Containerd及K3S常见问题整理
Containerd及K3S常见问题整理
官方社区:https://forums.rancher.cn
安装K3S方式:https://docs.rancher.cn/docs/k3s/installation/airgap/_index
K3S 配置路径:/var/lib/rancher/k3s/server
K3S 日志路径:
K3s 日志的位置将根据你运行 K3s 的方式和节点的操作系统而有所不同。
从命令行运行时,日志将发送到 stdout 和 stderr。
使用 openrc 运行时,将在 /var/log/k3s.log 中创建日志。
使用 systemd 运行时,日志将发送到 Journald 并可以使用 journalctl -u k3s 查看。
Pod 日志在 /var/log/pods 中。
Containerd 日志在 /var/lib/rancher/k3s/agent/containerd/containerd.log 中。
1、[ERROR] Failed to find the k3s-selinux policy, please install:
yum install -y container-selinux
rpm -i https://rpm.rancher.io/k3s-selinux-0.1.1-rc1.el7.noarch.rpm
2、memcache.go:287] couldn't get resource list for metrics.k8s.io/v1beta1: the server is currently unable to handle the request
缓存没建立,等1分钟重试
3、安装nerdctl报错连不上containerd
等1分钟后重试,好使是好使,但是目前在镜像库没有证书的情况没作用,不能拉取镜像(和问题4相同)
4、使用本地镜像报https(未解决)
Failed to pull image "192.168.11.6:8083/integration/betxapigateway:1.4.23.0707": rpc error: code = Unknown desc = failed to pull and unpack image "192.168.11.6:8083/integration/betxapigateway:1.4.23.0707": failed to resolve reference "192.168.11.6:8083/integration/betxapigateway:1.4.23.0707": failed to do request: Head "https://192.168.11.6:8083/v2/integration/betxapigateway/manifests/1.4.23.0707": http: server gave HTTP response to HTTPS client
# 添加镜像库,无认证
vim /etc/rancher/k3s/registries.yaml
mirrors:
"192.168.11.6:8083":
endpoint:
- "https://192.168.11.6:8083"
# 重启k3s
systemctl restart k3s
# 查看仓库
crictl info | grep -A 5 "registry"
nerdctl login -u admin --insecure-registry 192.168.3.208:5012
5、Unable to connect to the server: x509: certificate signed by unknown authority
查看证书时间
for i in `ls /var/lib/rancher/k3s/server/tls/*.crt`; do echo $i; openssl x509 -enddate -noout -in $i; done
在有效期内解决办法
rm -rf /var/lib/rancher/k3s/server/tls/dynamic-cert.json
kubectl --insecure-skip-tls-verify delete secret k3s-serving -n kube-system
service k3s restart
rm -f /var/lib/rancher/k3s/server/tls/request-header-ca.crt /var/lib/rancher/k3s/server/tls/request-header-ca.key /var/lib/rancher/k3s/server/tls/service.key /var/lib/rancher/k3s/server/tls/etcd/server-ca.key /var/lib/rancher/k3s/server/tls/client-ca.key /var/lib/rancher/k3s/server/tls/etcd/peer-ca.crt /var/lib/rancher/k3s/server/tls/etcd/peer-ca.key /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt /var/lib/rancher/k3s/server/tls/server-ca.crt /var/lib/rancher/k3s/server/tls/server-ca.key /var/lib/rancher/k3s/server/tls/client-ca.crt
service k3s restart
在有效期外解决办法
# 停止 K3s
systemctl stop k3s
# 轮换证书
k3s certificate rotate
# 启动 K3s
systemctl start k3s
本文来自博客园,作者:Jerry·,转载请注明原文链接:https://www.cnblogs.com/jerry-0910/p/18184774
