1、问题现象
[root@master35 scripts]# ./list_pod.sh | grep imis
imis-866d46c464-nvz4b 0/1 ContainerCreating 0 3m <none> node149
1 2 |
|
2、原因分析
[root@node149 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/cl-root 36G 30G 6G 86% / devtmpfs 7.8G 0 7.8G 0% /dev tmpfs 7.8G 0 7.8G 0% /dev/shm tmpfs 7.8G 9.3M 7.8G 1% /run tmpfs 7.8G 0 7.8G 0% /sys/fs/cgroup /dev/sda1 1014M 186M 829M 19% /boot 由于这是测试环境,所以docker的目录,默认在/var/lib/docker,没有单独挂载别的目录,这样的话,也没加定时任务清理磁盘,/ 磁盘就会越来越满,现在看是用了86%
1 |
|
3、解决方案
每个node上的kubelet都负责定期采集资源占用数据,并与预设的 threshold值进行比对,如果超过 threshold值,kubelet就会尝试杀掉一些Pod以回收相关资源,对Node进行保护。kubelet关注的资源指标threshold大约有如下几种:
- memory.available
- nodefs.available
- nodefs.inodesFree
- imagefs.available
- imagefs.inodesFree
每种threshold又分为eviction-soft和eviction-hard两组值。soft和hard的区别在于前者在到达threshold值时会给pod一段时间优雅退出,而后者则崇尚“暴力”,直接杀掉pod,没有任何优雅退出的机会。这里还要提一下nodefs和imagefs的区别:
1 2 |
|
4、解决步骤
我们需要为kubelet重新设定nodefs.available的threshold值。怎么做呢?
kubelet是运行于每个kubernetes node上的daemon,它在system boot时由systemd拉起:
root@master35 ~# ps -ef|grep kubelet
root 5718 5695 0 16:38 pts/3 00:00:00 grep --color=auto kubelet
root 13640 1 4 10:25 ? 00:17:25 /usr/bin/kubelet --kubeconfig=/etc/kubernetes/kubelet.conf --require-kubeconfig=true --pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --cluster-dns=10.96.0.10 --cluster-domain=cluster.local --authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt --cadvisor-port=0
查看一下kubelet service的状态:
[root@master35 scripts]# systemctl status kubelet ● kubelet.service - kubelet: The Kubernetes Node Agent Loaded: loaded (/etc/systemd/system/kubelet.service; enabled; vendor preset: disabled) Drop-In: /etc/systemd/system/kubelet.service.d └─10-kubeadm.conf Active: active (running) since Thu 2018-07-19 21:04:35 CST; 8 months 29 days ago Docs: http://kubernetes.io/docs/ Main PID: 1921 (kubelet) Tasks: 19 Memory: 54.9M CGroup: /system.slice/kubelet.service └─1921 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --pod-manifest-path=... Apr 14 09:26:16 master35 kubelet[1921]: W0414 09:26:16.673359 1921 reflector.go:341] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: watch o...(56737582) Apr 15 06:36:48 master35 kubelet[1921]: W0415 06:36:48.938194 1921 reflector.go:341] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: watch o...(56940044)
我们定义一个新的Environment var,比如就叫:KUBELET_EVICTION_POLICY_ARGS 在/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
Environment="KUBELET_EVICTION_POLICY_ARGS=--eviction-hard=nodefs.available<5%"
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_EXTRA_ARGS $KUBELET_EVICTION_POLICY_ARGS
这样控制,node的磁盘策略为<5%的硬盘就可以用,不像之前默认的15%就用不了了!
