kubernetes指定主机联网，但是被禁止吗? [英] kubernetes specified host networking, but is disallowed?

问题描述

我遇到了这个问题. 可以通过以下步骤重播此问题.

I came across with this problem. This problem can be replayed by following steps.

重播此问题的方式. 在开始之前，我以这种模式运行docker

The way to replay this issue. Before start I run the docker in this mode

/usr/bin/docker -d -H fd:// --iptables=false

首先 运行etcd，我在docker容器上运行etcd.

Firstly Run the etcd , I run the etcd on the docker container.

docker run --net=host -d gcr.io/google_containers/etcd:2.0.12 /usr/local/bin/etcd --addr=yourHostIp:4001 --bind-addr=0.0.0.0:4001 --data-dir=/var/etcd/data

第二

docker pull gcr.io/google_containers/hyperkube:v1.0.1

通过docker run运行容器: 在容器中安装vim之后，按如下所示更改文件/etc/kubernetes/manifests/master.json:

Run the container through docker run: After install vim in the container I change the file /etc/kubernetes/manifests/master.json as follows:

{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {"name":"k8s-master"},
"spec":{
  "hostNetwork": true,
  "containers":[
    {
      "name": "controller-manager",
      "image": "gcr.io/google_containers/hyperkube:self-1.0.1",
      "command": [
              "/hyperkube",
              "controller-manager",
              "--master=yourHostIp:8080",
              "--v=2"
        ]
    },
    {
      "name": "apiserver",
      "image": "gcr.io/google_containers/hyperkube:self-1.0.1",
      "command": [
              "/hyperkube",
              "apiserver",
              "--portal-net=10.0.0.1/24",
              "--address=yourHostIp",
              "--etcd_servers=http://yourHostIp:4001",
              "--cluster_name=kubernetes",
              "--v=2"
        ]
    },
    {
      "name": "scheduler",
      "image": "gcr.io/google_containers/hyperkube:self-1.0.1",
      "command": [
              "/hyperkube",
              "scheduler",
              "--master=yourHostIp:8080",
              "--v=2"
        ]
    }
  ]
 }
}

然后，我将更改后的容器另存为gcr.io/google_containers/hyperkube:self-1.0.1

Then I save this changed container as gcr.io/google_containers/hyperkube:self-1.0.1

第三: 然后我通过跟随命令运行更改的图像

Thirdly: Then I run the changed image through follow command

docker run \
    --volume=/:/rootfs:ro \
    --volume=/sys:/sys:ro \
    --volume=/dev:/dev \
    --volume=/var/lib/docker/:/var/lib/docker:ro \
    --volume=/var/lib/kubelet/:/var/lib/kubelet:rw \
    --volume=/var/run:/var/run:rw \
    --net=host --pid=host --privileged=true -d \
    gcr.io/google_containers/hyperkube:self-1.0.1 \
    /hyperkube kubelet --containerized --hostname-override="10.4.28.51" --address="0.0.0.0" --api-servers=http://yourHostIp:8080 --allow-privileged=true --config=/etc/kubernetes/manifests

芬妮莉

{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {"name":"redis-master"},
"spec":{
  "hostNetwork": true,
  "containers":[
    {
      "name": "redis-test",
      "image": "redis:2.8"
    }
  ]
 }
}

通过上述文件创建广告连播

create pod through above file

kubectrl create -f example.json

运行时

kubectl get pod

您应该找到以下内容: 而且我想知道为什么k8s-master-yourHostIp的pod正常运行.

You should find this: And I'm wonder why the pod of k8s-master-yourHostIp running normally.

NAME                    READY     STATUS                                             RESTARTS   AGE
k8s-master-yourHostIp   3/3       Running                                            0          1h
redis-master            0/1       Image: redis:2.8 is ready, container is creating   0          6s

当您尝试

kubectl -s $(hn):8080 describe pod redis-master

您应该找到

root@XXX:~/kubernetes/examples/redis# kubectl -s $(hn):8080 describe pod redis-master
Name:               redis-master
Namespace:          default
Image(s):           redis:2.8
Node:               yourHostIp/yourHostIp
Start Time:         Tue, 08 Dec 2015 11:59:06 +0800
Labels:             <none>
Status:             Pending
Reason:
Message:
IP:             yourHostIp
Replication Controllers:    <none>
Containers:
  redis-test:
    Container ID:
    Image:      redis:2.8
    Image ID:
    State:      Waiting
      Reason:       Image: redis:2.8 is ready, container is creating
    Ready:      False
    Restart Count:  0
    Environment Variables:
Conditions:
  Type      Status
  Ready     False
No volumes.
Events:
  FirstSeen LastSeen    Count   From            SubobjectPath   Reason      Message
  ───────── ────────    ─────   ────            ─────────────   ──────      ───────
  5m        5m      1   {scheduler }                scheduled   Successfully assigned redis-master to yourHostIp
  5m        8s      34  {kubelet yourHostIp}            failedSync  Error syncing pod, skipping: pod with UID "06b96a71-9d60-11e5-ae3c-008cfaeeacb2" specified host networking, but is disallowed

那么我有什么误会吗?

推荐答案

添加以下kubelet标志: --host-network-sources ="*"

Add the following kubelet flag: --host-network-sources="*"

这是Kubernetes 1.1及更高版本中的默认设置.如果可以的话，我建议更新到1.1.7.

This is the default in Kubernetes 1.1 and later. I recommend updating to 1.1.7, if you can.

这篇关于kubernetes指定主机联网，但是被禁止吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！