容器

时间:2018-12-25 15:54:47

标签: kubernetes containerd

我找不到有关集装箱问题的3条信息。希望对容器化操作有更多了解。

由于围绕容器(主要是磁盘压力)的问题(貌似),必须继续重建我的kubernetes环境。容器可执行文件和关联的套接字所有权之类的感觉可以发挥作用。目录/var/lib/containerd/io.containerd.content.v1.content充满了时间。我最终从该位置删除了快照,blob等。有时这可以帮助我前进,但吊舱通常会无限期地处于退出状态或初始化状态。我缺乏有关kubernetes GC的关键知识,缺少必要的容器文件所有权。

来自裸机VM环境的信息很少:

$ uname -a
Linux node1.home 4.4.0-131-generic #157-Ubuntu SMP Thu Jul 12 15:51:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ free -m
              total        used        free      shared  buff/cache   available
Mem:           3951         772        1649          40        1529        2899
Swap:           974           0         974
$ df -h
Filesystem      Size  Used Avail Use% Mounted on
udev            1.5G     0  1.5G   0% /dev
tmpfs           301M   32M  270M  11% /run
/dev/sda1        14G  4.8G  8.3G  37% /
tmpfs           1.5G     0  1.5G   0% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           1.5G     0  1.5G   0% /sys/fs/cgroup
tmpfs           301M     0  301M   0% /run/user/1000
shm              64M     0   64M   0% /run/containerd/io.containerd.grpc.v1.cri/sandboxes/7a8ff8ecad13bd7b8bc6547dcfb330e53b073029cfb46ee4e5169a3da721f234/shm
overlay          14G  4.8G  8.3G  37% /run/containerd/io.containerd.runtime.v1.linux/k8s.io/7a8ff8ecad13bd7b8bc6547dcfb330e53b073029cfb46ee4e5169a3da721f234/rootfs
overlay          14G  4.8G  8.3G  37% /run/containerd/io.containerd.runtime.v1.linux/k8s.io/8a84f4e50b272d39785f575003c53c013363d2428f4e177c244ebbbddc6a266e/rootfs
shm              64M     0   64M   0% /run/containerd/io.containerd.grpc.v1.cri/sandboxes/9a86d1816db9679b3927bde048d4054e6d8780084fe406576622c48d814e4128/shm
overlay          14G  4.8G  8.3G  37% /run/containerd/io.containerd.runtime.v1.linux/k8s.io/9a86d1816db9679b3927bde048d4054e6d8780084fe406576622c48d814e4128/rootfs

包含的可执行文件和套接字所有权如下:

$ ls -l /usr/local/bin/
total 384020
-rwxr-xr-x 1 2000 2000  38133944 Apr 24  2018 containerd
-rwxr-xr-x 1 2000 2000   3539296 Apr 24  2018 containerd-release
-rwxr-xr-x 1 2000 2000   4185920 Apr 24  2018 containerd-shim
-rwxr-xr-x 1 2000 2000  17395032 Apr 24  2018 containerd-stress
-rwxr-xr-x 1 node node  28466436 Jul 13 12:09 crictl
-rwxr-xr-x 1 2000 2000  20919672 Apr 24  2018 ctr
-rwxrwxr-x 1 node node  55400930 Jul 18 03:13 kubectl
-rwxrwxr-x 1 node node 163031056 Jul 18 03:13 kubelet
-rwxrwxr-x 1 node node  52059570 Jul 18 03:13 kube-proxy
-rwxrwxr-x 1 node node  10087904 Nov 21 10:37 runc

$ sudo ls -l /var/run/containerd
total 0
srw-rw---- 1 root root  0 Dec 23 14:56 containerd.sock
drwxr-xr-x 4 root root 80 Dec 23 15:11 io.containerd.grpc.v1.cri
drwx--x--x 3 root root 60 Dec 23 15:09 io.containerd.runtime.v1.linux
drwx------ 3 root root 60 Dec 23 15:09 runc

问题1:我更改了所有权,例如以下内容,以便能够提取图像。在此目录中拥有文件所有权的最佳做法是什么?

$ sudo chown $(whoami):$(whoami) /var/run/containerd/containerd.sock
$ sudo chown -R $(whoami):$(whoami) /var/run/containerd/io.containerd.grpc.v1.cri
$ sudo chown -R $(whoami):$(whoami) /var/run/containerd/io.containerd.runtime.v1.linux
$ sudo chown -R $(whoami):$(whoami) /var/run/containerd/runc

问题2:随着时间的流逝,由于磁盘压力,kubelet无法接纳吊舱。 

Failed to admit pod weave-net-94zht_kube-system(45c32573-0848-11e9-a03e-0800277b3732) - node has conditions: [DiskPressure]

我最终从/var/lib/containerd/io.containerd.content.v1.content中删除了最大的那些。我确信这不是正确的方法。当关联的Pod被删除后,如何确保容器删除图像?

root@node1:/var/lib/containerd# du -H . | sort -nr | head
7998792 .
5924044 ./io.containerd.content.v1.content
5225584 ./io.containerd.content.v1.content/ingest
3619228 ./io.containerd.content.v1.content/ingest/bb03e51f0e1aef32213993dbc9658a8e69d30a74c8528816bd2d1842ee247c7c
2072468 ./io.containerd.snapshotter.v1.overlayfs
2072292 ./io.containerd.snapshotter.v1.overlayfs/snapshots
698456  ./io.containerd.content.v1.content/blobs
698452  ./io.containerd.content.v1.content/blobs/sha256
600768  ./io.containerd.content.v1.content/ingest/f8a0f55edab797342b0ddbdc5b82409eb54c3451f7bc3b9fe7dbbd656ffdf8ae
354008  ./io.containerd.snapshotter.v1.overlayfs/snapshots/89

问题3:当我运行docker容器时,尝试docker image ls时会得到此输出。文件所有权会在这里发挥作用吗?请注意,容器化是主机上的运行时。

$ kubectl exec -it dock -c docker -- sh
/workspace # docker container ls
Get http://%2Fvar%2Frun%2Fdocker.sock/v1.37/containers/json: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x00\x00\x00\x04\x00\x00\x00\x00\x00".
* Are you trying to connect to a TLS-enabled daemon without TLS?

认为我的安装路径正确

...
    - name: docker-socket
      mountPath: /var/run/docker.sock
...
  volumes:
  - name: docker-socket
    hostPath:
      path: /var/run/containerd/containerd.sock
      type: Socket
...

0 个答案:

没有答案
相关问题
最新问题