主机名
ip
备注
k8s_master
192.168.98.18
Master&etcd
k8s_node1
192.168.98.19
Node1
k8s_node2
192.168.98.20
Node2
Kubernetes 是goole开源的大规模容器集群管理系统,使用centos7 自带的Kubernetes 组件、分布式键值存储系统etcd 以及flannel 实现Docker容器中跨容器访问。
(集群环境需要ntp时钟一致,因为是云的机器,系统默认有时钟核对)
第一步组件安装
Master节点:
systemctl stop firewalld && sudo systemctl disable firewalld
yum install -y kubernetes etcd docker flannel
Node节点:
systemctl stop firewalld && sudo systemctl disable firewalld
yum install -y kubernetes docker flannel
第二步配置
节点
运行服务
Master
etcd
kube-apiserver
kube-controller-manager
kube-scheduler
kube-proxy
kubelet
docker
flanneld
node
flanneld
docker
kube-proxy
kubelet
Master:
etcd配置
vi /etc/etcd/etcd.conf
ETCD_NAME=default
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS=http://localhost:2379
apiserver 配置
vi /etc/kubernetes/apiserver
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0" (apiserver绑定主机的非安全IP地址)
KUBE_API_PORT="--port=8080" (apiserver绑定主机的非安全端口号)
KUBELET_PORT="--kubelet-port=10250"
KUBE_ETCD_SERVERS="--etcd-servers=http://192.168.98.18:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=192.168.98.0/24" (虚机同一网段)
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_API_ARGS=""
Kubelet配置
vi /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_PORT="--port=10250"
KUBELET_HOSTNAME="--hostname-override=192.168.98.18"
KUBELET_API_SERVER="--api-servers=http://192.168.98.18:8080"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-Container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
KUBELET_ARGS=""
config配置
vi /etc/kubernetes/config
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://192.168.98.18:8080"
scheduler和 proxy 暂时没有用到,就不需要配置
flannel 配置
vi /etc/sysconfig/flanneld
FLANNEL_ETCD="http://192.168.98.18:2379"
FLANNEL_ETCD_KEY="/atomic.io/network"
添加网络:
systemctl enable etcd.service
systemctl start etcd.service
etcdctl mk //atomic.io/network/config '{"Network":"172.17.0.0/16"}' 创建
etcdctl rm //atomic.io/network/config '{"Network":"172.17.0.0/16"}' 删除
Master启动:
for SERVICES in etcd kube-apiserver kube-controller-manager kube-scheduler kube-proxy kubelet docker flanneld ;
do systemctl restart $SERVICES;
systemctl enable $SERVICES;
systemctl status $SERVICES;
done;
node配置:
hostnamectl set-hostname k8s_node1/2
Kubelet配置
vi /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_PORT="--port=10250"
KUBELET_HOSTNAME="--hostname-override=192.168.98.19" (相应节点IP)
KUBELET_API_SERVER="--api-servers=http://192.168.98.18:8080" (master节点IP)
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
KUBELET_ARGS=" "
config配置
vi /etc/kubernetes/config
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=0"
KUBE_ALLOW_PRIV="--allow-privileged=false"
KUBE_MASTER="--master=http://192.168.98.18:8080"
flannel 配置
vi /etc/sysconfig/flanneld
FLANNEL_ETCD="http://192.168.98.18:2379"
FLANNEL_ETCD_KEY="/atomic.io/network"
node启动
for SERVICES in kube-proxy kubelet docker flanneld; do
systemctl restart $SERVICES
systemctl enable $SERVICES
systemctl status $SERVICES
done;
查看所有NODE是否正常
kubectl -s 192.168.98.18:8080 get no
kubectl get nodes
访问http://kube-apiserver:port
http://192.168.98.18:8080/ 查看所有请求url
http://192.168.98.18:8080/healthz/ping 查看健康状况
###################################################以上搭建完毕
开始排错:
1,—————–部署nginx测试——————-
nginx-pod.yaml (请注意语法)
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
labels:
name: nginx-pod
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
一、开始创建pod
[root@localhost ~]# kubectl create -f /opt/dockerconfig/nginx-pod.yaml
Error from server (ServerTimeout): error when creating "/opt/dockerconfig/nginx-pod.yaml":
No API token found for service account "default",retry after the token is automatically created and added to the service account
报错是验证产生的
[root@localhost ~]# vim /etc/kubernetes/apiserver 去掉相应配置
#KUBE_ADMISSION_CONTROL="–admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_ADMISSION_CONTROL="–admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"
[root@localhost ~]# systemctl restart kube-apiserver
问题解决
[root@localhost ~]# kubectl create -f /opt/dockerconfig/nginx-pod.yaml
pod "nginx-pod" created
[root@localhost ~]#
但是一直卡着
[root@localhost ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-pod 0/1 ContainerCreating 0 12m
[root@localhost ~]# kubectl get service
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes 192.168.98.1 443/TCP 1h
[root@localhost ~]#
主要是通过“kubectl describe pod PodName”指令查看pod发生的事件,从事件列表中可以查找到错误信息。
查状态
[root@master ~]# kubectl describe pod nginx
这个报错,大家都懂的,哈哈。
手动下载:
在工作节点(node)上执行
docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
Trying to pull repository registry.access.redhat.com/rhel7/pod-infrastructure ...
open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory
解决方案
通过提示的路径查找该文件,是个软连接,链接目标是/etc/rhsm,查看没有rhsm
[root@MyCentos7 ca]# cd /etc/docker/certs.d/registry.access.redhat.com/
[root@MyCentos7 registry.access.redhat.com]# ll
总用量 0
lrwxrwxrwx. 1 root root 27 5月 11 14:30 redhat-ca.crt -> /etc/rhsm/ca/redhat-uep.pem
[root@MyCentos7 ca]# cd /etc/rhsm
-bash: cd: /etc/rhsm: 没有那个文件或目redhat-ca.crt -> /etc/rhsm/ca/redhat-uep.pem
安装rhsm(node上):
yum install *rhsm*
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.lzu.edu.cn
* extras: mirror.lzu.edu.cn
* updates: ftp.sjtu.edu.cn
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
软件包 python-rhsm-1.19.10-1.el7_4.x86_64 被已安装的 subscription-manager-rhsm-1.20.11-1.el7.centos.x86_64 取代
软件包 subscription-manager-rhsm-1.20.11-1.el7.centos.x86_64 已安装并且是最新版本
软件包 python-rhsm-certificates-1.19.10-1.el7_4.x86_64 被已安装的 subscription-manager-rhsm-certificates-1.20.11-1.el7.centos.x86_64 取代
软件包 subscription-manager-rhsm-certificates-1.20.11-1.el7.centos.x86_64 已安装并且是最新版本
技术分享图片
但是在/etc/rhsm/ca/目录下依旧没有证书文件,于是反复卸载与安装都不靠谱,后来发现大家所谓yum install *rhsm*其实安装的的是python-rhsm-1.19.10-1.el7_4.x86_64和python-rhsm-certificates-1.19.10-1.el7_4.x86_64,但是在实际安装过程中会有如下提示:
软件包 python-rhsm-1.19.10-1.el7_4.x86_64 被已安装的 subscription-manager-rhsm-1.20.11-1.el7.centos.x86_64 取代
软件包 subscription-manager-rhsm-1.20.11-1.el7.centos.x86_64 已安装并且是最新版本
软件包 python-rhsm-certificates-1.19.10-1.el7_4.x86_64 被已安装的 subscription-manager-rhsm-certificates-1.20.11-1.el7.centos.x86_64 取代
软件包 subscription-manager-rhsm-certificates-1.20.11-1.el7.centos.x86_64 已安装并且是最新版本
罪魁祸首在这里。原来我们想要安装的rpm包被取代了。而取代后的rpm包在安装完成后之创建了目录,并没有证书文件redhat-uep.pem。于是乎,手动下载并生成文件
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
node上手动下载镜像
至此查看状态变为pulling
说明ca 找不到问题解决。
但是发现又出现一个新的DNS问题,解决方案如下:
node执行:
yum remove subscription-manager-rhsm-certificates -y
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
rpm -ivh python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-pod 1/1 Running 0 11h
二、创建replicationController (RC)
nginx-rc.yaml
apiVersion: v1
kind: ReplicationController
metadata:
name: nginx-rc
spec:
replicas: 2
selector:
name: nginx-pod
template:
metadata:
labels:
name: nginx-pod
spec:
containers:
- name: nginx-pod
image: nginx
ports:
- containerPort: 80
kubectl create -f nginx-rc.yaml
三、新建 service.
nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
type: NodePort
ports:
- port: 80
nodePort: 30001
selector:
name: nginx-pod
[root@localdockerconfig]# kubectl create -f nginx-service.yaml
service "nginx-service" created
访问 node 机器的 30001端口测试成功
http://192.168.98.19:30001
http://192.168.98.20:30001
运维网声明
1、欢迎大家加入本站运维交流群:群②:261659950 群⑤:202807635 群⑦870801961 群⑧679858003
2、本站所有主题由该帖子作者发表,该帖子作者与运维网 享有帖子相关版权
3、所有作品的著作权均归原作者享有,请您和我们一样尊重他人的著作权等合法权益。如果您对作品感到满意,请购买正版
4、禁止制作、复制、发布和传播具有反动、淫秽、色情、暴力、凶杀等内容的信息,一经发现立即删除。若您因此触犯法律,一切后果自负,我们对此不承担任何责任
5、所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其内容的准确性、可靠性、正当性、安全性、合法性等负责,亦不承担任何法律责任
6、所有作品仅供您个人学习、研究或欣赏,不得用于商业或者其他用途,否则,一切后果均由您自己承担,我们对此不承担任何法律责任
7、如涉及侵犯版权等问题,请您及时通知我们,我们将立即采取措施予以解决
8、联系人Email:admin@iyunv.com 网址:www.yunweiku.com