3

部署一个非常简单的 Pod 时,我看不到任何日志输出:

myconfig.yaml:

apiVersion: v1
kind: Pod
metadata:
  name: counter
spec:
  containers:
  - name: count
    image: busybox
    args: [/bin/sh, -c,
            'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done']

然后

kubectl apply -f myconfig.yaml

这取自这个官方教程:https ://kubernetes.io/docs/concepts/cluster-administration/logging/#basic-logging-in-kubernetes

吊舱似乎运行良好:

kubectl describe pod counter
Name:         counter
Namespace:    default
Node:         ip-10-0-0-43.ec2.internal/10.0.0.43
Start Time:   Tue, 20 Nov 2018 12:05:07 -0500
Labels:       <none>
Annotations:  kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"name":"counter","namespace":"default"},"spec":{"containers":[{"args":["/bin/sh","-c","i=0...
Status:       Running
IP:           10.0.0.81
Containers:
  count:
    Container ID:  docker://d2dfdb8644b5a6488d9d324c8c8c2d4637a460693012f35a14cfa135ab628303
    Image:         busybox
    Image ID:      docker-pullable://busybox@sha256:2a03a6059f21e150ae84b0973863609494aad70f0a80eaeb64bddd8d92465812
    Port:          <none>
    Host Port:     <none>
    Args:
      /bin/sh
      -c
      i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done
    State:          Running
      Started:      Tue, 20 Nov 2018 12:05:08 -0500
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-r6tr6 (ro)
Conditions:
  Type           Status
  Initialized    True 
  Ready          True 
  PodScheduled   True 
Volumes:
  default-token-r6tr6:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-r6tr6
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type    Reason                 Age   From                                Message
  ----    ------                 ----  ----                                -------
  Normal  Scheduled              16m   default-scheduler                   Successfully assigned counter to ip-10-0-0-43.ec2.internal
  Normal  SuccessfulMountVolume  16m   kubelet, ip-10-0-0-43.ec2.internal  MountVolume.SetUp succeeded for volume "default-token-r6tr6"
  Normal  Pulling                16m   kubelet, ip-10-0-0-43.ec2.internal  pulling image "busybox"
  Normal  Pulled                 16m   kubelet, ip-10-0-0-43.ec2.internal  Successfully pulled image "busybox"
  Normal  Created                16m   kubelet, ip-10-0-0-43.ec2.internal  Created container
  Normal  Started                16m   kubelet, ip-10-0-0-43.ec2.internal  Started container

运行时什么都没有出现:

kubectl logs counter --follow=true
4

5 回答 5

1

我发现了这个问题。此处的 AWS 教程 docs.aws.amazon.com/eks/latest/userguide/getting-started.html 引用了未能设置所需安全组的 CloudFormation 模板,以便人们可以正确查看日志。我基本上为我的 k8s 工作节点(EC2 实例)打开了所有流量和端口,现在一切正常。

于 2018-11-21T15:17:56.533 回答
1

我关注了 Seenickode 的评论,我得到了它的工作。

我发现 1.10.11 或 1.11.5(aws 中的当前版本)的新 cloudformation 模板可用于与我的堆栈进行比较。

这是我学到的:

  1. 允许从集群安全组到工作节点的端口 1025 - 65535。
  2. 允许从控制平面到工作节点的端口 443 出口。

然后 kubectl 日志开始工作。

示例 Cloudformation 模板更新在这里:

  NodeSecurityGroupFromControlPlaneIngress:
    Type: AWS::EC2::SecurityGroupIngress
    DependsOn: NodeSecurityGroup
    Properties:
      Description: Allow worker Kubelets and pods to receive communication from the cluster control plane
      GroupId: !Ref NodeSecurityGroup
      SourceSecurityGroupId: !Ref ControlPlaneSecurityGroup
      IpProtocol: tcp
      FromPort: 1025
      ToPort: 65535


  ControlPlaneEgressToNodeSecurityGroupOn443:
    Type: AWS::EC2::SecurityGroupEgress
    DependsOn: NodeSecurityGroup
    Properties:
      Description: Allow the cluster control plane to communicate with pods running extension API servers on port 443
      GroupId:
        Ref: ControlPlaneSecurityGroup
      DestinationSecurityGroupId:
        Ref: NodeSecurityGroup
      IpProtocol: tcp
      FromPort: 443
      ToPort: 443
于 2019-01-26T22:50:11.400 回答
1

我能想到的唯一可能导致它不输出日志的事情是,如果您在配置文件中为运行 pod 的节点配置了 Docker的默认日志记录驱动程序:/etc/docker/docker.json

{
  "log-driver": "anything-but-json-file",
}

这本质上会生成 Docker,而不是输出 stdout/stderr 日志之类的东西kubectl logs <podid> -c <containerid>。您可以查看节点 ( 10.0.0.43) 中 pod 中容器中的配置:

$ docker inspect -f '{{.HostConfig.LogConfig.Type}}' <container-id>
于 2018-11-20T23:03:05.293 回答
0

您在评论中提到的错误表明您的 kubelet 进程没有运行或继续重新启动。

ss -tnpl |grep 10250
LISTEN     0      128         :::10250                   :::*                   users:(("kubelet",pid=1102,fd=21))

检查上面的命令,看看 pid 是否在某个时间间隔内不断变化。

此外,如果有任何与节点相关的问题,请检查 /var/log/messages。希望这可以帮助。

于 2018-11-21T14:38:09.490 回答
0

用这个:

$ kubectl logs -f counter --namespace default
于 2018-11-20T17:27:19.993 回答