Docker K8s 12 Kubeadm Kube-DNS Always Pending

taints that the pod didn’t tolerate

使用 Kubeadm 启动集群后, 发现部署 Pod 一直失败.

根据 kubectl get pods -n kube-system 查看系统 Pod 服务状态, 发现 kube-dns 服务一直处于 Pending 状态.

查看详细信息 kubectl describe pods -n kube-system coredns-6955765f44-v96xl

Name:                 coredns-6955765f44-v96xl
Namespace:            kube-system
Priority:             2000000000
Priority Class Name:  system-cluster-critical
Node:                 <none>
Labels:               k8s-app=kube-dns
                      pod-template-hash=6955765f44
Annotations:          <none>
Status:               Pending
IP:
IPs:                  <none>
Controlled By:        ReplicaSet/coredns-6955765f44
Containers:
  coredns:
    Image:       k8s.gcr.io/coredns:1.6.5
    Ports:       53/UDP, 53/TCP, 9153/TCP
    Host Ports:  0/UDP, 0/TCP, 0/TCP
    Args:
      -conf
      /etc/coredns/Corefile
    Limits:
      memory:  170Mi
    Requests:
      cpu:        100m
      memory:     70Mi
    Liveness:     http-get http://:8080/health delay=60s timeout=5s period=10s #success=1 #failure=5
    Readiness:    http-get http://:8181/ready delay=0s timeout=1s period=10s #success=1 #failure=3
    Environment:  <none>
    Mounts:
      /etc/coredns from config-volume (ro)
      /var/run/secrets/kubernetes.io/serviceaccount from coredns-token-n9jl4 (ro)
Conditions:
  Type           Status
  PodScheduled   False
Volumes:
  config-volume:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      coredns
    Optional:  false
  coredns-token-n9jl4:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  coredns-token-n9jl4
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  beta.kubernetes.io/os=linux
Tolerations:     CriticalAddonsOnly
                 node-role.kubernetes.io/master:NoSchedule
                 node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason            Age                 From               Message
  ----     ------            ----                ----               -------
  Warning  FailedScheduling  50s (x55 over 75m)  default-scheduler  0/4 nodes are available: 4 node(s) had taints that the pod didn't tolerate.

解决方案为 Master Node 下载安装 flannel:

wget "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml" -O kube-flannel.yaml
kubectl apply -f kube-flannel.yaml

/etc/kubernetes/kubelet.conf already exists

在已经执行过 kubeadm join 的机器上, 重新执行 join 操作报错:

W1217 00:31:41.527138   18021 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
	[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
	[WARNING Hostname]: hostname "test-lianghua-8" could not be reached
	[WARNING Hostname]: hostname "test-lianghua-8": lookup test-lianghua-8 on 100.100.2.138:53: no such host
error execution phase preflight: [preflight] Some fatal errors occurred:
	[ERROR FileAvailable--etc-kubernetes-kubelet.conf]: /etc/kubernetes/kubelet.conf already exists
	[ERROR FileAvailable--etc-kubernetes-bootstrap-kubelet.conf]: /etc/kubernetes/bootstrap-kubelet.conf already exists
	[ERROR Port-10250]: Port 10250 is in use
	[ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher

解决方案, 在 join 之前先进行 reset 操作:

sudo kubeadm reset -f
sudo kubeadm join 192.168.254.7:6443 --token go5sqe.x8d1ytmo8oqwgjo1 \
  --discovery-token-ca-cert-hash sha256:21a93ede839f88f8431a49bb73e5875a40e8d6fa1cbb54b865433870556bd1da

参考: https://blog.csdn.net/u012999810/article/details/79560386