如何修复等待 kubelet 从目录“/etc/kube.netes/manifests”中将控制平面启动为 static Pod 时的超时

Question

I am trying to install Kuberentes 1.15 on Centos 7 but Kubeadm init keeps fail at Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kube.netes/manifests"

[root@kmaster manifests]# kubeadm init
--apiserver-advertise-address=10.0.15.10 --pod-network-cidr=10.244.0.0/16 [init] Using Kubernetes version: v1.15.3 [preflight] Running pre-flight checks
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.1. Latest validated version:
18.09 [preflight] Pulling images required for setting up a Kubernetes cluster [preflight] This might take a minute or two, depending on the speed of your internet connection
    [preflight] You can also perform this action in beforehand using kubeadm config images pull

I could see couple of warnings, for the cgroups my understanding that after 1.11 it should pick up the right cfgroup, if not kindly advise how to fix it or if it is related to the main issue

[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.

Unfortunately, an error has occurred:
        timed out waiting for the condition

This error is likely caused by:
        - The kubelet is not running
        - The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)

If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
        - 'systemctl status kubelet'
        - 'journalctl -xeu kubelet'

Additionally, a control plane component may have crashed or exited when started by the container runtime.
To troubleshoot, list all containers using your preferred container runtimes CLI, e.g. docker.
Here is one example how you may list all Kubernetes containers running in docker:
        - 'docker ps -a | grep kube | grep -v pause'
        Once you have found the failing container, you can inspect its logs with:
        - 'docker logs CONTAINERID'
error execution phase wait-control-plane: couldn't initialize a Kubernetes cluster
[root@kmaster manifests]#


[root@kmaster manifests]# kubeadm init --apiserver-advertise-address=10.0.15.10 --pod-network-cidr=10.244.0.0/16
[init] Using Kubernetes version: v1.15.3
[preflight] Running pre-flight checks
        [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.1. Latest validated version: 18.09
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Activating the kubelet service
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kmaster kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 10.0.15.10]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [kmaster localhost] and IPs [10.0.15.10 127.0.0.1 ::1]
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [kmaster localhost] and IPs [10.0.15.10 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.

Unfortunately, an error has occurred:
        timed out waiting for the condition

This error is likely caused by:
        - The kubelet is not running
        - The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)

If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
        - 'systemctl status kubelet'
        - 'journalctl -xeu kubelet'

Additionally, a control plane component may have crashed or exited when started by the container runtime.
To troubleshoot, list all containers using your preferred container runtimes CLI, e.g. docker.
Here is one example how you may list all Kubernetes containers running in docker:
        - 'docker ps -a | grep kube | grep -v pause'
        Once you have found the failing container, you can inspect its logs with:
        - 'docker logs CONTAINERID'
error execution phase wait-control-plane: couldn't initialize a Kubernetes cluster
[root@kmaster manifests]#

[root@kmaster manifests]# journalctl -xeu kubelet
Aug 25 14:17:08 kmaster kubelet[24756]: E0825 14:17:08.068707   24756 kubelet.go:2248] node "kmaster" not found
Aug 25 14:17:08 kmaster kubelet[24756]: E0825 14:17:08.169804   24756 kubelet.go:2248] node "kmaster" not found
Aug 25 14:17:08 kmaster kubelet[24756]: E0825 14:17:08.270287   24756 kubelet.go:2248] node "kmaster" not found
Aug 25 14:17:08 kmaster kubelet[24756]: E0825 14:17:08.370660   24756 kubelet.go:2248] node "kmaster" not found
Aug 25 14:17:08 kmaster kubelet[24756]: E0825 14:17:08.471301   24756 kubelet.go:2248] node "kmaster" not found
Aug 25 14:17:08 kmaster kubelet[24756]: E0825 14:17:08.571726   24756 kubelet.go:2248] node "kmaster" not found

[root@kmaster manifests]# systemctl status kubelet
● kubelet.service - kubelet: The Kubernetes Node Agent
   Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/kubelet.service.d
           └─10-kubeadm.conf
   Active: active (running) since Sun 2019-08-25 13:58:18 EDT; 27min ago
     Docs: https://kubernetes.io/docs/
 Main PID: 24756 (kubelet)
    Tasks: 16
   Memory: 37.2M
   CGroup: /system.slice/kubelet.service
           └─24756 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --conf...

Aug 25 14:25:24 kmaster kubelet[24756]: E0825 14:25:24.825290   24756 kubelet.go:2248] node "kmaster" not found
Aug 25 14:25:25 kmaster kubelet[24756]: E0825 14:25:25.071450   24756 kubelet.go:2248] node "kmaster" not found
Aug 25 14:25:25 kmaster kubelet[24756]: E0825 14:25:25.172702   24756 enter code herekubelet.go:2248] node "kmaster" not found
Aug 25 14:25:25 kmaster kubelet[24756]: E0825 14:25:25.277570   24756 kubelet.go:2248] node "kmaster" not found
Aug 25 14:25:25 kmaster kubelet[24756]: E0825 14:25:25.378218   24756 kubelet.go:2248] node "kmaster" not found
Aug 25 14:25:25 kmaster kubelet[24756]: E0825 14:25:25.478339   24756 kubelet.go:2248] node "kmaster" not found

Answer 1

I dont know how you pre-configured a node prior to cluster initialization but I can show you the way it works.

1) Reset cluster

sudo kubeadm reset
rm -rf .kube/
sudo rm -rf /etc/kubernetes/
sudo rm -rf /var/lib/kubelet/
sudo rm -rf /var/lib/etcd

2) put SELinux to permissive mode

setenforce 0 

3) enable net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables

sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
modprobe br_netfilter 

cat <<EOF >  /etc/sysctl.d/kube.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system

4) Add Kube repo fo kubeadm , kubelet , kubectl components:

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kube*
EOF

5) Install ans start Kube components ans services:

yum update && yum upgrade && yum install -y docker kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl start docker kubelet && systemctl enable docker kubelet

6) kubeadm init

kubeadm init --pod-network-cidr=10.244.0.0/16 -v=9

Result:

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join *.*.*.*:6443 --token ******.****************** \
    --discovery-token-ca-cert-hash sha256:******************************************************* 

Next you should: - apply CNI ( Flannel if you use --pod-network-cidr=10.244.0.0/16 ) - join worker nodes

Answer 2

maybe you should check some logs, we could use command,like " journalctl -xeu kubelet"

with my environment, i check my log enter image description here

and i create this file, "touch /etc/reolv.conf" when i create reolv.conf file, kubeadm init successfully.