如何在Kubernetes集群中检测CNI类型/版本?

jgovgodb  于 2023-08-03  发布在  Kubernetes
关注(0)|答案(1)|浏览(242)

集群中是否有Kubectl命令或配置Map可以帮助我找到正在使用的CNI?

rfbsl7qr

rfbsl7qr1#

首先,检查/etc/cni/net.d中是否存在一个配置文件是一个很好的开始:

$ ls /etc/cni/net.d
10-flannel.conflist

字符串
ip a sifconfig有助于检查网络接口的存在。例如,flannel CNI应设置flannel.1接口:

$ ip a s flannel.1
3: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default 
    link/ether de:cb:d1:d6:e3:e7 brd ff:ff:ff:ff:ff:ff
    inet 10.244.1.0/32 scope global flannel.1
       valid_lft forever preferred_lft forever
    inet6 fe80::dccb:d1ff:fed6:e3e7/64 scope link 
       valid_lft forever preferred_lft forever


创建群集时,CNI安装通常使用以下方式安装:

kubectl apply -f <add-on.yaml>


因此,网络盒将被称为kube-flannel*kube-calico*等。取决于您的网络配置。
然后crictl将帮助您检查正在运行的Pod和容器。

crictl pods ls


在健康集群中的控制器节点上,您应该使所有Pod处于Ready状态。

crictl pods ls
POD ID              CREATED             STATE               NAME                                          NAMESPACE           ATTEMPT             RUNTIME
dc90dd87e18cf       3 minutes ago       Ready               coredns-6d4b75cb6d-r2j9s                      kube-system         0                   (default)
d1ab9d0aa815a       3 minutes ago       Ready               kubernetes-dashboard-cd4778d69-xmtkz          kube-system         0                   (default)
0c151fdd92e71       3 minutes ago       Ready               coredns-6d4b75cb6d-bn8hr                      kube-system         0                   (default)
40f18ce56f776       4 minutes ago       Ready               kube-flannel-ds-d4fd7                         kube-flannel        0                   (default)
0e390a68380a5       4 minutes ago       Ready               kube-proxy-r6cq2                              kube-system         0                   (default)
cd93e58d3bf70       4 minutes ago       Ready               kube-scheduler-c01            kube-system         0                   (default)
266a33aa5c241       4 minutes ago       Ready               kube-apiserver-c01            kube-system         0                   (default)
0910a7a73f5aa       4 minutes ago       Ready               kube-controller-manager-c01   kube-system         0                   (default)


如果您的集群配置正确,您应该能够使用kubectl列出容器:

kubectl get pods -n kube-system


如果kubectl不工作(kube-apiserver不运行),您可以回退到crictl
在不正常的集群上,kubectl将显示处于CrashLoopBackOff状态的Pod。crictl pods ls命令会给予你类似的图片,只显示单个节点的Pod。检查documentation for common CNI errors

$ kubectl get pods -n kube-system
NAME                                          READY   STATUS              RESTARTS         AGE
coredns-6d4b75cb6d-brb9d                      0/1     ContainerCreating   0                25m
coredns-6d4b75cb6d-pcrcp                      0/1     ContainerCreating   0                25m
kube-apiserver-cm01            1/1     Running             27 (18m ago)     26m
kube-apiserver-cm02            0/1     Running             31 (8m11s ago)   23m
kube-apiserver-cm03            0/1     CrashLoopBackOff    33 (2m22s ago)   26m
kube-controller-manager-cm01   0/1     CrashLoopBackOff    13 (50s ago)     24m
kube-controller-manager-cm02   0/1     CrashLoopBackOff    7 (15s ago)      24m
kube-controller-manager-cm03   0/1     CrashLoopBackOff    15 (3m45s ago)   26m
kube-proxy-2dvfg                              0/1     CrashLoopBackOff    8 (97s ago)      25m
kube-proxy-7gnnr                              0/1     CrashLoopBackOff    8 (39s ago)      25m
kube-proxy-cqmvz                              0/1     CrashLoopBackOff    8 (19s ago)      25m
kube-scheduler-cm01            1/1     Running             28 (7m15s ago)   12m
kube-scheduler-cm02            0/1     CrashLoopBackOff    28 (4m45s ago)   18m
kube-scheduler-cm03            1/1     Running             36 (107s ago)    26m
kubernetes-dashboard-cd4778d69-g8jmf          0/1     ContainerCreating   0                2m27s


crictl ps会给予你容器(比如docker ps),注意尝试次数高:

CONTAINER           IMAGE               CREATED             STATE               NAME                      ATTEMPT             POD ID              POD
d54c6f1e45dea       2ae1ba6417cbc       2 seconds ago       Running             kube-proxy                1                   347fef3ae1e98       kube-proxy-7gnnr
d6048ef9e30c7       d521dd763e2e3       41 seconds ago      Running             kube-apiserver            27                  640658b58d1ae       kube-apiserver-cm03
b6b8c7a24914e       3a5aa3a515f5d       41 seconds ago      Running             kube-scheduler            28                  c7b710a0acf30       kube-scheduler-cm03
b0a480d2c1baf       586c112956dfc       42 seconds ago      Running             kube-controller-manager   8                   69504853ab81b       kube-controller-manager-cm03


并检查日志使用

crictl logs d54c6f1e45dea


/opt/cni/bin/路径通常包含网络所需的二进制文件。另一个PATH可能在附加设置或CNI配置中定义。

$ ls /opt/cni/bin/
bandwidth  bridge  dhcp  firewall  flannel  host-device  host-local  ipvlan  loopback  macvlan  portmap  ptp  sbr  static  tuning  vlan


最后crictl读取/etc/crictl.yaml config,你应该设置合适的运行时和镜像端点来匹配container runtime

runtime-endpoint: unix:///var/run/containerd/containerd.sock
image-endpoint: unix:///var/run/containerd/containerd.sock
timeout: 10

相关问题