現象
如下圖
docker 跑keepalived,出現了沒有權限啓動ip_vs模塊
使用
lsmod ip_vs
發現沒有任何輸出
製作鏡像的Dockerfile爲
FROM centos:7
ENV container docker
RUN yum update -y \
&& yum install wget -y \
&& wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
&& rpm -ivh epel-release-latest-7.noarch.rpm \
&& rm -rf epel-release-latest-7.noarch.rpm \
&& yum update -y \
&& yum install keepalived ipvsadm -y
解決辦法
1.根據提供的Dockerfile構建鏡像,然後執行命令,就可以解決了
docker run --net=host --privileged -v /run/xtables.lock:/run/xtables.lock -v /lib/modules:/lib/modules -it 10.16.37.154/test/centos:v1.0 /bin/bash
說明: keepalived需要以來ip_vs模塊,ip_vs模塊屬於內核模塊所以需要把主機的目錄/lib/modules
和/run/xtables.lock
這兩個主機目錄掛載到容器裏,並且要以主機網絡模式--net=host
,特權--orivileged
啓動
[root@node-199-112 qinzhao]# docker run --net=host --privileged -v /run/xtables.lock:/run/xtables.lock -v /lib/modules:/lib/modules -it 10.16.37.154/test/centos:v1.0 /bin/bash
進入容器裏執行命令
/usr/sbin/keepalived -P -C -d -D -S 7 -f /etc/keepalived/keepalived.conf --dont-fork --log-console
成功啓動
在kubernetes裏啓動的yaml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
labels:
name: keepalived-manager
name: keepalived-manager
namespace: kube-system
spec:
selector:
matchLabels:
name: keepalived-manager
template:
metadata:
labels:
name: keepalived-manager
spec:
containers:
- env:
- name: KEEPALIVED_MANAGER_ENV
value: "prod"
image: 10.16.37.154/test/centos:v1.0
imagePullPolicy: Always
name: keepalived-manager
securityContext:
privileged: true
procMount: Default
volumeMounts:
- mountPath: /var/run/docker.sock
name: docker-sock
- mountPath: /run/xtables.lock
name: xtables-lock
- mountPath: /lib/modules
name: lib-modules
readOnly: true
hostNetwork: true
restartPolicy: Always
nodeSelector:
keepalived-manager: test
restartPolicy: Always
volumes:
- emptyDir: {}
name: docker-sock
- hostPath:
path: /run/xtables.lock
type: FileOrCreate
- hostPath:
path: /lib/modules
type: ""
name: lib-modules
serviceAccountName: admin-user
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
end