使用 k8s 设置 ipvs 模式时“无法设置 sysctl net/ipv4/vs/conn_reuse_mode”是什么意思?
[英]What does it means “can't set sysctl net/ipv4/vs/conn_reuse_mode” when set ipvs mode whith k8s?
问题描述
When I modify kube-proxy mode from iptales to ipvs, after restart the kube-proxy, "kubectl logs kube-proxy" return the following error:
当我将 kube-proxy 模式从 iptales 修改为 ipvs 时,重新启动 kube-proxy 后,“kubectl logs kube-proxy”返回以下错误:
server.go:485] unable to create proxier: can't set sysctl net/ipv4/vs/conn_reuse_mode: open /proc/sys/net/ipv4/vs/conn_reuse_mode: no such file or directory server.go:485] 无法创建代理:无法设置 sysctl net/ipv4/vs/conn_reuse_mode:打开 /proc/sys/net/ipv4/vs/conn_reuse_mode:没有这样的文件或目录
And I confirmcon that I have installed dependent kernel modules by following cmd:我确认我已经按照 cmd 安装了相关的 kernel 模块:
lsmod | lsmod | grep ip_vs lsmod | grep ip_vs lsmod | grep conntrack grep conntrack
All are ok,so what should I do with the above error?一切正常,那么我应该如何处理上述错误?
1 个解决方案
解决方案1
0 2020-06-04 14:08:21
What modifications are you exactly introducing to your kube-proxy and how?您究竟对您的kube-proxy进行了哪些修改以及如何修改? If you are only setting ipvs mode you can do it in a way described here and there shouldn't be any problems.如果您只是设置 ipvs 模式,您可以按照此处描述的方式进行设置,应该不会有任何问题。
If you're also configuring some additional sysctls in the securityContext of your kube-proxy Pods , you may need to consider the following.如果您还在kube-proxy Pods securityContext中配置了一些额外的sysctls ,您可能需要考虑以下事项。
Keep in mind that there are so called safe and unsafe sysctls.请记住,有所谓的安全和不安全 sysctl。 As you can read here :你可以在这里阅读:
All safe sysctls are enabled by default.
All unsafe sysctls are disabled by default and must be allowed manually by the cluster admin on a per-node basis.
With the warning above in mind, the cluster admin can allow certain unsafe sysctls for very special situations such as high-performance or real-time application tuning.
kubelet --allowed-unsafe-sysctls \ 'kernel.msg*,net.core.somaxconn'...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.