusted-ca-file=/opt/etcd/ssl/ca.pem \
--logger=zap \
--enable-v2
Restart=on-failure
LimitNOFILE=65536[Install]
WantedBy=multi-user.target
[root@master1 ~]# systemctl daemon-reload
[root@master1 ~]# systemctl restart etcd
[root@master1 ~]# ETCDCTL_API=2 /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem
--endpoints="https://192.168.31.101:2379,https://192.168.31.102:2379,https://192.168.31.103:2379" cluster-healthmember 969af216adf1108 is healthy: got healthy result from https://192.168.31.102:2379
member 4d384076f6bc6dde is healthy: got healthy result from https://192.168.31.101:2379
member ea776d7c1c3c494c is healthy: got healthy result from https://192.168.31.103:2379
cluster is healthy
(2)删除原来写入的子网信息
/opt/etcd/bin/etcdctl --cacert=/opt/etcd/ssl/ca.pem --cert=/opt/etcd/ssl/server.pem --key=/opt/etcd/ssl/server-key.pem --endpoints="https://192.
168.31.101:2379,https://192.168.31.102:2379,https://192.168.31.103:2379" del /coreos.com/network/config
(3)重新使用V2写入子网信息
[root@master1 ~]# ETCDCTL_API=2 /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem
--endpoints="https://192.168.31.101:2379,https://192.168.31.102:2379,https://192.168.31.103:2379" set /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}
[root@master1 ~]# ETCDCTL_API=2 /opt/etcd/bin/etcdctl --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem
--endpoints="https://192.168.31.101:2379,https://192.168.31.102:2379,https://192.168.31.103:2379" get /coreos.com/network/config{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}
(4)重启flanneld服务
[root@master1 ~]# iptables -I INPUT -s 192.168.0.0/24 -j ACCEPT
[root@master1 ~]# iptables -I INPUT -s 172.17.0.0/24 -j ACCEPT
[root@master1 ~]# systemctl daemon-reload
[root@master1 ~]# systemctl start flanneld
[root@master1 ~]# systemctl enable flanneld
[root@master1 ~]# systemctl status flanneld
● flanneld.service - Flanneld overlay address etcd agentLoaded: loaded (/usr/lib/systemd/system/flanneld.service; enabled; vendor preset: disabled)Active: active (running) since Tue 2020-12-15 23:40:07 CST; 4min 15s agoMain PID: 31202 (flanneld)CGroup: /system.slice/flanneld.service└─31202 /opt/kubernetes/bin/flanneld --ip-masq --etcd-endpoints=https://192.168.31.101:2379,https://192.168.31.102:2379,https://192.168.31.103:2379 ...Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.171127 31202 iptables.go:155] Adding iptables rule: -s 172.17.0.0/16 -j ACCEPT
Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.180271 31202 iptables.go:167] Deleting iptables rule: -s 172.17.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE
Dec 15 23:40:07 master1 systemd[1]: Started Flanneld overlay address etcd agent.
Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.182977 31202 iptables.go:167] Deleting iptables rule: ! -s 172.17.0.0/16 -d 172.17.51.0/24 -j RETURN
Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.189015 31202 iptables.go:155] Adding iptables rule: -d 172.17.0.0/16 -j ACCEPT
Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.195921 31202 iptables.go:167] Deleting iptables rule: ! -s 172.17.0.0/16 -d 172.17.0.0/16 -j MASQUERADE
Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.203488 31202 iptables.go:155] Adding iptables rule: -s 172.17.0.0/16 -d 172.17.0.0/16 -j RETURN
Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.212158 31202 iptables.go:155] Adding iptables rule: -s 172.17.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE
Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.219014 31202 iptables.go:155] Adding iptables rule: ! -s 172.17.0.0/16 -d 172.17.51.0/24 -j RETURN
Dec 15 23:40:07 master1 flanneld[31202]: I1215 23:40:07.228946 31202 iptables.go:155] Adding iptables rule: ! -s 172.17.0.0/16 -d 172.17.0.0/16 -j MASQUERADE
(5)查看各节点IP,并ping另一节点的docker0网络,以及确认docker0与flannel.1在同一网段
[root@master1 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:14:36:9d brd ff:ff:ff:ff:ff:ffinet 192.168.31.101/24 brd 192.168.31.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::eddd:ed6f:516a:ac4/64 scope link noprefixroute valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:05:2c:ef:6c brd ff:ff:ff:ff:ff:ffinet 172.17.51.1/24 brd 172.17.51.255 scope global docker0valid_lft forever preferred_lft forever
4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default link/ether 02:fb:8d:80:3f:b2 brd ff:ff:ff:ff:ff:ffinet 172.17.51.0/32 scope global flannel.1valid_lft forever preferred_lft foreverinet6 fe80::fb:8dff:fe80:3fb2/64 scope link valid_lft forever preferred_lft forever
[root@master1 ~]# ping 172.17.29.1
PING 172.17.29.1 (172.17.29.1) 56(84) bytes of data.
64 bytes from 172.17.29.1: icmp_seq=1 ttl=64 time=10.1 ms
64 bytes from 172.17.29.1: icmp_seq=2 ttl=64 time=0.635 ms
K8s二进制部署-flanneld报(Couldn‘t fetch network config)相关推荐
- K8S—二进制部署安装(包含UI界面设置)
安装步骤 一.准备工作 二.部署单master K8S 2.1 部署etcd集群 master 节点 node 节点(1/2) 查看集群状态 2.2 部署docker引擎 node 节点(1/2) 2 ...
- K8S二进制部署---单节点master
目录 一.环境准备 二.部署etcd集群 一.环境准备 先准备3台主机,首先搭建Master单节点集群. 因为 Master 是整个 K8S 集群的大脑,没有 Master 接下来的每一步操作都会变得 ...
- k8s二进制部署 1.17.3
K8s简介 Kubernetes(简称k8s)是Google在2014年6月开源的一个容器集群管理系统,使用Go语言开发,用于管理云平台中多个主机上的容器化的应用,Kubernetes的目标是让部署容 ...
- K8S二进制部署(多节点)
目 录 前言 环境准备 一.Master02 节点部署 1.在Master01节点上拷贝证书文件及服务管理文件 2.修改Apiserver配置文件 3.启动服务 4.查看Node节点状态 二.负载均衡 ...
- CentOS7 使用二进制部署 Kubernetes v1.15.3集群
组件版本 && 集群环境 组件版本: Kubernetes v1.15.3 Etcd v3.3.10 Flanneld v0.11.0 服务器IP 角色 192.168.1.241 m ...
- kubernetes (k8s)的二进制部署单节点(etcd和flannel网络)
文章目录 1 常见的k8s部署方式 2 环境准备 2.1 拓扑 2.2 所有主机关闭防火墙,selinux,swap 2.3 所有主机配置主机名,并再maser上做主机映射 2.4 所有主机将桥接的I ...
- K8S——单master节点和基于单master节点的双master节点二进制部署(本机实验,防止卡顿,所以多master就不做3台了)
K8S--单master节点和基于单master节点的双master节点二进制部署 一.准备 二.ETCD集群 1.master节点 2.node节点 三.Flannel网络部署 四.测试容器间互通 ...
- k8s二进制单节点部署
k8s二进制单节点部署 常见的k8s部署方式 Kubernetes二进制部署(单节点) 环境准备 部署etcd集群(这里就不在单独的服务器上部署,直接部署在各节点上,节省资源) 下载证书制作工具 利用 ...
- 二进制部署高可用k8s集群
ip地址规划表 k8s-master1 192.168.2.190 包含etcd存储此为etc主节点 k8s-master2 192.168.2.191 k8s-node1 192.168.2.192 ...
最新文章
- 与善淘网一起做慈善商店
- 无线研究 破解分享
- Jquery插件入门之Validate插件的简单使用
- 用状态空间法(卡尔曼滤波)解决深度高斯过程问题
- Oracle RMAN Recover中使用BBED 跳过缺失的归档 继续 Recover 的测试
- 如何在Twitter上阻止令人讨厌的“今日热门新闻@yourname”垃圾邮件
- spring安全_Spring安全–幕后
- 事务失败返回_什么是分布式事务以及有哪些解决方案?
- vue多选框点击其中一个控制div隐藏_Vue 零碎知识点
- 大众考虑投资中国汽车零部件供应商 潜在目标包括国轩高科
- python--openpyxl模块使用, 对excel表格的操作
- CCRC和ISO27001有什么区别?
- 浙江工业大学计算机类专业是几年,浙江工业大学计算机类专业培养计划
- 哪个大佬有c#三层架构写的餐饮管理系统源代码
- 用计算机做动画,如何制作动画
- 权威DNS、递归DNS以及DNS相关排名
- P2627 [USACO11OPEN]Mowing the Lawn G(单调队列优化dp)
- mysql 修改校对规则,整合MYSQL校对规则
- 输入数据求熵值法matlab代码,熵值法matlab程序
- 工程力学(14)—弯曲内力
热门文章
- 无人机小知识:Pitch Yaw Roll的经典解释
- 魔兽世界私服trinitycore2的数据库TDB(1)
- 996程序员入职一年多,同事涨4千他没涨,跟领导提涨薪,回复愣了
- 人的一生,到底在追求甚麼
- iOS 添加微信分享sdk流程
- 自动化生产线实训系统,自动化生产线实训装置QY-JDYT
- H5调用本地相册/相机上传图片
- cmake错误:CMake Error: CMake can not determine linker language for target
- 利用Slf4j的MDC跟踪方法调用链
- python查天气预报_Python如何读取天气预报