在部署带有 Kubespray , CRI-O 和 Cilium 的集群时,出现有关选择多个CRI套接字的错误。 / p>
完全错误
fatal: [p3kubemaster1]: FAILED! => {"changed": true, "cmd": " mkdir -p /etc/kubernetes/external_kubeconfig && /usr/local/bin/kubeadm init phase kubeconfig admin --kubeconfig-dir /etc/kubernetes/external_kubeconfig --cert-dir /etc/kubernetes/ssl --apiserver-advertise-address 10.10.3.15 --apiserver-bind-port 6443 >/dev/null && cat /etc/kubernetes/external_kubeconfig/admin.conf && rm -rf /etc/kubernetes/external_kubeconfig ", "delta": "0:00:00.028808", "end": "2019-09-02 13:01:11.472480", "msg": "non-zero return code", "rc": 1, "start": "2019-09-02 13:01:11.443672", "stderr": "Found multiple CRI sockets, please use --cri-socket to select one: /var/run/dockershim.sock, /var/run/crio/crio.sock", "stderr_lines": ["Found multiple CRI sockets, please use --cri-socket to select one: /var/run/dockershim.sock, /var/run/crio/crio.sock"], "stdout": "", "stdout_lines": []}
有趣的部分
kubeadm init phase kubeconfig admin --kubeconfig-dir /etc/kubernetes/external_kubeconfig [...] >/dev/null,"stderr": "Found multiple CRI sockets, please use --cri-socket to select one: /var/run/dockershim.sock, /var/run/crio/crio.sock"}
--cri-socket内设置/var/lib/kubelet/kubeadm-flags.env标志:KUBELET_KUBEADM_ARGS="--container-runtime=remote --container-runtime-endpoint=/var/run/crio/crio.sock --cri-socket=/var/run/crio/crio.sock"
=>没有区别
/etc/kubernetes/kubeadm-config.yaml,但它已经包含以下部分:apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 10.10.3.15
bindPort: 6443
certificateKey: 9063a1ccc9c5e926e02f245c06b8d9f2ff3xxxxxxxxxxxx
nodeRegistration:
name: p3kubemaster1
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
criSocket: /var/run/crio/crio.sock
=>它已经以criSocket标志结尾,所以无事可做...
--cri-socket添加到现有命令中,但失败,并显示Unknow command --cri-socket 现有:
{% if kubeadm_version is version('v1.14.0', '>=') %}
init phase`
尝试过:
{% if kubeadm_version is version('v1.14.0', '>=') %}
init phase --crio socket /var/run/crio/crio.sock`
问题似乎出在与kubeadm init phase标志不兼容的命令--crio-socket上(请参阅第3点)
即使使用配置文件设置了正确的套接字(请参阅第2点),kubeadm init phase也没有使用它。
任何想法都会被理解;-)
答案 0 :(得分:1)
我终于明白了!
最初的kubespray命令为:
kubeadm init phase kubeconfig admin --kubeconfig-dir {{ kube_config_dir }}/external_kubeconfig
⚠️似乎--kubeconfig-dir标志未考虑crio套接字的数量。
因此我将行更改为:
kubeadm init phase kubeconfig admin --config /etc/kubernetes/kubeadm-config.yaml
针对有类似问题的人:
使它在主机上起作用的InitConfig部分如下:
apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 10.10.3.15
bindPort: 6443
certificateKey: 9063a1ccc9c5e926e02f245c06b8d9f2ff3c1eb2dafe5fbe2595ab4ab2d3eb1a
nodeRegistration:
name: p3kubemaster1
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
criSocket: /var/run/crio/crio.sock
在kubespray中,您必须更新文件roles/kubernetes/client/tasks/main.yml(第57行)。
您必须注释开头的--kubeconfig-dir部分,并将其替换为InitConfig文件的路径。
对我来说,它是由kubespray在kube master上的/etc/kubernetes/kubeadm-config.yaml中生成的。检查此文件是否在您身边,并且在 nodeRegistration 部分中包含 criSocket 键。
答案 1 :(得分:0)