0

我不太确定如何正确地制定这个问题,真的是 k8s 的初学者。我正在笔记本电脑上为 k3s 创建一个游乐场,想要安装 cilium 和 prometheus/grafana 监控。为此,我安装了 rancher-desktop,它创建了在 vm 中运行 k3s 的沙盒环境(在笔记本电脑上运行)

我使用 helm 在 rancher-desktop v1.0.0 上安装了 cilium:

helm install cilium cilium/cilium --version 1.11.1 \
   --namespace kube-system \
   --set prometheus.enabled=true \
   --set operator.prometheus.enabled=true \
   --set hubble.enabled=true \
   --set hubble.metrics.enabled="{dns,drop,tcp,flow,port-distribution,icmp,http}"

它安装,但纤毛容器无法启动:

Error: failed to generate container "0fae98546697febc25abb4ac49d5e5a2f27a3ee1781bade900f2c767f8d6df28" spec: failed to generate spec: path "/run/cilium/cgroupv2" is mounted on "/run/cilium/cgroupv2" but it is not a shared or slave mount

这让我相信 bpf 没有安装。现在,我精通 Linux,但实际上是 k8s 的新手。rancher-desktop 打包 k3s 并在 vm 中启动它(我的电脑是基于 Ubuntu 20.04 的)。所以,qemu 启动了这个虚拟机(lima-rancher-desktop),我可以登录它。我假设应该在该 VM 中启用 BPF(事实并非如此)。但是,也许我错了。也许它在 k3s 内的一些容器内?我什至在我的笔记本电脑上启用了 BPF,但这无济于事,k3s 在该 VM 内运行,以下是 pod:

kubectl get pods -A
NAMESPACE           NAME                                      READY   STATUS                      RESTARTS   AGE
kube-system         local-path-provisioner-84bb864455-z2659   1/1     Running                     0          4h28m
kube-system         helm-install-traefik-crd--1-dxcg7         0/1     Completed                   0          4h28m
kube-system         svclb-traefik-7kqgd                       2/2     Running                     0          4h28m
kube-system         helm-install-traefik--1-lbjhw             0/1     Completed                   1          4h28m
kube-system         metrics-server-ff9dbcb6c-rmvd9            1/1     Running                     0          4h28m
kube-system         traefik-55fdc6d984-zpk5s                  1/1     Running                     0          4h28m
cilium-monitoring   prometheus-655fb888d7-mbnb9               1/1     Running                     0          3h52m
cilium-monitoring   grafana-5747bcc8f9-rj5jk                  1/1     Running                     0          3h52m
kube-system         cilium-operator-5ffd7d9795-ktldm          0/1     Pending                     0          3m26s
kube-system         cilium-operator-5ffd7d9795-b8ls9          1/1     Running                     0          3m26s
kube-system         cilium-d5xr4                              0/1     Init:CreateContainerError   0          3m26s
kube-system         coredns-96cc4f57d-r99zl                   1/1     Running                     0          7s

如果有人能解释 BPF 应该安装在哪里,我将不胜感激:在该 VM 内,或在 k3s 上的某个容器内,以及如何安装它?

注意:它无论如何都不会安装在 VM 中:

mount --bind /var/run/bpf /var/run/bpf

没有任何效果,也不会挂载任何东西,就好像它是只读的一样。

4

2 回答 2

2

玩了一圈后,我发现它必须不是安装在主机上,而是安装在虚拟机上。如果 BPF FS 已经挂载,但未共享,则必须先将其卸载,然后再次作为共享挂载:

sudo mount bpffs -t bpf /sys/fs/bpf
sudo mount --make-shared /sys/fs/bpf
于 2022-02-01T17:21:42.947 回答
1

基于上述发现的完整解决方案:https ://github.com/cilium/cilium/issues/18675#issuecomment-1050234756

概括:

好的,所以我自己安装组并使其共享很容易。

所以总的来说:

sudo mount bpffs -t bpf /sys/fs/bpf
sudo mount --make-shared /sys/fs/bpf
sudo mkdir -p /run/cilium/cgroupv2
sudo mount -t cgroup2 none /run/cilium/cgroupv2
sudo mount --make-shared /run/cilium/cgroupv2/

在来宾内部,我制作了一个脚本,我只是通过调用它limactl(主机上的 $HOME 安装到来宾中):

(⎈ |rancher-desktop:default) ~/g/s/g/c/cilium ❯❯❯ cat setup-cilium-rancher.sh                                                                                                                 fix_grep ◼
#!/bin/sh

set -e

echo Mounting bpf
mount bpffs -t bpf /sys/fs/bpf
mount --make-shared /sys/fs/bpf

echo Mounting cgroups v2 to /run/cilium/cgroupv2
mkdir -p /run/cilium/cgroupv2
mount -t cgroup2 none /run/cilium/cgroupv2
mount --make-shared /run/cilium/cgroupv2/
(⎈ |rancher-desktop:default) ~/g/s/g/c/cilium ❯❯❯ LIMA_HOME="$HOME/Library/Application Support/rancher-desktop/lima" "/Applications/Rancher Desktop.app/Contents/Resources/resources/darwin/lima/bin/limactl" shell 0 sudo sh $PWD/setup-cilium-rancher.sh
Mounting bpf
Mounting cgroups v2 to /run/cilium/cgroupv2

然后我只是做了一个基本的 helm 安装,我们让 cilium DaemonSet pod 运行没有问题:

(⎈ |rancher-desktop:default) ~/g/s/g/c/cilium ❯❯❯ helm install cilium cilium/cilium --version 1.11.2 --namespace kube-system                                                                  fix_grep ◼
W0224 12:24:45.168567   78675 warnings.go:70] spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[1].matchExpressions[0].key: beta.kubernetes.io/os is deprecated since v1.14; use "kubernetes.io/os" instead
W0224 12:24:45.168579   78675 warnings.go:70] spec.template.metadata.annotations[scheduler.alpha.kubernetes.io/critical-pod]: non-functional in v1.16+; use the "priorityClassName" field instead
NAME: cilium
LAST DEPLOYED: Thu Feb 24 12:24:44 2022
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
You have successfully installed Cilium with Hubble.

Your release version is 1.11.2.

For any further help, visit https://docs.cilium.io/en/v1.11/gettinghelp

(⎈ |rancher-desktop:default) ~/g/s/g/c/cilium ❯❯❯ kubectl get pods -n kube-system                                                                                                                   fix_grep ◼
NAME                                      READY   STATUS      RESTARTS   AGE
local-path-provisioner-84bb864455-57c46   1/1     Running     0          6m20s
helm-install-traefik-crd--1-jdxsr         0/1     Completed   0          6m21s
metrics-server-ff9dbcb6c-ft2c4            1/1     Running     0          6m20s
helm-install-traefik--1-nflmd             0/1     Completed   2          6m21s
svclb-traefik-tgr4h                       2/2     Running     0          6m
traefik-55fdc6d984-l2skq                  1/1     Running     0          6m
cilium-operator-6d8799bcbb-f74g8          0/1     Pending     0          3m15s
cilium-operator-6d8799bcbb-njzk2          1/1     Running     0          3m15s
cilium-h7qzw                              1/1     Running     0          3m15s
coredns-96cc4f57d-zkjlg                   1/1     Running     0          12s
于 2022-02-24T20:35:46.927 回答