Bonjour jeune entrepreneur,
Si tu maîtrises Kubernetes tu auras peut-être l’immense honneur de m’aider ! Voici mon problème :
Je tente d’installer un cluster Kubernetes, un master déjà pour commencer. Je fais ça sur une VM Debian 10 (KVM, hôte en Debian 10 aussi).
L’étape kubeadm init a bien abouti, je peux interroger le cluster :
$ kubectl cluster-info
Kubernetes control plane is running at https://192.168.122.204:6443
KubeDNS is running at https://192.168.122.204:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
Ensuite j’ai installé un CNI : Flannel, puis j’ai voulu installer le dashboard. Et c’est là que ça chie. L’installation (ie: le kubectl apply -f …) s’est bien déroulée, mais le pod ne démarre pas :
$ kubectl -n kubernetes-dashboard get pods
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-79c5968bdc-gxqct 0/1 CrashLoopBackOff 86 3d23h
kubernetes-dashboard-9f9799597-cdcbc 0/1 ContainerCannotRun 53 3d23h
$ kubectl -n kubernetes-dashboard describe pods kubernetes-dashboard-9f9799597-cdcbc |tail -n20
Warning FailedCreatePodSandBox 23h kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "kubernetes-dashboard-9f9799597-cdcbc": Error response from daemon: OCI runtime create failed: runc did not terminate sucessfully: unknown
Warning FailedCreatePodSandBox 23h kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "kubernetes-dashboard-9f9799597-cdcbc": Error response from daemon: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/00a5aab0c7edabe7c56fa373991492a3ebeffc64865b1b8b05b35a47bf5f7846/log.json: no such file or directory): runc did not terminate sucessfully: unknown
Warning FailedCreatePodSandBox 23h kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "kubernetes-dashboard-9f9799597-cdcbc": Error response from daemon: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/237fefb18f26557c180d856b0789c7edf4fab8134e07c15d7cbcc2aaeec51d64/log.json: no such file or directory): runc did not terminate sucessfully: unknown
Warning FailedCreatePodSandBox 23h kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "kubernetes-dashboard-9f9799597-cdcbc": Error response from daemon: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/e4a950a874522a6909b89217611da6aa10d49edf996f47635c54d3be2839e11d/log.json: no such file or directory): runc did not terminate sucessfully: unknown
Warning FailedCreatePodSandBox 23h (x3 over 23h) kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "kubernetes-dashboard-9f9799597-cdcbc": Error response from daemon: failed to start shim: fork/exec /usr/bin/docker-containerd-shim: resource temporarily unavailable: unknown
Warning FailedCreatePodSandBox 23h kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "kubernetes-dashboard-9f9799597-cdcbc": Error response from daemon: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/fccfa3ebd614804419954d1d94d9c03e37885ddef0f4e2566114c9bb014092d6/log.json: no such file or directory): runc did not terminate sucessfully: unknown
Warning FailedCreatePodSandBox 23h kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "kubernetes-dashboard-9f9799597-cdcbc": Error response from daemon: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/ffea13900939584c5bd1d491f1dc695452849485c6718486975a77625bca1921/log.json: no such file or directory): runc did not terminate sucessfully: unknown
Normal SandboxChanged 23h (x12 over 23h) kubelet Pod sandbox changed, it will be killed and re-created.
Warning FailedCreatePodSandBox 23h (x39 over 23h) kubelet (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "kubernetes-dashboard-9f9799597-cdcbc": Error response from daemon: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/3d4227cd8ee3e5b1f7a1ab709523eeb8b2e75a496feea495889ec748ef41e550/log.json: no such file or directory): fork/exec /usr/sbin/runc: resource temporarily unavailable: unknown
Warning FailedCreatePodSandBox 51m kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "7d2be28bcba24165c3220a686094abaa2f997277beedf766a620179294caf9d3" network for pod "kubernetes-dashboard-9f9799597-cdcbc": networkPlugin cni failed to set up pod "kubernetes-dashboard-9f9799597-cdcbc_kubernetes-dashboard" network: open /run/flannel/subnet.env: no such file or directory
Warning FailedCreatePodSandBox 51m kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "1bd11304d6f7ab5f37f7465712dc18e6615013026e5a7ff45e0365da2ccb232c" network for pod "kubernetes-dashboard-9f9799597-cdcbc": networkPlugin cni failed to set up pod "kubernetes-dashboard-9f9799597-cdcbc_kubernetes-dashboard" network: open /run/flannel/subnet.env: no such file or directory
Warning FailedCreatePodSandBox 51m kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "kubernetes-dashboard-9f9799597-cdcbc": Error response from daemon: OCI runtime create failed: container_linux.go:344: starting container process caused "process_linux.go:424: container init caused \"process_linux.go:407: running prestart hook 0 caused \\\"error running hook: exit status 2, stdout: , stderr: runtime/cgo: pthread_create failed: Resource temporarily unavailable\\\\nSIGABRT: abort\\\\nPC=0x7f210b6557bb m=0 sigcode=18446744073709551610\\\\n\\\\ngoroutine 0 [idle]:\\\\nruntime: unknown pc 0x7f210b6557bb\\\\nstack: frame={sp:0x7ffe926436b0, fp:0x0} stack=[0x7ffe91e44ba8,0x7ffe92643bd0)\\\\n00007ffe926435b0: ffffffffffffffff ffffffffffffffff \\\\n00007ffe926435c0: ffffffffffffffff ffffffffffffffff \\\\n00007ffe926435d0: ffffffffffffffff ffffffffffffffff \\\\n00007ffe926435e0: 0000000000000000 0000000000000000 \\\\n00007ffe926435f0: 0000000000000000 0000000000000000 \\\\n00007ffe92643600: 0000000000000000 0000000000000000 \\\\n00007ffe92643610: 0000000000000000 0000000000000000 \\\\n00007ffe92643620: 00007f210b98a9f0 00007f210b61d580 \\\\n00007ffe92643630: 0000000000000000 0000000000000000 \\\\n00007ffe92643640: 0000000000000000 0000000000000000 \\\\n00007ffe92643650: 0000000000000000 0000000000000000 \\\\n00007ffe92643660: 0000000000000000 0000000000000000 \\\\n00007ffe92643670: 0000000000000000 0000000000000000 \\\\n00007ffe92643680: 0000000000000000 0000000000000000 \\\\n00007ffe92643690: 0000000000000000 0000000000000000 \\\\n00007ffe926436a0: 00007f210b7de6f0 00005589e9065ce0 \\\\n00007ffe926436b0: <0000000000000000 00007f210b6a341a \\\\n00007ffe926436c0: 00007f2107d6e700 00007ffe92643700 \\\\n00007ffe926436d0: 00005589e42c25c7 <runtime.step+279> 00005589e6759642 \\\\n00007ffe926436e0: 0000000000ef1380 0000000000ef1380 \\\\n00007ffe926436f0: 0000027500000002 0000000000ef1380 \\\\n00007ffe92643700: 0000000000000002 800000000000000e \\\\n00007ffe92643710: 0000000000000000 0000000000000000 \\\\n00007ffe92643720: 0000000000000000 0000000000000000 \\\\n00007ffe92643730: fffffffe7fffffff ffffffffffffffff \\\\n00007ffe92643740: ffffffffffffffff ffffffffffffffff \\\\n00007ffe92643750: ffffffffffffffff ffffffffffffffff \\\\n00007ffe92643760: ffffffffffffffff ffffffffffffffff \\\\n00007ffe92643770: ffffffffffffffff ffffffffffffffff \\\\n00007ffe92643780: ffffffffffffffff ffffffffffffffff \\\\n00007ffe92643790: ffffffffffffffff ffffffffffffffff \\\\n00007ffe926437a0: ffffffffffffffff ffffffffffffffff \\\\nruntime: unknown pc 0x7f210b6557bb\\\\nstack: frame={sp:0x7ffe926436b0, fp:0x0} stack=[0x7ffe91e44ba8,0x7ffe92643bd0)\\\\n00007ffe926435b0: ffffffffffffffff ffffffffffffffff \\\\n00007ffe926435c0: ffffffffffffffff ffffffffffffffff \\\\n00007ffe926435d0: ffffffffffffffff ffffffffffffffff \\\\n00007ffe926435e0: 0000000000000000 0000000000000000 \\\\n00007ffe926435f0: 0000000000000000 0000000000000000 \\\\n00007ffe92643600: 0000000000000000 0000000000000000 \\\\n00007ffe92643610: 0000000000000000 0000000000000000 \\\\n00007ffe92643620: 00007f210b98a9f0 00007f210b61d580 \\\\n00007ffe92643630: 0000000000000000 0000000000000000 \\\\n00007ffe92643640: 0000000000000000 0000000000000000 \\\\n00007ffe92643650: 0000000000000000 0000000000000000 \\\\n00007ffe92643660: 0000000000000000 0000000000000000 \\\\n00007ffe92643670: 0000000000000000 0000000000000000 \\\\n00007ffe92643680: 0000000000000000 0000000000000000 \\\\n00007ffe92643690: 0000000000000000 0000000000000000 \\\\n00007ffe926436a0: 00007f210b7de6f0 00005589e9065ce0 \\\\n00007ffe926436b0: <0000000000000000 00007f210b6a341a \\\\n00007ffe926436c0: 00007f2107d6e700 00007ffe92643700 \\\\n00007ffe926436d0: 00005589e42c25c7 <runtime.step+279> 00005589e6759642 \\\\n00007ffe926436e0: 0000000000ef1380 0000000000ef1380 \\\\n00007ffe926436f0: 0000027500000002 0000000000ef1380 \\\\n00007ffe92643700: 0000000000000002 800000000000000e \\\\n00007ffe92643710: 0000000000000000 0000000000000000 \\\\n00007ffe92643720: 0000000000000000 0000000000000000 \\\\n00007ffe92643730: fffffffe7fffffff ffffffffffffffff \\\\n00007ffe92643740: ffffffffffffffff ffffffffffffffff \\\\n00007ffe92643750: ffffffffffffffff ffffffffffffffff \\\\n00007ffe92643760: ffffffffffffffff ffffffffffffffff \\\\n00007ffe92643770: ffffffffffffffff ffffffffffffffff \\\\n00007ffe92643780: ffffffffffffffff ffffffffffffffff \\\\n00007ffe92643790: ffffffffffffffff ffffffffffffffff \\\\n00007ffe926437a0: ffffffffffffffff ffffffffffffffff \\\\n\\\\ngoroutine 1 [running, locked to thread]:\\\\nruntime.asmcgocall(0x5589e595dfa0, 0xc00005a720)\\\\n\\\\t/usr/lib/go-1.11/src/runtime/asm_amd64.s:622 +0x3f fp=0xc00005a6f8 sp=0xc00005a6f0 pc=0x5589e42d37cf\\\\nruntime.newm1(0xc00005ee00)\\\\n\\\\t/usr/lib/go-1.11/src/runtime/proc.go:1935 +0xc8 fp=0xc00005a748 sp=0xc00005a6f8 pc=0x5589e42a9288\\\\nruntime.newm(0x5589e65ef1c0, 0x0)\\\\n\\\\t/usr/lib/go-1.11/src/runtime/proc.go:1919 +0x9f fp=0xc00005a778 sp=0xc00005a748 pc=0x5589e42a910f\\\\nruntime.startTemplateThread()\\\\n\\\\t/usr/lib/go-1.11/src/runtime/proc.go:1955 +0x51 fp=0xc00005a798 sp=0xc00005a778 pc=0x5589e42a9351\\\\nruntime.main()\\\\n\\\\t/usr/lib/go-1.11/src/runtime/proc.go:184 +0x19c fp=0xc00005a7e0 sp=0xc00005a798 pc=0x5589e42a4efc\\\\nruntime.goexit()\\\\n\\\\t/usr/lib/go-1.11/src/runtime/asm_amd64.s:1333 +0x1 fp=0xc00005a7e8 sp=0xc00005a7e0 pc=0x5589e42d4091\\\\n\\\\nrax 0x0\\\\nrbx 0x6\\\\nrcx 0x7f210b6557bb\\\\nrdx 0x0\\\\nrdi 0x2\\\\nrsi 0x7ffe926436b0\\\\nrbp 0x5589e5ca6ef5\\\\nrsp 0x7ffe926436b0\\\\nr8 0x0\\\\nr9 0x7ffe926436b0\\\\nr10 0x8\\\\nr11 0x246\\\\nr12 0x5589e9065e70\\\\nr13 0x11\\\\nr14 0x5589e5c50514\\\\nr15 0x0\\\\nrip 0x7f210b6557bb\\\\nrflags 0x246\\\\ncs 0x33\\\\nfs 0x0\\\\ngs 0x0\\\\n\\\"\"": unknown
Warning FailedCreatePodSandBox 51m kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "kubernetes-dashboard-9f9799597-cdcbc": Error response from daemon: OCI runtime create failed: runc did not terminate sucessfully: unknown
Warning FailedCreatePodSandBox 50m kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "kubernetes-dashboard-9f9799597-cdcbc": Error response from daemon: ttrpc: client shutting down: read unix @->/run/containerd/s/37b673c7316d7c428c39e2c5e09d7d6eb1f1d79b9104c658bab11ffb45ac6b3c: read: connection reset by peer: unknown
Warning FailedCreatePodSandBox 50m kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "kubernetes-dashboard-9f9799597-cdcbc": Error response from daemon: OCI runtime create failed: container_linux.go:344: starting container process caused "process_linux.go:269: starting init process command caused \"fork/exec /proc/self/exe: resource temporarily unavailable\"": unknown
Warning FailedCreatePodSandBox 50m kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "kubernetes-dashboard-9f9799597-cdcbc": Error response from daemon: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/3030ca2f8bbb0d5175b2ae2740847b6dc7b531c329260e5f4aec70759b9ec61e/log.json: no such file or directory): runc did not terminate sucessfully: unknown
Warning FailedCreatePodSandBox 50m kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "kubernetes-dashboard-9f9799597-cdcbc": Error response from daemon: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/6b8532ce7583f71896b176cf46bd9acbcc881c11c50b129cac1f3b8d359bf041/log.json: no such file or directory): runc did not terminate sucessfully: unknown
Warning FailedCreatePodSandBox 50m (x2 over 50m) kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "kubernetes-dashboard-9f9799597-cdcbc": Error response from daemon: failed to start shim: fork/exec /usr/bin/docker-containerd-shim: resource temporarily unavailable: unknown
Normal SandboxChanged 36m (x232 over 51m) kubelet Pod sandbox changed, it will be killed and re-created.
Warning FailedCreatePodSandBox 91s (x639 over 50m) kubelet (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "kubernetes-dashboard-9f9799597-cdcbc": Error response from daemon: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/2194dac0e95b9127d513526afc36c6efcbd6d4e0781f6f27cc287ed0607d4e6f/log.json: no such file or directory): fork/exec /usr/sbin/runc: resource temporarily unavailable: unknown
Alors voilà, je suis bloqué là. On voit bien que j’ai certains conteneurs, liés à Kubernetes, qui sont démarrés (ici je lance la commande directement sur le cluster) :
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ba80d3a65e72 k8s.gcr.io/pause:3.2 "/pause" About an hour ago Up About an hour k8s_POD_dashboard-metrics-scraper-79c5968bdc-gxqct_kubernetes-dashboard_9533858c-0ea8-4d48-8a20-3695d61a4072_22
72930d1f2f4c dee1cac4dd20 "/opt/bin/flanneld -…" About an hour ago Up About an hour k8s_kube-flannel_kube-flannel-ds-jrtcn_kube-system_d6784bba-66fe-41c6-9dd5-d205300e9683_21
b6e15e6f567f c29e6c583067 "/usr/local/bin/kube…" About an hour ago Up About an hour k8s_kube-proxy_kube-proxy-6x2rv_kube-system_3571a164-3e11-4ebe-8e31-563080ce8aba_16
0ff40e1f847d k8s.gcr.io/pause:3.2 "/pause" About an hour ago Up About an hour k8s_POD_kube-flannel-ds-jrtcn_kube-system_d6784bba-66fe-41c6-9dd5-d205300e9683_14
0720c23b9f4b k8s.gcr.io/pause:3.2 "/pause" About an hour ago Up About an hour k8s_POD_coredns-74ff55c5b-jklcd_kube-system_a72b0284-7719-413e-9622-1f09fa245ce5_16
923bae3f5c32 k8s.gcr.io/pause:3.2 "/pause" About an hour ago Up About an hour k8s_POD_kube-proxy-6x2rv_kube-system_3571a164-3e11-4ebe-8e31-563080ce8aba_13
be64289b7fab 5f8cb769bd73 "kube-scheduler --au…" About an hour ago Up About an hour k8s_kube-scheduler_kube-scheduler-bouillon_kube-system_90280dfce8bf44f46a3e41b6c4a9f551_13
f6a94c1f735f 0a41a1414c53 "kube-controller-man…" About an hour ago Up About an hour k8s_kube-controller-manager_kube-controller-manager-bouillon_kube-system_c4804a7e661ad03b11396c7acdda8c3a_13
023765cc3557 k8s.gcr.io/pause:3.2 "/pause" About an hour ago Up About an hour k8s_POD_kube-scheduler-bouillon_kube-system_90280dfce8bf44f46a3e41b6c4a9f551_13
f5092b423253 k8s.gcr.io/pause:3.2 "/pause" About an hour ago Up About an hour k8s_POD_kube-controller-manager-bouillon_kube-system_c4804a7e661ad03b11396c7acdda8c3a_13
bb62cf85c401 ae5eb22e4a9d "kube-apiserver --ad…" About an hour ago Up About an hour k8s_kube-apiserver_kube-apiserver-bouillon_kube-system_c5a79b6a4db0fe0104f6d6632115f3b8_14
de275953d9d0 k8s.gcr.io/pause:3.2 "/pause" About an hour ago Up About an hour k8s_POD_kube-apiserver-bouillon_kube-system_c5a79b6a4db0fe0104f6d6632115f3b8_13
bdc5ab95ba1a 0369cf4303ff "etcd --advertise-cl…" About an hour ago Up About an hour k8s_etcd_etcd-bouillon_kube-system_fa16f8225a7397b6a665d2de0b1ff6db_13
da2af50bce5c k8s.gcr.io/pause:3.2 "/pause" About an hour ago Up About an hour k8s_POD_etcd-bouillon_kube-system_fa16f8225a7397b6a665d2de0b1ff6db_13
Par contre, et c’est là que je ne comprends plus, si j’essaie de démarrer un bête conteneur manuellement il ne démarre pas ! Il reste à l’état "Created" et j’ai ce message d’erreur (commande lancée sur le cluster) :
# docker run -it centos:7
Unable to find image 'centos:7' locally
7: Pulling from library/centos
2d473b07cdd5: Pull complete
Digest: sha256:0f4ec88e21daf75124b8a9e5ca03c37a5e937e0e108a255d890492430789b60e
Status: Downloaded newer image for centos:7
docker: Error response from daemon: OCI runtime create failed: container_linux.go:344: starting container process caused "process_linux.go:424: container init caused \"process_linux.go:407: running prestart hook 0 caused \\\"error running hook: exit status 2, stdout: , stderr: runtime/cgo: pthread_create failed: Resource temporarily unavailable\\\\nSIGABRT: abort\\\\nPC=0x7f91fa9e57bb m=0 sigcode=18446744073709551610\\\\n\\\\ngoroutine 0 [idle]:\\\\nruntime: unknown pc 0x7f91fa9e57bb\\\\nstack: frame={sp:0x7ffc44401870, fp:0x0} stack=[0x7ffc43c02ef8,0x7ffc44401f20)\\\\n00007ffc44401770: ffffffffffffffff ffffffffffffffff \\\\n00007ffc44401780: ffffffffffffffff ffffffffffffffff \\\\n00007ffc44401790: ffffffffffffffff ffffffffffffffff \\\\n00007ffc444017a0: 0000000000000000 0000000000000000 \\\\n00007ffc444017b0: 0000000000000000 0000000000000000 \\\\n00007ffc444017c0: 0000000000000000 0000000000000000 \\\\n00007ffc444017d0: 0000000000000000 0000000000000000 \\\\n00007ffc444017e0: 00007f91fad1a9f0 00007f91fa9ad580 \\\\n00007ffc444017f0: 0000000000000000 0000000000000000 \\\\n00007ffc44401800: 0000000000000000 0000000000000000 \\\\n00007ffc44401810: 0000000000000000 0000000000000000 \\\\n00007ffc44401820: 0000000000000000 0000000000000000 \\\\n00007ffc44401830: 0000000000000000 0000000000000000 \\\\n00007ffc44401840: 0000000000000000 0000000000000000 \\\\n00007ffc44401850: 0000000000000000 0000000000000000 \\\\n00007ffc44401860: 00007f91fad1a9f0 00007f91fa9ad580 \\\\n00007ffc44401870: <0000000000000000 0000000000000000 \\\\n00007ffc44401880: 0000000000000000 0000000000000000 \\\\n00007ffc44401890: 0000000000000000 0000000000000000 \\\\n00007ffc444018a0: 0000000000000000 0000000000000000 \\\\n00007ffc444018b0: 0000000000000000 0000000000000000 \\\\n00007ffc444018c0: 0000000000000002 800000000000000e \\\\n00007ffc444018d0: 0000000000000000 0000000000000000 \\\\n00007ffc444018e0: 0000000000000000 0000000000000000 \\\\n00007ffc444018f0: fffffffe7fffffff ffffffffffffffff \\\\n00007ffc44401900: ffffffffffffffff ffffffffffffffff \\\\n00007ffc44401910: ffffffffffffffff ffffffffffffffff \\\\n00007ffc44401920: ffffffffffffffff ffffffffffffffff \\\\n00007ffc44401930: ffffffffffffffff ffffffffffffffff \\\\n00007ffc44401940: ffffffffffffffff ffffffffffffffff \\\\n00007ffc44401950: ffffffffffffffff ffffffffffffffff \\\\n00007ffc44401960: ffffffffffffffff ffffffffffffffff \\\\nruntime: unknown pc 0x7f91fa9e57bb\\\\nstack: frame={sp:0x7ffc44401870, fp:0x0} stack=[0x7ffc43c02ef8,0x7ffc44401f20)\\\\n00007ffc44401770: ffffffffffffffff ffffffffffffffff \\\\n00007ffc44401780: ffffffffffffffff ffffffffffffffff \\\\n00007ffc44401790: ffffffffffffffff ffffffffffffffff \\\\n00007ffc444017a0: 0000000000000000 0000000000000000 \\\\n00007ffc444017b0: 0000000000000000 0000000000000000 \\\\n00007ffc444017c0: 0000000000000000 0000000000000000 \\\\n00007ffc444017d0: 0000000000000000 0000000000000000 \\\\n00007ffc444017e0: 00007f91fad1a9f0 00007f91fa9ad580 \\\\n00007ffc444017f0: 0000000000000000 0000000000000000 \\\\n00007ffc44401800: 0000000000000000 0000000000000000 \\\\n00007ffc44401810: 0000000000000000 0000000000000000 \\\\n00007ffc44401820: 0000000000000000 0000000000000000 \\\\n00007ffc44401830: 0000000000000000 0000000000000000 \\\\n00007ffc44401840: 0000000000000000 0000000000000000 \\\\n00007ffc44401850: 0000000000000000 0000000000000000 \\\\n00007ffc44401860: 00007f91fad1a9f0 00007f91fa9ad580 \\\\n00007ffc44401870: <0000000000000000 0000000000000000 \\\\n00007ffc44401880: 0000000000000000 0000000000000000 \\\\n00007ffc44401890: 0000000000000000 0000000000000000 \\\\n00007ffc444018a0: 0000000000000000 0000000000000000 \\\\n00007ffc444018b0: 0000000000000000 0000000000000000 \\\\n00007ffc444018c0: 0000000000000002 800000000000000e \\\\n00007ffc444018d0: 0000000000000000 0000000000000000 \\\\n00007ffc444018e0: 0000000000000000 0000000000000000 \\\\n00007ffc444018f0: fffffffe7fffffff ffffffffffffffff \\\\n00007ffc44401900: ffffffffffffffff ffffffffffffffff \\\\n00007ffc44401910: ffffffffffffffff ffffffffffffffff \\\\n00007ffc44401920: ffffffffffffffff ffffffffffffffff \\\\n00007ffc44401930: ffffffffffffffff ffffffffffffffff \\\\n00007ffc44401940: ffffffffffffffff ffffffffffffffff \\\\n00007ffc44401950: ffffffffffffffff ffffffffffffffff \\\\n00007ffc44401960: ffffffffffffffff ffffffffffffffff \\\\n\\\\ngoroutine 1 [running, locked to thread]:\\\\nruntime.systemstack_switch()\\\\n\\\\t/usr/lib/go-1.11/src/runtime/asm_amd64.s:311 fp=0xc00005a708 sp=0xc00005a700 pc=0x55e21a692f80\\\\nruntime.newproc(0x55e200000000, 0x55e21c9affb0)\\\\n\\\\t/usr/lib/go-1.11/src/runtime/proc.go:3311 +0x70 fp=0xc00005a750 sp=0xc00005a708 pc=0x55e21a66dd80\\\\nruntime.init.4()\\\\n\\\\t/usr/lib/go-1.11/src/runtime/proc.go:240 +0x37 fp=0xc00005a770 sp=0xc00005a750 pc=0x55e21a666107\\\\nruntime.init()\\\\n\\\\t<autogenerated>:1 +0xea fp=0xc00005a798 sp=0xc00005a770 pc=0x55e21a692c2a\\\\nruntime.main()\\\\n\\\\t/usr/lib/go-1.11/src/runtime/proc.go:147 +0xcd fp=0xc00005a7e0 sp=0xc00005a798 pc=0x55e21a665e2d\\\\nruntime.goexit()\\\\n\\\\t/usr/lib/go-1.11/src/runtime/asm_amd64.s:1333 +0x1 fp=0xc00005a7e8 sp=0xc00005a7e0 pc=0x55e21a695091\\\\n\\\\nrax 0x0\\\\nrbx 0x6\\\\nrcx 0x7f91fa9e57bb\\\\nrdx 0x0\\\\nrdi 0x2\\\\nrsi 0x7ffc44401870\\\\nrbp 0x55e21c067ef5\\\\nrsp 0x7ffc44401870\\\\nr8 0x0\\\\nr9 0x7ffc44401870\\\\nr10 0x8\\\\nr11 0x246\\\\nr12 0x55e21ea1db30\\\\nr13 0x11\\\\nr14 0x55e21c011514\\\\nr15 0x0\\\\nrip 0x7f91fa9e57bb\\\\nrflags 0x246\\\\ncs 0x33\\\\nfs 0x0\\\\ngs 0x0\\\\n\\\"\"": unknown.
# docker ps -a |grep centos
ebc6ee374d20 centos:7 "/bin/bash" About a minute ago Created kind_dubinsky
# docker exec -it ebc6ee374d20 /bin/bash
Error response from daemon: Container ebc6ee374d20c2bcde59f6ee22493e012e88ac7f2320036b9bac0467afa86ab1 is not running
Ensuite je n’ai pas toujours la même chose :
# docker run -d centos:7
Unable to find image 'centos:7' locally
7: Pulling from library/centos
2d473b07cdd5: Pull complete
Digest: sha256:0f4ec88e21daf75124b8a9e5ca03c37a5e937e0e108a255d890492430789b60e
Status: Downloaded newer image for centos:7
4bca320c9b43e7f64c4b8a5e3e4bb34abf537af4c996b505a1059a0e688d32a7
docker: Error response from daemon: transport is closing: unavailable.
# docker run -d centos:7
b80a4d473d134e4cefa41eeac664815b2508847368d21a09199852857134dbf5
docker: Error response from daemon: OCI runtime create failed: unable to retrieve OCI runtime error (open /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/b80a4d473d134e4cefa41eeac664815b2508847368d21a09199852857134dbf5/log.json: no such file or directory): runc did not terminate sucessfully: unknown.
Au niveau des versions utilisées, j’ai découvert que Kubernetes n’avait pas de dépôt pour Debian, seulement pour Ubuntu. Alors je ne sais pas si mon problème pourrait venir de là, peut-être… Qu’en pensez-vous ?
# cat /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
# dpkg -l |grep kube
hi kubeadm 1.20.4-00 amd64 Kubernetes Cluster Bootstrapping Tool
hi kubectl 1.20.4-00 amd64 Kubernetes Command Line Tool
hi kubelet 1.20.4-00 amd64 Kubernetes Node Agent
ii kubernetes-cni 0.8.7-00 amd64 Kubernetes CNI
# dpkg -l |grep -E 'runc|container|docker'
rc docker-engine 1.11.2-0~xenial amd64 Docker: the open-source application container engine
ii docker.io 18.09.1+dfsg1-7.1+deb10u3 amd64 Linux container runtime
ii libnss-mymachines:amd64 241-7~deb10u6 amd64 nss module to resolve hostnames for local container instances
ii runc 1.0.0~rc6+dfsg1-3 amd64 Open Container Project - runtime
ii systemd-container 241-7~deb10u6 amd64 systemd container/nspawn tools
ii tini 0.18.0-1 amd64 tiny but valid init for containers
Par où dois-je commencer ?
Pensez-vous que la meilleure chose à faire soit de tenter à nouveau l’exercice sous CentOS 7 ?
Question subsidiaire : Quel est votre avis sur la hype Kubernetes/Conteneurisation/IAC ? Je découvre ça (avec Rancher et bientôt Openshift) et je trouve que ça sent très fort la peinture fraîche ! La normalisation est à peine entamée (OCI/CNI) avec encore un tas de technologies récentes qui s’affrontent, des projets qui voient les choses tous un peu différement. Et vous, quel est votre avis (éclairé ou non !) sur la question ?
# Ressources
Posté par claudex . Évalué à 3.
Cela semble bizarre. Au niveua des ressources, tu as assez de RAM (pas d'oomkiller dans dmesg ?), assez de disque ?
Au niveau des limites systèmes, tout est aussi ok ? pas de limites atteinte avec ulimit ? avec systemd https://unix.stackexchange.com/a/255603 ?
« Rappelez-vous toujours que si la Gestapo avait les moyens de vous faire parler, les politiciens ont, eux, les moyens de vous faire taire. » Coluche
# Firewall ?
Posté par Sébastien Rohaut . Évalué à 1. Dernière modification le 03 mars 2021 à 10:31.
Bonjour,
Côté firewall, tu as bien ouvert tout ce qu'il fallait ? Tes pods communiquent entre eux (flux/routage des interfaces cni0, range 10.x ouvert, etc.) ?
[^] # Re: Firewall ?
Posté par Sébastien Rohaut . Évalué à 1.
Je me réponds à moi même, mais à l'énoncé de tes soucis, tes soucis semblent plus liés à l'instabilité de ton infra, voire de tes machines.
As-tu tout d'abord essayé avec un simple "minikube" pour voir ? Et ensuite, un modèle 1 Master/1-3 nodes me semble plus pertinent pour tester les choses en "vrai", voire (comme je le fais actuellement), trois masters/quatre nodes pour avoir un vrai simulacre de cluster.
Avec les fressources qui vont bien. J'ai un cluster k8s de 3 masters et 4 nodes, deux vcpus par machine, 2 Go par master, 2/4 Go par node, qui tourne comme une horloge. Sous du Virtualbox (machine huit coeurs et 32 Go).
Concernant le "c'est pas sec", je joue avec Kubernetes et Openshift depuis 2015, et les containers depuis 2013, et si je constate parfois des soucis, des bugs, des comportements parfois surprenants (par exemple sur le mécanisme d'éviction des pods depuis k8s 1.18), c'est assez fiable, selon les implémentations des grand éditeurs (Un openshift 4.x est bien pllus testé et intégré qu'une install k8s maison). Reste que k8s avance vite, parfois trop vite, et il faut savoir se poser sur une version stabilisése plutôt que de courir vers les toutes dernières releases.
Suivre le flux des commentaires
Note : les commentaires appartiennent à celles et ceux qui les ont postés. Nous n’en sommes pas responsables.