我们正在尝试使用 canal pod 网络管理器向我们基于 centos 的 kubernetes 集群添加一个 windows 节点。
为此,我们构建了一个 windows server 1709 虚拟机,并严格按照本指南https://docs.microsoft.com/en-us/virtualization/windowscontainers/kubernetes/getting-started-kubernetes-windows操作。
事实上,powershell脚本成功加入集群
NAME STATUS ROLES AGE VERSION EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
k8s-node-01 Ready master 19d v1.9.3 <none> CentOS Linux 7 (Core) 3.10.0-693.17.1.el7.x86_64 docker://1.12.6
k8s-node-02 Ready <none> 19d v1.9.3 <none> CentOS Linux 7 (Core) 3.10.0-693.17.1.el7.x86_64 docker://1.12.6
k8s-node-03 Ready <none> 19d v1.9.3 <none> CentOS Linux 7 (Core) 3.10.0-693.17.1.el7.x86_64 docker://1.12.6
k8s-wnode-01 Ready <none> 17h v1.9.3 <none> Windows Server Datacenter 10.0.16299.125
我们甚至部署了一个基于 Windows 的示例应用程序及其正在运行的服务。
default win-webserver-5c4c6df67f-2zllt 1/1 Running 0 20m 10.244.8.77 k8s-wnode-01
default win-webserver NodePort 10.106.133.105 <none> 80:32415/TCP 23h app=win-webserver
但是通过 nodeport 方式无法访问 pod。深入研究这个问题,我们发现 canal 和 kube-proxy pod 都被卡住了
kube-system canal-dm7gl 3/3 Running 3 15d 172.16.8.102 k8s-node-01
kube-system canal-jf5b5 3/3 Running 4 15d 172.16.8.104 k8s-node-02
kube-system canal-kd8nw 3/3 Running 3 15d 172.16.8.105 k8s-node-03
kube-system canal-tmxk5 0/3 ContainerCreating 0 18h 192.168.0.1 k8s-wnode-01
kube-system kube-proxy-fmpvf 1/1 Running 10 19d 172.16.8.102 k8s-node-01
kube-system kube-proxy-gpb68 1/1 Running 7 19d 172.16.8.104 k8s-node-02
kube-system kube-proxy-l7wjv 1/1 Running 6 19d 172.16.8.105 k8s-node-03
kube-system kube-proxy-phqr7 0/1 ContainerCreating 0 18h 192.168.0.1 k8s-wnode-01
通过描述这些豆荚,这些问题似乎是无关的:
$ kubectl describe pod kube-proxy-phqr7 -n kube-system
Normal SuccessfulMountVolume 21m kubelet, k8s-wnode-01 MountVolume.SetUp succeeded for volume "kube-proxy-token-4cdx4"
Normal SuccessfulMountVolume 21m kubelet, k8s-wnode-01 MountVolume.SetUp succeeded for volume "lib-modules"
Normal SuccessfulMountVolume 21m kubelet, k8s-wnode-01 MountVolume.SetUp succeeded for volume "kube-proxy"
Warning FailedMount 3m (x17 over 21m) kubelet, k8s-wnode-01 MountVolume.SetUp failed for volume "xtables-lock" : open /run/xtables.lock: The system cannot find the path specified.
Warning FailedMount 1m (x9 over 19m) kubelet, k8s-wnode-01 Unable to mount volumes for pod "kube-proxy-phqr7_kube-system(6e18e3c8-2154-11e8-827c-000c299d5d24)": timeout expired waiting for volumes to attach/mount for pod "kube-system"/"kube-proxy-phqr7". list of unattached/unmounted volumes=[xtables-lock]
$ kubectl describe pod canal-tmxk5 -n kube-system
Normal SuccessfulMountVolume 22m kubelet, k8s-wnode-01 MountVolume.SetUp succeeded for volume "run"
Normal SuccessfulMountVolume 22m kubelet, k8s-wnode-01 MountVolume.SetUp succeeded for volume "canal-token-9twgx"
Normal SuccessfulMountVolume 22m kubelet, k8s-wnode-01 MountVolume.SetUp succeeded for volume "lib-modules"
Normal SuccessfulMountVolume 22m kubelet, k8s-wnode-01 MountVolume.SetUp succeeded for volume "cni-bin-dir"
Normal SuccessfulMountVolume 22m kubelet, k8s-wnode-01 MountVolume.SetUp succeeded for volume "cni-net-dir"
Normal SuccessfulMountVolume 22m kubelet, k8s-wnode-01 MountVolume.SetUp succeeded for volume "flannel-cfg"
Normal SandboxChanged 22m (x9 over 22m) kubelet, k8s-wnode-01 Pod sandbox changed, it will be killed and re-created.
Warning FailedCreatePodSandBox 2m (x311 over 22m) kubelet, k8s-wnode-01 Failed create pod sandbox.
什么是 xtables-lock 以及为什么 windows 节点在代理的秘密卷中缺少此文件?
为什么 pod 沙箱(它是什么?)无法为 canal 创建,我应该在哪里查找更多信息?
windows kubernetes 节点的文档真的很缺乏,我不知道在哪里看,因为所有的谷歌结果都是关于 linux 节点的,我似乎找不到在 windows 上应用建议修复的方法,因为它是一个完全不同的环境。
以下是 Windows 节点上 kubelet 控制台的日志转储
E0307 11:03:32.011134 80996 kubelet.go:1624] Unable to mount volumes for pod "kube-proxy-phqr7_kube-system(6e18e3c8-2154-11e8-827c-000c299d5d24)": timeout expired waiting for volumes to attach/mount for pod "kube-system"/"kube-proxy-phqr7". list of unattached/unmounted volumes=[xtables-lock]; skipping pod
E0307 11:03:32.011134 80996 pod_workers.go:186] Error syncing pod 6e18e3c8-2154-11e8-827c-000c299d5d24 ("kube-proxy-phqr7_kube-system(6e18e3c8-2154-11e8-827c-000c299d5d24)"), skipping: timeout expired waiting for volumes to attach/mount for pod "kube-system"/"kube-proxy-phqr7". list of unattached/unmounted volumes=[xtables-lock]
I0307 11:03:32.011134 80996 server.go:231] Event(v1.ObjectReference{Kind:"Pod", Namespace:"kube-system", Name:"kube-proxy-phqr7", UID:"6e18e3c8-2154-11e8-827c-000c299d5d24", APIVersion:"v1", ResourceVersion:"2241119", FieldPath:""}): type: 'Warning' reason: 'FailedMount' Unable to mount volumes for pod "kube-proxy-phqr7_kube-system(6e18e3c8-2154-11e8-827c-000c299d5d24)": timeout expired waiting for volumes to attach/mount for pod "kube-system"/"kube-proxy-phqr7". list of unattached/unmounted volumes=[xtables-lock]
...
I0307 11:03:32.633168 80996 kuberuntime_manager.go:853] getSandboxIDByPodUID got sandbox IDs ["590cac5a4ba9ec641835823eab19250a8d7984d3ba95da3c79af486f021d2161" "fb9dd26c3f6f26034aec38d2a82efe063ab30e0316323d7514556d8e74455b5d" "5b7de8875db3942b2b0d7538c0b5204c55fa405f9835995e68a15886f0c9e149"] for pod "canal-tmxk5_kube-system(6e16e04d-2154-11e8-827c-000c299d5d24)"
I0307 11:03:32.640170 80996 generic.go:380] PLEG: Write status for canal-tmxk5/kube-system: &container.PodStatus{ID:"6e16e04d-2154-11e8-827c-000c299d5d24", Name:"canal-tmxk5", Namespace:"kube-system", IP:"", ContainerStatuses:[]*container.ContainerStatus{}, SandboxStatuses:[]*runtime.PodSandboxStatus{(*runtime.PodSandboxStatus)(0xc042a334f0), (*runtime.PodSandboxStatus)(0xc042a337c0), (*runtime.PodSandboxStatus)(0xc042a33ae0)}} (err: <nil>)
I0307 11:03:32.644184 80996 kubelet.go:1880] SyncLoop (PLEG): "canal-tmxk5_kube-system(6e16e04d-2154-11e8-827c-000c299d5d24)", event: &pleg.PodLifecycleEvent{ID:"6e16e04d-2154-11e8-827c-000c299d5d24", Type:"ContainerDied", Data:"590cac5a4ba9ec641835823eab19250a8d7984d3ba95da3c79af486f021d2161"}
I0307 11:03:32.644184 80996 kubelet_pods.go:1349] Generating status for "canal-tmxk5_kube-system(6e16e04d-2154-11e8-827c-000c299d5d24)"
I0307 11:03:32.645170 80996 kubelet_pods.go:1314] pod waiting > 0, pending
W0307 11:03:32.645170 80996 pod_container_deletor.go:77] Container "590cac5a4ba9ec641835823eab19250a8d7984d3ba95da3c79af486f021d2161" not found in pod's containers
I0307 11:03:32.645170 80996 kubelet_pods.go:1349] Generating status for "canal-tmxk5_kube-system(6e16e04d-2154-11e8-827c-000c299d5d24)"
I0307 11:03:32.645170 80996 kubelet_pods.go:1314] pod waiting > 0, pending
I0307 11:03:32.645170 80996 status_manager.go:353] Ignoring same status for pod "canal-tmxk5_kube-system(6e16e04d-2154-11e8-827c-000c299d5d24)", status: {Phase:Pending Conditions:[{Type:Initialized Status:True LastProbeTime:0001-01-01 00:00:00 +0000 UTC LastTransitionTime:2018-03-06 16:39:31 +0100 CET Reason: Message:} {Type:Ready Status:False LastProbeTime:0001-01-01 00:00:00 +0000 UTC LastTransitionTime:2018-03-06 16:39:31 +0100 CET Reason:ContainersNotReady Message:containers with unready status: [calico-node install-cni kube-flannel]} {Type:PodScheduled Status:True LastProbeTime:0001-01-01 00:00:00 +0000 UTC LastTransitionTime:2018-03-06 16:41:18 +0100 CET Reason: Message:}] Message: Reason: HostIP:192.168.0.1 PodIP:192.168.0.1 StartTime:2018-03-06 16:39:31 +0100 CET InitContainerStatuses:[] ContainerStatuses:[{Name:calico-node State:{Waiting:&ContainerStateWaiting{Reason:ContainerCreating,Message:,} Running:nil Terminated:nil} LastTerminationState:{Waiting:nil Running:nil Terminated:nil} Ready:false RestartCount:0 Image:quay.io/calico/node:v2.6.7 ImageID: ContainerID:} {Name:install-cni State:{Waiting:&ContainerStateWaiting{Reason:ContainerCreating,Message:,} Running:nil Terminated:nil} LastTerminationState:{Waiting:nil Running:nil Terminated:nil} Ready:false RestartCount:0 Image:quay.io/calico/cni:v1.11.2 ImageID: ContainerID:} {Name:kube-flannel State:{Waiting:&ContainerStateWaiting{Reason:ContainerCreating,Message:,} Running:nil Terminated:nil} LastTerminationState:{Waiting:nil Running:nil Terminated:nil} Ready:false RestartCount:0 Image:quay.io/coreos/flannel:v0.9.1 ImageID: ContainerID:}] QOSClass:Burstable}
I0307 11:03:32.651168 80996 volume_manager.go:342] Waiting for volumes to attach and mount for pod "canal-tmxk5_kube-system(6e16e04d-2154-11e8-827c-000c299d5d24)"
I0307 11:03:32.657170 80996 kubelet.go:1263] Container garbage collection succeeded
I0307 11:03:32.697183 80996 volume_host.go:218] using default mounter/exec for kubernetes.io/configmap
I0307 11:03:32.710179 80996 reconciler.go:264] operationExecutor.MountVolume started for volume "flannel-cfg" (UniqueName: "kubernetes.io/configmap/6e16e04d-2154-11e8-827c-000c299d5d24-flannel-cfg") pod "canal-tmxk5" (UID: "6e16e04d-2154-11e8-827c-000c299d5d24") Volume is already mounted to pod, but remount was requested.
I0307 11:03:32.710179 80996 volume_host.go:218] using default mounter/exec for kubernetes.io/secret
I0307 11:03:32.710179 80996 reconciler.go:264] operationExecutor.MountVolume started for volume "canal-token-9twgx" (UniqueName: "kubernetes.io/secret/6e16e04d-2154-11e8-827c-000c299d5d24-canal-token-9twgx") pod "canal-tmxk5" (UID: "6e16e04d-2154-11e8-827c-000c299d5d24") Volume is already mounted to pod, but remount was requested.
I0307 11:03:32.711174 80996 volume_host.go:218] using default mounter/exec for kubernetes.io/host-path
I0307 11:03:32.711174 80996 secret.go:186] Setting up volume canal-token-9twgx for pod 6e16e04d-2154-11e8-827c-000c299d5d24 at c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~secret\canal-token-9twgx
I0307 11:03:32.711174 80996 volume_host.go:218] using default mounter/exec for kubernetes.io/empty-dir
I0307 11:03:32.711174 80996 volume_host.go:218] using default mounter/exec for kubernetes.io/empty-dir
I0307 11:03:32.712174 80996 empty_dir.go:264] pod 6e16e04d-2154-11e8-827c-000c299d5d24: mounting tmpfs for volume wrapped_canal-token-9twgx
I0307 11:03:32.710179 80996 configmap.go:187] Setting up volume flannel-cfg for pod 6e16e04d-2154-11e8-827c-000c299d5d24 at c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~configmap\flannel-cfg
I0307 11:03:32.713173 80996 mount_windows.go:55] azureMount: mounting source ("tmpfs"), target ("c:\\var\\lib\\kubelet\\pods\\6e16e04d-2154-11e8-827c-000c299d5d24\\volumes\\kubernetes.io~secret\\canal-token-9twgx"), with options ([])
I0307 11:03:32.713173 80996 volume_host.go:218] using default mounter/exec for kubernetes.io/empty-dir
I0307 11:03:32.715190 80996 volume_host.go:218] using default mounter/exec for kubernetes.io/empty-dir
I0307 11:03:32.716175 80996 round_trippers.go:436] GET https://172.16.8.102:6443/api/v1/namespaces/kube-system/secrets/canal-token-9twgx?resourceVersion=0 200 OK in 1 milliseconds
I0307 11:03:32.717180 80996 secret.go:213] Received secret kube-system/canal-token-9twgx containing (3) pieces of data, 1884 total bytes
I0307 11:03:32.718174 80996 round_trippers.go:436] GET https://172.16.8.102:6443/api/v1/namespaces/kube-system/configmaps/canal-config?resourceVersion=0 200 OK in 1 milliseconds
I0307 11:03:32.718174 80996 atomic_writer.go:332] c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~secret\canal-token-9twgx: current paths: [c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~secret\canal-token-9twgx\..2018_03_07_10_03_27.050789875\ca.crt c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~secret\canal-token-9twgx\..2018_03_07_10_03_27.050789875\namespace c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~secret\canal-token-9twgx\..2018_03_07_10_03_27.050789875\token]
I0307 11:03:32.718174 80996 atomic_writer.go:344] c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~secret\canal-token-9twgx: new paths: [ca.crt namespace token]
I0307 11:03:32.719173 80996 atomic_writer.go:347] c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~secret\canal-token-9twgx: paths to remove: map[c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~secret\canal-token-9twgx\..2018_03_07_10_03_27.050789875\token:{} c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~secret\canal-token-9twgx\..2018_03_07_10_03_27.050789875\ca.crt:{} c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~secret\canal-token-9twgx\..2018_03_07_10_03_27.050789875\namespace:{}]
I0307 11:03:32.726175 80996 atomic_writer.go:159] pod kube-system/canal-tmxk5 volume canal-token-9twgx: write required for target directory c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~secret\canal-token-9twgx
I0307 11:03:32.734177 80996 atomic_writer.go:176] pod kube-system/canal-tmxk5 volume canal-token-9twgx: performed write of new data to ts data directory: c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~secret\canal-token-9twgx\..2018_03_07_10_03_32.145900189
I0307 11:03:32.727175 80996 configmap.go:214] Received configMap kube-system/canal-config containing (4) pieces of data, 911 total bytes
I0307 11:03:32.798178 80996 atomic_writer.go:332] c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~configmap\flannel-cfg: current paths: [c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~configmap\flannel-cfg\..2018_03_07_10_03_27.611158500\canal_iface c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~configmap\flannel-cfg\..2018_03_07_10_03_27.611158500\cni_network_config c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~configmap\flannel-cfg\..2018_03_07_10_03_27.611158500\masquerade c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~configmap\flannel-cfg\..2018_03_07_10_03_27.611158500\net-conf.json]
I0307 11:03:32.798178 80996 atomic_writer.go:344] c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~configmap\flannel-cfg: new paths: [canal_iface cni_network_config masquerade net-conf.json]
I0307 11:03:32.798178 80996 atomic_writer.go:347] c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~configmap\flannel-cfg: paths to remove: map[c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~configmap\flannel-cfg\..2018_03_07_10_03_27.611158500\masquerade:{} c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~configmap\flannel-cfg\..2018_03_07_10_03_27.611158500\net-conf.json:{} c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~configmap\flannel-cfg\..2018_03_07_10_03_27.611158500\canal_iface:{} c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~configmap\flannel-cfg\..2018_03_07_10_03_27.611158500\cni_network_config:{}]
I0307 11:03:32.799180 80996 atomic_writer.go:159] pod kube-system/canal-tmxk5 volume flannel-cfg: write required for target directory c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~configmap\flannel-cfg
I0307 11:03:32.811187 80996 volume_host.go:218] using default mounter/exec for kubernetes.io/configmap
I0307 11:03:32.812179 80996 volume_host.go:218] using default mounter/exec for kubernetes.io/host-path
I0307 11:03:32.835183 80996 atomic_writer.go:176] pod kube-system/canal-tmxk5 volume flannel-cfg: performed write of new data to ts data directory: c:\var\lib\kubelet\pods\6e16e04d-2154-11e8-827c-000c299d5d24\volumes\kubernetes.io~configmap\flannel-cfg\..2018_03_07_10_03_32.269248344
I0307 11:03:32.912190 80996 volume_host.go:218] using default mounter/exec for kubernetes.io/host-path
I0307 11:03:32.956200 80996 volume_manager.go:371] All volumes are attached and mounted for pod "canal-tmxk5_kube-system(6e16e04d-2154-11e8-827c-000c299d5d24)"
I0307 11:03:32.956200 80996 kuberuntime_manager.go:442] Syncing Pod "canal-tmxk5_kube-system(6e16e04d-2154-11e8-827c-000c299d5d24)": &Pod{ObjectMeta:k8s_io_apimachinery_pkg_apis_meta_v1.ObjectMeta{Name:canal-tmxk5,GenerateName:canal-,Namespace:kube-system,SelfLink:/api/v1/namespaces/kube-system/pods/canal-tmxk5,UID:6e16e04d-2154-11e8-827c-000c299d5d24,ResourceVersion:2241118,Generation:0,CreationTimestamp:2018-03-06 16:38:34 +0100 CET,DeletionTimestamp:<nil>,DeletionGracePeriodSeconds:nil,Labels:map[string]string{controller-revision-hash: 1120593895,k8s-app: canal,pod-template-generation: 1,},Annotations:map[string]string{kubernetes.io/config.seen: 2018-03-07T10:28:11.9157574+01:00,kubernetes.io/config.source: api,scheduler.alpha.kubernetes.io/critical-pod: ,},OwnerReferences:[{extensions/v1beta1 DaemonSet canal b747d502-1614-11e8-931d-000c299d5d24 0xc042d93dd8 0xc042d93dd9}],Finalizers:[],ClusterName:,Initializers:nil,},Spec:PodSpec{Volumes:[{lib-modules {HostPathVolumeSource{Path:/lib/modules,Type:*,} nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil}} {var-run-calico {&HostPathVolumeSource{Path:/var/run/calico,Type:*,} nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil}} {cni-bin-dir {&HostPathVolumeSource{Path:/opt/cni/bin,Type:*,} nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil}} {cni-net-dir {&HostPathVolumeSource{Path:/etc/cni/net.d,Type:*,} nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil}} {run {&HostPathVolumeSource{Path:/run,Type:*,} nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil}} {flannel-cfg {nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil &ConfigMapVolumeSource{LocalObjectReference:LocalObjectReference{Name:canal-config,},Items:[],DefaultMode:*420,Optional:nil,} nil nil nil nil nil nil nil nil}} {canal-token-9twgx {nil nil nil nil nil &SecretVolumeSource{SecretName:canal-token-9twgx,Items:[],DefaultMode:*420,Optional:nil,} nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil nil}}],Containers:[{calico-node quay.io/calico/node:v2.6.7 [] [] [] [] [{DATASTORE_TYPE kubernetes nil} {FELIX_LOGSEVERITYSYS info nil} {CALICO_NETWORKING_BACKEND none nil} {CLUSTER_TYPE k8s,canal nil} {CALICO_DISABLE_FILE_LOGGING true nil} {FELIX_IPTABLESREFRESHINTERVAL 60 nil} {FELIX_IPV6SUPPORT false nil} {WAIT_FOR_DATASTORE true nil} {IP nil} {NODENAME EnvVarSource{FieldRef:&ObjectFieldSelector{APIVersion:v1,FieldPath:spec.nodeName,},ResourceFieldRef:nil,ConfigMapKeyRef:nil,SecretKeyRef:nil,}} {FELIX_DEFAULTENDPOINTTOHOSTACTION ACCEPT nil} {FELIX_HEALTHENABLED true nil}] {map[] map[cpu:{{250 -3} {<nil>} 250m DecimalSI}]} [{lib-modules true /lib/modules <nil>} {var-run-calico false /var/run/calico <nil>} {canal-token-9twgx true /var/run/secrets/kubernetes.io/serviceaccount <nil>}] [] &Probe{Handler:Handler{Exec:nil,HTTPGet:&HTTPGetAction{Path:/liveness,Port:9099,Host:,Scheme:HTTP,HTTPHeaders:[],},TCPSocket:nil,},InitialDelaySeconds:10,TimeoutSeconds:1,PeriodSeconds:10,SuccessThreshold:1,FailureThreshold:6,} &Probe{Handler:Handler{Exec:nil,HTTPGet:&HTTPGetAction{Path:/readiness,Port:9099,Host:,Scheme:HTTP,HTTPHeaders:[],},TCPSocket:nil,},InitialDelaySeconds:0,TimeoutSeconds:1,PeriodSeconds:10,SuccessThreshold:1,FailureThreshold:3,} nil /dev/termination-log File IfNotPresent &SecurityContext{Capabilities:nil,Privileged:*true,SELinuxOptions:nil,RunAsUser:nil,RunAsNonRoot:nil,ReadOnlyRootFilesystem:nil,AllowPrivilegeEscalation:nil,} false false false} {install-cni quay.io/calico/cni:v1.11.2 [/install-cni.sh] [] [] [] [{CNI_CONF_NAME 10-calico.conflist nil} {CNI_NETWORK_CONFIG &EnvVarSource{FieldRef:nil,ResourceFieldRef:nil,ConfigMapKeyRef:&ConfigMapKeySelector{LocalObjectReference:LocalObjectReference{Name:canal-config,},Key:cni_network_config,Optional:nil,},SecretKeyRef:nil,}} {KUBERNETES_NODE_NAME &EnvVarSource{FieldRef:&ObjectFieldSelector{APIVersion:v1,FieldPath:spec.nodeName,},ResourceFieldRef:nil,ConfigMapKeyRef:nil,SecretKeyRef:nil,}}] {map[] map[]} [{cni-bin-dir false /host/opt/cni/bin <nil>} {cni-net-dir false /host/etc/cni/net.d <nil>} {canal-token-9twgx true /var/run/secrets/kubernetes.io/serviceaccount <nil>}] [] nil nil nil /dev/termination-log File IfNotPresent nil false false false} {kube-flannel quay.io/coreos/flannel:v0.9.1 [/opt/bin/flanneld --ip-masq --kube-subnet-mgr] [] [] [] [{POD_NAME &EnvVarSource{FieldRef:&ObjectFieldSelector{APIVersion:v1,FieldPath:metadata.name,},ResourceFieldRef:nil,ConfigMapKeyRef:nil,SecretKeyRef:nil,}} {POD_NAMESPACE &EnvVarSource{FieldRef:&ObjectFieldSelector{APIVersion:v1,FieldPath:metadata.namespace,},ResourceFieldRef:nil,ConfigMapKeyRef:nil,SecretKeyRef:nil,}} {FLANNELD_IFACE &EnvVarSource{FieldRef:nil,ResourceFieldRef:nil,ConfigMapKeyRef:&ConfigMapKeySelector{LocalObjectReference:LocalObjectReference{Name:canal-config,},Key:canal_iface,Optional:nil,},SecretKeyRef:nil,}} {FLANNELD_IP_MASQ &EnvVarSource{FieldRef:nil,ResourceFieldRef:nil,ConfigMapKeyRef:&ConfigMapKeySelector{LocalObjectReference:LocalObjectReference{Name:canal-config,},Key:masquerade,Optional:nil,},SecretKeyRef:nil,}}] {map[] map[]} [{run false /run <nil>} {flannel-cfg false /etc/kube-flannel/ <nil>} {canal-token-9twgx true /var/run/secrets/kubernetes.io/serviceaccount <nil>}] [] nil nil nil /dev/termination-log File IfNotPresent &SecurityContext{Capabilities:nil,Privileged:*true,SELinuxOptions:nil,RunAsUser:nil,RunAsNonRoot:nil,ReadOnlyRootFilesystem:nil,AllowPrivilegeEscalation:nil,} false false false}],RestartPolicy:Always,TerminationGracePeriodSeconds:*0,ActiveDeadlineSeconds:nil,DNSPolicy:ClusterFirst,NodeSelector:map[string]string{},ServiceAccountName:canal,DeprecatedServiceAccount:canal,NodeName:k8s-wnode-01,HostNetwork:true,HostPID:false,HostIPC:false,SecurityContext:&PodSecurityContext{SELinuxOptions:nil,RunAsUser:nil,RunAsNonRoot:nil,SupplementalGroups:[],FSGroup:nil,},ImagePullSecrets:[],Hostname:,Subdomain:,Affinity:nil,SchedulerName:default-scheduler,InitContainers:[],AutomountServiceAccountToken:nil,Tolerations:[{ Exists NoSchedule <nil>} {CriticalAddonsOnly Exists <nil>} { Exists NoExecute <nil>} {node.kubernetes.io/not-ready Exists NoExecute <nil>} {node.kubernetes.io/unreachable Exists NoExecute <nil>} {node.kubernetes.io/disk-pressure Exists NoSchedule <nil>} {node.kubernetes.io/memory-pressure Exists NoSchedule <nil>}],HostAliases:[],PriorityClassName:,Priority:nil,DNSConfig:nil,},Status:PodStatus{Phase:Pending,Conditions:[{Initialized True 0001-01-01 00:00:00 +0000 UTC 2018-03-06 16:39:31 +0100 CET } {Ready False 0001-01-01 00:00:00 +0000 UTC 2018-03-06 16:39:31 +0100 CET ContainersNotReady containers with unready status: [calico-node install-cni kube-flannel]} {PodScheduled True 0001-01-01 00:00:00 +0000 UTC 2018-03-06 16:41:18 +0100 CET }],Message:,Reason:,HostIP:192.168.0.1,PodIP:192.168.0.1,StartTime:2018-03-06 16:39:31 +0100 CET,ContainerStatuses:[{calico-node {ContainerStateWaiting{Reason:ContainerCreating,Message:,} nil nil} {nil nil nil} false 0 quay.io/calico/node:v2.6.7 } {install-cni {&ContainerStateWaiting{Reason:ContainerCreating,Message:,} nil nil} {nil nil nil} false 0 quay.io/calico/cni:v1.11.2 } {kube-flannel {&ContainerStateWaiting{Reason:ContainerCreating,Message:,} nil nil} {nil nil nil} false 0 quay.io/coreos/flannel:v0.9.1 }],QOSClass:Burstable,InitContainerStatuses:[],},}
I0307 11:03:32.958189 80996 kuberuntime_manager.go:403] No ready sandbox for pod "canal-tmxk5_kube-system(6e16e04d-2154-11e8-827c-000c299d5d24)" can be found. Need to start a new one
I0307 11:03:32.958189 80996 kuberuntime_manager.go:571] computePodActions got {KillPod:true CreateSandbox:true SandboxID:590cac5a4ba9ec641835823eab19250a8d7984d3ba95da3c79af486f021d2161 Attempt:518 NextInitContainerToStart:nil ContainersToStart:[0 1 2] ContainersToKill:map[]} for pod "canal-tmxk5_kube-system(6e16e04d-2154-11e8-827c-000c299d5d24)"
I0307 11:03:32.959195 80996 kuberuntime_manager.go:589] Stopping PodSandbox for "canal-tmxk5_kube-system(6e16e04d-2154-11e8-827c-000c299d5d24)", will start new one
I0307 11:03:32.959195 80996 server.go:231] Event(v1.ObjectReference{Kind:"Pod", Namespace:"kube-system", Name:"canal-tmxk5", UID:"6e16e04d-2154-11e8-827c-000c299d5d24", APIVersion:"v1", ResourceVersion:"2241118", FieldPath:""}): type: 'Normal' reason: 'SandboxChanged' Pod sandbox changed, it will be killed and re-created.