[英]What does it means “can't set sysctl net/ipv4/vs/conn_reuse_mode” when set ipvs mode whith k8s?
When I modify kube-proxy mode from iptales to ipvs, after restart the kube-proxy, "kubectl logs kube-proxy" return the following error:当我将 kube-proxy 模式从 iptales 修改为 ipvs 时,重新启动 kube-proxy 后,“kubectl logs kube-proxy”返回以下错误:
server.go:485] unable to create proxier: can't set sysctl net/ipv4/vs/conn_reuse_mode: open /proc/sys/net/ipv4/vs/conn_reuse_mode: no such file or directory server.go:485] 无法创建代理:无法设置 sysctl net/ipv4/vs/conn_reuse_mode:打开 /proc/sys/net/ipv4/vs/conn_reuse_mode:没有这样的文件或目录
And I confirmcon that I have installed dependent kernel modules by following cmd:我确认我已经按照 cmd 安装了相关的 kernel 模块:
lsmod | lsmod | grep ip_vs lsmod |
grep ip_vs lsmod | grep conntrack
grep conntrack
All are ok,so what should I do with the above error?一切正常,那么我应该如何处理上述错误?
What modifications are you exactly introducing to your kube-proxy
and how?您究竟对您的
kube-proxy
进行了哪些修改以及如何修改? If you are only setting ipvs mode you can do it in a way described here and there shouldn't be any problems.如果您只是设置 ipvs 模式,您可以按照此处描述的方式进行设置,应该不会有任何问题。
If you're also configuring some additional sysctls
in the securityContext
of your kube-proxy
Pods
, you may need to consider the following.如果您还在
kube-proxy
Pods
securityContext
中配置了一些额外的sysctls
,您可能需要考虑以下事项。
Keep in mind that there are so called safe and unsafe sysctls.请记住,有所谓的安全和不安全 sysctl。 As you can read here :
你可以在这里阅读:
All safe sysctls are enabled by default.
默认情况下启用所有安全sysctl。
All unsafe sysctls are disabled by default and must be allowed manually by the cluster admin on a per-node basis.
默认情况下禁用所有不安全的 sysctl,并且必须由集群管理员在每个节点的基础上手动允许。 Pods with disabled unsafe sysctls will be scheduled, but will fail to launch.
将安排禁用不安全 sysctl 的 Pod,但将无法启动。
With the warning above in mind, the cluster admin can allow certain unsafe sysctls for very special situations such as high-performance or real-time application tuning.
考虑到上述警告,集群管理员可以允许某些不安全的 sysctl 用于非常特殊的情况,例如高性能或实时应用程序调整。 Unsafe sysctls are enabled on a node-by-node basis with a flag of the kubelet;
使用 kubelet 标志逐个节点启用不安全的 sysctl; for example:
例如:
kubelet --allowed-unsafe-sysctls \ 'kernel.msg*,net.core.somaxconn'...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.