docker centos modprobe: ERROR: could not insert 'ip_vs': Operation not permitted

最新推荐文章于 2025-07-07 18:46:03 发布

qinzhao168

最新推荐文章于 2025-07-07 18:46:03 发布

阅读量9.5k

点赞数

CC 4.0 BY-SA版权

分类专栏： kubetnetes 文章标签： docker keepalived

本文链接：https://blog.youkuaiyun.com/qq_21816375/article/details/90311763

kubetnetes 专栏收录该内容

106 篇文章

订阅专栏

博客主要讲述了Docker运行Keepalived时出现无权限启动ip_vs模块的问题。Keepalived依赖ip_vs模块，该模块属内核模块。解决办法是根据提供的Dockerfile构建镜像并执行命令，需将主机特定目录挂载到容器，以主机网络模式、特权启动，还给出了在Kubernetes里启动的yaml。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

解决docker keepalived镜像could not insert 'ip_vs': Operation not permitted方法

现象
解决办法

现象

如下图
ubuntu-01
docker 跑keepalived,出现了没有权限启动ip_vs模块
使用

lsmod ip_vs

发现没有任何输出
制作镜像的Dockerfile为

FROM centos:7
ENV container docker

RUN yum update -y \
    && yum install wget -y \
    && wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
    && rpm -ivh epel-release-latest-7.noarch.rpm \
    && rm -rf epel-release-latest-7.noarch.rpm \
    && yum update -y \
    && yum install keepalived ipvsadm -y

解决办法

1.根据提供的Dockerfile构建镜像，然后执行命令，就可以解决了

docker run --net=host --privileged  -v /run/xtables.lock:/run/xtables.lock -v /lib/modules:/lib/modules -it 10.16.37.154/test/centos:v1.0 /bin/bash

说明: keepalived需要以来ip_vs模块，ip_vs模块属于内核模块所以需要把主机的目录/lib/modules和/run/xtables.lock这两个主机目录挂载到容器里，并且要以主机网络模式--net=host，特权--orivileged 启动

[root@node-199-112 qinzhao]# docker run --net=host --privileged  -v /run/xtables.lock:/run/xtables.lock -v /lib/modules:/lib/modules -it 10.16.37.154/test/centos:v1.0 /bin/bash

进入容器里执行命令

/usr/sbin/keepalived -P -C -d -D -S 7 -f /etc/keepalived/keepalived.conf --dont-fork --log-console

成功启动

在kubernetes里启动的yaml

apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  labels:
    name: keepalived-manager
  name: keepalived-manager
  namespace: kube-system
spec:
  selector:
    matchLabels:
      name: keepalived-manager
  template:
    metadata:
      labels:
        name: keepalived-manager
    spec:
      containers:
        - env:
            - name: KEEPALIVED_MANAGER_ENV
              value: "prod"
          image: 10.16.37.154/test/centos:v1.0
          imagePullPolicy: Always
          name: keepalived-manager
          securityContext:
            privileged: true
            procMount: Default
          volumeMounts:
            - mountPath: /var/run/docker.sock
              name: docker-sock
            - mountPath: /run/xtables.lock
              name: xtables-lock
            - mountPath: /lib/modules
                name: lib-modules
                readOnly: true
      hostNetwork: true
      restartPolicy: Always
      nodeSelector:
        keepalived-manager: test
      restartPolicy: Always
      volumes:
        - emptyDir: {}
          name: docker-sock
        - hostPath:
            path: /run/xtables.lock
            type: FileOrCreate
        - hostPath:
            path: /lib/modules
            type: ""
            name: lib-modules
      serviceAccountName: admin-user
  updateStrategy:
    rollingUpdate:
      maxUnavailable: 1
    type: RollingUpdate

end