1

我尝试实现基于 Prometheus + node-exporter + grafana + cAdvisor 的 Openshift 集群监控解决方案。

我对 cAdvisor 组件有很大的问题。我做了很多配置(更改总是与卷有关),但它们都不能很好地工作,容器每 2 分钟重新启动一次,或者不收集所有数据指标(进程)

配置示例(使用此配置容器不会每 2 分钟重新启动一次,但不会收集进程)我知道,我的卷中没有 /rootfs,但是使用此容器可以像 5s 一样工作并且出现故障:

containers:
    - image: >-
        google/cadvisor@sha256:fce642268068eba88c27c666e92ed4144be6188447a23825015884741cf0e352
      imagePullPolicy: IfNotPresent
      name: cadvisor-new-version
      ports:
        - containerPort: 8080
          protocol: TCP
      resources: {}
      securityContext:
        privileged: true
      terminationMessagePath: /dev/termination-log
      terminationMessagePolicy: File
      volumeMounts:
        - mountPath: '/sys/fs/cgroup/cpuacct,cpu'
          name: sys
          readOnly: true
        - mountPath: /var/lib/docker
          name: docker
          readOnly: true
        - mountPath: /var/run/containerd/containerd.sock
          name: docker-socketd
          readOnly: true
  dnsPolicy: ClusterFirst
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: cadvisor-sa
  serviceAccountName: cadvisor-sa
  terminationGracePeriodSeconds: 300
  volumes:
    - hostPath:
        path: '/sys/fs/cgroup/cpu,cpuacct'
      name: sys
    - hostPath:
        path: /var/lib/docker
      name: docker
    - hostPath:
        path: /var/run/containerd/containerd.sock
      name: docker-socketd

我在我的操作系统项目中使用具有 scc 特权的服务帐户。

  • Openshift 版本 - 3.6
  • 码头工人版本 - 1.12
  • cAdvisor 版本 - 我尝试了从 v0.26.3 到最新的每一个

我发现一个帖子说问题可能是旧版本的 od docker,有人可以确认吗?

也许有人做了正确的配置并在 Openshift 上实施 cAdvisor?

日志示例:

I0409 08:41:46.661453       1 manager.go:231] Version: 
 {KernelVersion:3.10.0-693.17.1.el7.x86_64 ContainerOsVersion:Alpine Linux v3.4 DockerVersion:1.12.6 DockerAPIVersion:1.24 CadvisorVersion:v0.28.3 CadvisorRevision:1e567c2}
E0409 08:41:50.823560       1 factory.go:340] devicemapper filesystem stats will not be reported: usage of thin_ls is disabled to preserve iops
I0409 08:41:50.825280       1 factory.go:356] Registering Docker factory
I0409 08:41:50.826394       1 factory.go:54] Registering systemd factory
I0409 08:41:50.826949       1 factory.go:86] Registering Raw factory
I0409 08:41:50.827388       1 manager.go:1178] Started watching for new ooms in manager
I0409 08:41:50.838169       1 manager.go:329] Starting recovery of all containers
W0409 08:41:56.853821       1 container.go:393] Failed to create summary reader for "/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-podc323db44_39a9_11e8_accd_005056800e7b.slice/docker-26db795af0fa28047f04194d8169cf0249edf2c918c583422a1404d35ed5b62c.scope": none of the resources are being tracked.
I0409 08:42:03.953261       1 manager.go:334] Recovery completed
I0409 08:42:37.874062       1 cadvisor.go:162] Starting cAdvisor version: v0.28.3-1e567c2 on port 8080
I0409 08:42:56.353574       1 fsHandler.go:135] du and find on following dirs took 1.20076874s: [ /rootfs/var/lib/docker/containers/2afa2c457a9c1769feb6ab542102521d8ad51bdeeb89581e4b7166c1c93e7522]; will not log again for this container unless duration exceeds 2s
I0409 08:42:56.453602       1 fsHandler.go:135] du and find on following dirs took 1.098795382s: [ /rootfs/var/lib/docker/containers/65e4ad3536788b289e2b9a29e8f19c66772b6f38ec10d34a2922e4ef4d67337f]; will not log again for this container unless duration exceeds 2s
I0409 08:42:56.753070       1 fsHandler.go:135] du and find on following dirs took 1.400184357s: [ /rootfs/var/lib/docker/containers/2b0aa12a43800974298a7d0353c6b142075d70776222196c92881cc7c7c1a804]; will not log again for this container unless duration exceeds 2s
I0409 08:43:00.352908       1 fsHandler.go:135] du and find on following dirs took 1.199079344s: [ /rootfs/var/lib/docker/containers/aa977c2cc6105e633369f48e2341a6363ce836cfbe8e7821af955cb0cf4d5f26]; will not log again for this container unless duration exceeds 2s
4

2 回答 2

1

OpenShift 的 kubelet 中嵌入了一个 cAdvisor 进程。可能存在导致 pod 崩溃的竞争条件。

于 2018-04-10T16:28:20.440 回答
0

我在一个三节点的 docker swarm 中看到了类似的东西,其中一个节点上的 cadvisor - 并且只有那个节点 - 在几分钟后继续死亡。我已经查看了该过程并查看了它的资源使用情况 - 它的内存不足。

我设置了 128MB 的限制,但我也尝试了更高的限制。它只是为它争取了更多的时间,但即使是 500MB,它也很快因为内存不足而死掉了。

唯一看起来不正常的是那些相同的“du and find on following dirs take”消息:

I0515 15:14:37.109399       1 fsHandler.go:135] du and find on following dirs took 46.19060577s: [/rootfs/var/lib/docker/aufs/diff/69a2bd344a635cde23e6c27a69c165ed001178a9093964d73bebdbb81d90369b /rootfs/var/lib/docker/containers/6fd8113e383f78e20608be807a38e17b14715636b94aa99112dd6d7208764a2e]; will not log again for this container unless duration exceeds 5s
I0515 15:14:35.511417       1 fsHandler.go:135] du and find on following dirs took 58.306835696s: [/rootfs/var/lib/docker/aufs/diff/bed9b7ad307f36ae97659b79912ff081f5b64fb8d57d6a48f143cd3bf9823e64 /rootfs/var/lib/docker/containers/108f4b879f7626023be8790af33ad6b73189a27e7c9bb7d6f219521d43099bbe]; will not log again for this container unless duration exceeds 5s
I0515 15:14:47.513604       1 fsHandler.go:135] du and find on following dirs took 45.911742867s: [/rootfs/var/lib/docker/aufs/diff/c9989697f40789a69be47511c2b931f8949323d144051912206fe719f12e127d /rootfs/var/lib/docker/containers/4cd1baa15522b58f61e9968c1616faa426fb3dfd9ac8515896dcc1ec7a0cb932]; will not log again for this container unless duration exceeds 5s
I0515 15:14:49.210788       1 fsHandler.go:135] du and find on following dirs took 46.406268577s: [/rootfs/var/lib/docker/aufs/diff/7605c354c073800dcbb14df16da4847da3d70107509d27f8f1675aab475eb0df /rootfs/var/lib/docker/containers/00f37c6569bb29c028a90118cf9d12333907553396a95390d925a4c2502ab058]; will not log again for this container unless duration exceeds 5s
I0515 15:14:45.614715       1 fsHandler.go:135] du and find on following dirs took 1m1.573576904s: [/rootfs/var/lib/docker/aufs/diff/62d99773c5d1be97863f90b5be03eb94a4102db4498931863fa3f5c677a06a06 /rootfs/var/lib/docker/containers/bf3e2d8422cda2ad2bcb433e30b6a06f1c67c3a9ce396028cdd41cce3b0ad5d6]; will not log again for this container unless duration exceeds 5s

有趣的是,它开始只需要几秒钟:

I0515 15:09:48.710609       1 fsHandler.go:135] du and find on following dirs took 1.496309475s: [/rootfs/var/lib/docker/aufs/diff/a11190ca4731bbe6d9cbe1a2480e781490dc4e0e6c91c404bc33d37d7d251564 /rootfs/var/lib/docker/containers/d0b45858ae55b6613c4ecabd8d44e815c898bbb5ac5c613af52d6c1f4804df76]; will not log a
gain for this container unless duration exceeds 2s
I0515 15:09:49.909390       1 fsHandler.go:135] du and find on following dirs took 1.29921035s: [/rootfs/var/lib/docker/aufs/diff/62d99773c5d1be97863f90b5be03eb94a4102db4498931863fa3f5c677a06a06 /rootfs/var/lib/docker/containers/bf3e2d8422cda2ad2bcb433e30b6a06f1c67c3a9ce396028cdd41cce3b0ad5d6]; will not log ag
ain for this container unless duration exceeds 2s
I0515 15:09:51.014721       1 fsHandler.go:135] du and find on following dirs took 1.502355544s: [/rootfs/var/lib/docker/aufs/diff/5264e7a8c3bfb2a4ee491d6e42e41b3300acbcf364455698ab232c1fc9e8ab4e /rootfs/var/lib/docker/containers/da355f40535a001c5ba0e16da61b6340028b4e432e0b2f14b8949637559ff001]; will not log a
gain for this container unless duration exceeds 2s
I0515 15:09:53.309486       1 fsHandler.go:135] du and find on following dirs took 2.19038347s: [/rootfs/var/lib/docker/aufs/diff/8b0fd9287d107580b76354851b75c09ce47e114a70092305d42f8c2b5f5e23b2 /rootfs/var/lib/docker/containers/5fd8ac9fd8d98d402851f2642266ca89598a964f50cfabea9bdf50b87f7cff66]; will not log ag

因此,在容器死亡之前,某些事情似乎变得越来越糟。

于 2018-05-15T15:18:28.610 回答