在k8s新增节点后,发现docker 容器都没有启动成功,用以下命令可以看到输出的错误日志:
1
2
3
4
5
6
7
8
journalctl -f -u kubelet
pod_workers.go:191] Error syncing pod 9de3475b-03b9-44dc-a810-7fb73b244ba0 ("kube-proxy-tmkm6_kube-system(9de3475b-03b9-44dc-a810-7fb73b244ba0)"),
skipping: failed to "CreatePodSandbox" for "kube-proxy-tmkm6_kube-system(9de3475b-03b9-44dc-a810-7fb73b244ba0)"
with CreatePodSandboxError: "CreatePodSandbox for pod \"kube-proxy-tmkm6_kube-system(9de3475b-03b9-44dc-a810-7fb73b244ba0)\"
failed: rpc error: code = Unknown desc = failed to start sandbox container for pod \"kube-proxy-tmkm6\":
Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused \"process_linux.go:449:
container init caused \\\"write /proc/self/attr/keycreate: permission denied\\\"\": unknown"
很明显原因是 /proc/self/attr/keycreate 这个文件没有写入权限,需要关闭 SELINUX: 把 /etc/selinux/config 中的的SELINUX值修改为disabled。
1
SELINUX=disabled
然后重启服务器即可。