Shulou(Shulou.com)06/02 Report--

At first, according to the relevant documentation, turn on the privileged mode of the apiserver, kubelet node-- allow-privileged=true, and then execute it as the document of ali, which will not run at all. Refer to the issue in github to find out why it doesn't work, but the reply is unknown, and it does mention the need to support fuse on the host.

Start self-troubleshooting: unable to search for relevant information, download source code, compile and troubleshoot

Git clone https://github.com/denverdino/lxcfs-initializer.git

We can also know from Dockfile that the library and other files in it are not suitable for your version. At present, you just need to get him running, and then execute the content of the start.sh script inside to see where the specific error is.

The contents of lxcfs-image/Dockerfile changes according to your environment are as follows: FROM daocloud.io/centos:7.3.1611RUN yum-y install fuse fuse-devel pam-devel wget install gcc automake autoconf libtool makeENV LXCFS_VERSION 2.0.8RUN wget https://linuxcontainers.org/downloads/lxcfs/lxcfs-$LXCFS_VERSION.tar.gz & &\ mkdir / lxcfs & & tar xzvf lxcfs-$LXCFS_VERSION.tar.gz-C / lxcfs--strip-components=1 & &\ cd / lxcfs & &. / configure & & Make & & make installSTOPSIGNAL SIGINTADD start.sh / CMD ["/ bin/sleep" "10000"]

Build lxcfs:sleep Mirror

[root@ns-yun-020037] # cd lxcfs-initializer/docker build-t lxcfs:sleep lxcfs-image

Change the image name to lxcfs:sleep according to the yaml file of the original daemonSet

Enter the node container to locate the problem, and execute the relevant commands according to the / start.sh script It can be seen that the file lxcfs [root@yun-020040 ~] # docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES4e1cb10dd73e xxx:80/test/lxcfs "/ bin/sleep 10000" 52 seconds ago Up 51 seconds k8s_lxcfs_lxcfs-4m5g7_default_b1306fd2-3bd4-11e9-bb5d-ec388f7928b2_0 [root@yun-020040 ~] # docker exec-it 4e1cb10dd73e / bin/bash [root@lxcfs-4m5g7 /] # [root@lxcfs-4m5g7 /] # nsenter-m/proc/ cannot be found when the last step is executed. 1/ns/mnt fusermount-u / var/lib/lxcfs 2 > / dev/null | | true [root@lxcfs-4m5g7 /] # nsenter-m/proc/1/ns/mnt [- L / etc/mtab] | | sed-I "/ ^ lxcfs\ / var\ / lib\ / lxcfs fuse.lxcfs/d" / etc/mtab [root@lxcfs-4m5g7 /] # mkdir-p / usr/local/lib/lxcfs / var/lib/lxcfs [root@lxcfs-4m5g7 /] # exec nsenter-m/proc/1/ Ns/mnt lxcfs/ var/lib/lxcfs/nsenter: failed to execute lxcfs: No such file or directory

According to the contents of Dockerfile, the container should actually have this file.

Https://github.com/denverdino/lxcfs-initializer/blob/master/lxcfs-image/Dockerfile

Directly use the docker way to start to see if there is a problem, execute the start.sh command, can be executed normally

[root@yun-020040 ~] # docker run-- privileged=true-it lxcfs:sleep / bin/bash [root@10ca4ad41ce4 /] # nsenter-m/proc/1/ns/mnt fusermount-u / var/lib/lxcfs 2 > / dev/null | | true [root@10ca4ad41ce4 /] # nsenter-m/proc/1/ns/mnt [- L / etc/mtab] | | sed-I "/ ^ lxcfs\ / var\ / lib\ / lxcfs fuse.lxcfs/d" / etc/mtab [root@10ca4ad41ce4 /] # mkdir- P / usr/local/lib/lxcfs / var/lib/lxcfs [root@10ca4ad41ce4 /] # exec nsenter-m/proc/1/ns/mnt lxcfs/ var/lib/lxcfs/hierarchies:0: fd: 5: perf_event1: fd: 6: hugetlb2: fd: 7: pids3: fd: 8: cpuacct Cpu4: fd: 9: blkio5: fd: 10: devices6: fd: 11: cpuset7: fd: 12: memory8: fd: 13: freezer9: fd: 14: net_prio,net_cls10: fd: 15: name=systemd look back at the yaml file of K8s It contains files that are mounted to the host's / usr/local directory and are hosted, as shown in bold below: volumeMounts:- name: cgroupmountPath: / sys/fs/cgroup- name: lxcfsmountPath: / var/lib/lxcfsmountPropagation: Bidirectional- name: usr-local**mountPath: / usr/local**volumes:- name: cgrouphostPath:path: / sys/fs/cgroup**- name: usr-local**hostPath:path: / usr/local- name: lxcfshostPath:path: / var/lib/lxcfstype: DirectoryOrCreate

Remove the mount of / usr/local from the yaml file to see if the lxcfs file inside the container can be used normally. It failed after verification.

According to this hint, install and deploy lxcfs on the host again, and then run daemonSet, and the program runs normally.

Test results:

This project only hosts the startup process of the host to daemonSet to facilitate unified management, and the host also has to provide related binaries such as lib library.

Further analyze the contents of his init container, main.go, to facilitate mounting the directory.

Flag.StringVar (& annotation, "annotation", defaultAnnotation, "The annotation to trigger initialization") flag.StringVar (& initializerName, "initializer-name", defaultInitializerName, "The initializer name") flag.StringVar (& namespace, "namespace", "default", "The configuration namespace") flag.BoolVar (& requireAnnotation, "require-annotation", true, "Require annotation for initialization") flag.Parse () log.Println () log.Printf ("Initializer name set to:% s", initializerName) clusterConfig Err: = rest.InClusterConfig () if err! = nil {log.Fatal (err.Error ())} clientset Err: = kubernetes.NewForConfig (clusterConfig) if err! = nil {log.Fatal (err)} / /-v / var/lib/lxcfs/proc/cpuinfo:/proc/cpuinfo:rw//-v / var/lib/lxcfs/proc/diskstats:/proc/diskstats:rw//-v / var/lib/lxcfs/proc/meminfo:/proc/meminfo:rw//-v / var/lib/lxcfs/proc/stat:/proc/stat:rw//-v / var/ Lib/lxcfs/proc/swaps:/proc/swaps:rw//-v / var/lib/lxcfs/proc/uptime:/proc/uptime:rwc: = & config {volumeMounts: [] corev1.VolumeMount {corev1.VolumeMount {Name: "lxcfs-proc-cpuinfo" MountPath: "/ proc/cpuinfo",}

Reference:

Https://www.alibabacloud.com/blog/kubernetes-demystified%3A-using-lxcfs-to-improve-container-resource-visibility_594109?spm=a2c41.12195345.0.0

Https://github.com/denverdino/lxcfs-initializer

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.