无法在 Vagrant 上安装 Kubernetes

Question

使用本指南在 Vagrant 集群上安装 Kubernetes：

https://kubernetes.io/docs/getting-started-guides/kubeadm/

在 (2/4) Initializing your master，出现了一些错误：

[root@localhost ~]# kubeadm init
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.6.4
[init] Using Authorization mode: RBAC
[preflight] Running pre-flight checks
[preflight] Some fatal errors occurred:
    /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
[preflight] If you know what you are doing, you can skip pre-flight checks with `--skip-preflight-checks`

我查看了/proc/sys/net/bridge/bridge-nf-call-iptables文件内容，里面只有一个0

在 (3/4) Installing a pod network，我下载了 kube-flannel 文件：

https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

和运行kubectl apply -f kube-flannel.yml，得到错误：

[root@localhost ~]# kubectl apply -f kube-flannel.yml
The connection to the server localhost:8080 was refused - did you specify the right host or port?

到这里，我不知道怎么继续了。

我的Vagrantfile:

  # Master Server
  config.vm.define "master", primary: true do |master|
    master.vm.network :private_network, ip: "192.168.33.200"
    master.vm.network :forwarded_port, guest: 22, host: 1234, id: 'ssh'
  end

Answer 1

为了通过编辑/etc/sysctl.conf来设置/proc/sys/net/bridge/bridge-nf-call-iptables。在那里你可以添加 [1]

net.bridge.bridge-nf-call-iptables = 1

然后执行

sudo sysctl -p

并且将应用更改。有了这个，飞行前检查应该通过了。

---

[1] http://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf

Answer 2

更新@2019/09/02

有时 modprobe br_netfilter 不可靠，您可能需要在重新登录后重做，因此在 systemd 系统上使用以下代替：

echo br_netfilter > /etc/modules-load.d/br_netfilter.conf
systemctl restart systemd-modules-load.service
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables

---

是的，接受的答案是正确的，但我遇到了

cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory

所以我做了

modprobe br_netfilter

echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
sudo sysctl -p

然后解决了

Answer 3

在 Ubuntu 16.04 我只需要：

modprobe br_netfilter

/proc/sys/net/bridge/bridge-nf-call-iptables 中的默认值已经是 1。

然后我将br_netfilter添加到/etc/modules以在下次启动时自动加载模块。

Answer 4

如 K8s 文档中所述 - Installing kubeadm 在 让 iptables 查看桥接流量 部分：

Make sure that the br_netfilter module is loaded. This can be done by running lsmod | grep br_netfilter.
To load it explicitly call sudo modprobe br_netfilter.

As a requirement for your Linux Node's iptables to correctly see bridged traffic, you should ensure net.bridge.bridge-nf-call-iptables is set to 1 in your sysctl config, e.g.

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system

---

关于预检错误 - 您可以在 preflight-checks:

下的 Kubeadm Implementation details 中看到

Kubeadm executes a set of preflight checks before starting the init, with the aim to verify preconditions and avoid common cluster startup problems..

以下缺少的配置会产生错误：

.
.
if /proc/sys/net/bridge/bridge-nf-call-iptables file does not exist/does not contain 1

if advertise address is ipv6 and /proc/sys/net/bridge/bridge-nf-call-ip6tables does not exist/does not contain 1.

if swap is on
.
.

Answer 5

one-liner方式：

sysctl net.bridge.bridge-nf-call-iptables=1