背景说明

跟Kubernetes中其他普通的Pod不一样,Static pod是直接由节点上的Kubelet管理的。只要把Pod的定义声明文件放在Kubelet所在节点的指定路径下,或者某个指定的URL地址,Kubelet就会读取Pod的定义文件,并且启动这个Pod,也会按照定义的配置管理Static pod的生命周期。Static pod的启动可以不需要集群,只节点上有Kubelet和相应容器运行时即可
运行中的 kubelet 会定期扫描配置的目录(比如例子中的 /etc/kubernetes/manifests 目录)中的变化, 并且根据文件中出现/消失的 Pod 来添加/删除Pod。

解决方案

应用场景

Static pod目前使用最广泛的场景,是在Kubeadm中使用使用这一机制来Bootstrap一个Kubernetes集群。使用Kubernetes集群前,需要把管控面的组件先部署好。这些管控组件可以二进制部署,也可以容器化部署。二进制部署的方式稍显繁琐,且容易出错,升级也不方便,容器化部署这些管控组件的好处显而易见。这是最典型的先有鸡还是先有蛋的问题。在没有Kubernetes集群的时候,我们如何把这些管控组件以容器化的形式启动起来?官方部署工具Kubeadm给出的解决方法就是使用Static pod。
在使用Kubeadm部署集群时,首先需要安装好kubelet、容器运行时等组件,Kubeadm会根据指定配置文件,生成Kube-apiserver, Kube-controller-manager, Kube-proxy等组件的Pod定义文件,放置在Master节点的指定Static Pod path下,让Kubelet接管这些Static pod的生命周期管理。

官方文档

https://kubernetes.io/zh/docs/tasks/configure-pod-container/static-pod/

配置查看

查看kubeconfig配置

  1. student@master01:~$ systemctl status kubelet -l 
  2.  kubelet.service - kubelet: The Kubernetes Node Agent
  3.      Loaded: loaded (/lib/systemd/system/kubelet.service; enabled; vendor preset: enabled)
  4.     Drop-In: /etc/systemd/system/kubelet.service.d
  5.              └─10-kubeadm.conf
  6.      Active: active (running) since Sat 2022-05-07 14:28:57 CST; 1h 9min ago
  7.        Docs: https://kubernetes.io/docs/home/
  8.    Main PID: 893 (kubelet)
  9.       Tasks: 19 (limit: 2531)
  10.      Memory: 131.9M
  11.      CGroup: /system.slice/kubelet.service
  12.              └─893 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --network-plugin=cni --pod-infra-container-image=regis>
  14. May 07 14:29:38 master01 kubelet[893]: W0507 14:29:38.457592     893 watcher.go:93] Error while processing event ("/sys/fs/cgroup/blkio/system.slice/e2scrub_all.service": 0x40000100 == IN_CREATE|IN_ISDIR): inotify_add_watch /sys/fs/>
  15. May 07 14:29:38 master01 kubelet[893]: W0507 14:29:38.457752     893 watcher.go:93] Error while processing event ("/sys/fs/cgroup/memory/system.slice/e2scrub_all.service": 0x40000100 == IN_CREATE|IN_ISDIR): inotify_add_watch /sys/fs>
  16. May 07 14:29:38 master01 kubelet[893]: W0507 14:29:38.457947     893 watcher.go:93] Error while processing event ("/sys/fs/cgroup/devices/system.slice/e2scrub_all.service": 0x40000100 == IN_CREATE|IN_ISDIR): inotify_add_watch /sys/f>
  17. May 07 14:29:38 master01 kubelet[893]: W0507 14:29:38.458599     893 watcher.go:93] Error while processing event ("/sys/fs/cgroup/pids/system.slice/e2scrub_all.service": 0x40000100 == IN_CREATE|IN_ISDIR): inotify_add_watch /sys/fs/c>
  18. May 07 14:29:40 master01 kubelet[893]: I0507 14:29:40.447232     893 pod_container_deletor.go:79] "Container not found in pod's containers" containerID="3a5d4745e72a06150d897f0d752d62cac838e7d64dc2bf693b8fe99b2cce912c"
  19. May 07 14:29:40 master01 kubelet[893]: I0507 14:29:40.851971     893 pod_container_deletor.go:79] "Container not found in pod's containers" containerID="8e75da59ea888681809e2e026719bc9557f00d70b4ab0129d01e832a3681da76"
  20. May 07 14:29:40 master01 kubelet[893]: E0507 14:29:40.872535     893 cadvisor_stats_provider.go:414] "Partial failure issuing cadvisor.ContainerInfoV2" err="partial failures: [\"/kubepods.slice/kubepods-burstable.slice/kubepods-burs>
  21. May 07 14:29:40 master01 kubelet[893]: map[string]interface {}{"cniVersion":"0.3.1", "hairpinMode":true, "ipMasq":false, "ipam":map[string]interface {}{"ranges":[][]map[string]interface {}{[]map[string]interface {}{map[string]interf>
  22. May 07 14:29:41 master01 kubelet[893]: {"cniVersion":"0.3.1","hairpinMode":true,"ipMasq":false,"ipam":{"ranges":[[{"subnet":"10.244.0.0/24"}]],"routes":[{"dst":"10.244.0.0/16"}],"type":"host-local"},"isDefaultGateway":true,"isGatewa>
  23. May 07 14:29:41 master01 kubelet[893]: map[string]interface {}{"cniVersion":"0.3.1", "hairpinMode":true, "ipMasq":false, "ipam":map[string]interface {}{"ranges":[][]map[string]interface {}{[]map[string]interface {}{map[string]interf>

找到配置—config指向文件/var/lib/kubelet/config.yaml并查看文件内容

root@master01:~# cat /var/lib/kubelet/config.yaml 
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
  anonymous:
    enabled: false
  webhook:
    cacheTTL: 0s
    enabled: true
  x509:
    clientCAFile: /etc/kubernetes/pki/ca.crt
authorization:
  mode: Webhook
  webhook:
    cacheAuthorizedTTL: 0s
    cacheUnauthorizedTTL: 0s
cgroupDriver: systemd
clusterDNS:
- 10.96.0.10
clusterDomain: cluster.local
cpuManagerReconcilePeriod: 0s
evictionPressureTransitionPeriod: 0s
fileCheckFrequency: 0s
healthzBindAddress: 127.0.0.1
healthzPort: 10248
httpCheckFrequency: 0s
imageMinimumGCAge: 0s
kind: KubeletConfiguration
logging:
  flushFrequency: 0
  options:
    json:
      infoBufferSize: "0"
  verbosity: 0
memorySwap: {}
nodeStatusReportFrequency: 0s
nodeStatusUpdateFrequency: 0s
resolvConf: /run/systemd/resolve/resolv.conf
rotateCertificates: true
runtimeRequestTimeout: 0s
shutdownGracePeriod: 0s
shutdownGracePeriodCriticalPods: 0s
staticPodPath: /etc/kubernetes/manifests
streamingConnectionIdleTimeout: 0s
syncFrequency: 0s
volumeStatsAggPeriod: 0s
root@master01:~#

找到配置项staticPodPath=/etc/kubernetes/manifests
查看目录/etc/kubernetes/manifests

root@master01:~# cd /etc/kubernetes/manifests
root@master01:/etc/kubernetes/manifests# ls
etcd.yaml  kube-apiserver.yaml  kube-controller-manager.yaml  kube-scheduler.yaml
root@master01:/etc/kubernetes/manifests#

这里可以发现etcd、kube-apiserver、kube-controller-manager、scheduler都是静态Pod

配置补充

有时候,情况可能会不一样, systemctl status kubelet -l查到的/system.slice/kubelet.service中没有—configl配置
image.png
此时可以通过编辑/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
image.png
查看启动选项中有没有—pod-manifest-path这个选项,这个就是静态pod存放的位置,如果没有就需要加上。默认情况下静态pod的位置指定/etc/kubernetes/manifest

配置生效

配置修改完成后,可以通过命令生效

systemctl daemon-reload 
systemctl restart kubelet.service
systemctl enable kubelet
kubectl get pods -n kube-system