kubeadm init --apiserver-advertise-address=192.168.20.229 --pod-network-cidr=10.244.0.0/16
kubelet: error: failed to run Kubelet: failed to create kubelet: misconfiguration: kubelet cgroup driver: "cgroupfs" is different from docker cgroup driver: "systemd"
docker相比1.10增加了KernelMemory变量和CgroupDriver变量,KernelMemory变量表示是否设置linux内核内存限制,CgroupDriver变量表示使用哪个Cgroup驱动,有两种驱动,分别是cgroupfs和systemd,默认使用cgroupfs
kubeadm init --kubernetes-version=v1.6.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.61.41
[kubeadm] WARNING: kubeadm
is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.
6.1
[init] Using Authorization mode: RBAC
[preflight] Running pre
-flight checks
[preflight] Starting the kubelet service
[certificates] Generated CA certificate and key.
[certificates] Generated API server certificate and key.
[certificates] API Server serving cert
is signed for DNS names [node0 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.61.41]
[certificates] Generated API server kubelet client certificate and key.
[certificates] Generated service account token signing key and
public key.
[certificates] Generated front
-proxy CA certificate and key.
[certificates] Generated front
-proxy client certificate and key.
[certificates] Valid certificates and keys now exist
in "/etc/kubernetes/pki"
[kubeconfig] Wrote KubeConfig file to disk:
"/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk:
"/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk:
"/etc/kubernetes/controller-manager.conf"
[kubeconfig] Wrote KubeConfig file to disk:
"/etc/kubernetes/scheduler.conf"
[apiclient] Created API client, waiting
for the control plane to become ready
[apiclient] All control plane components are healthy after
14.583864 seconds
[apiclient] Waiting
for at least one node to register
[apiclient] First node has registered after
6.008990 seconds
[token] Using token: e7986d.e440de5882342711
[apiconfig] Created RBAC rules
[addons] Created essential addon: kube
-proxy
[addons] Created essential addon: kube
-dns
Your Kubernetes master has initialized successfully
!
To start
using your cluster, you need to run (as a regular user): sudo cp
/etc/kubernetes/admin.conf $HOME/ sudo chown $(id
-u):$(id -g) $HOME/admin.conf export KUBECONFIG
=$HOME/admin.conf
You should now deploy a pod network to the cluster.
Run
"kubectl apply -f [podnetwork].yaml" with one of the options listed at: http:
//kubernetes.io/docs/admin/addons/
You can now join any number of machines by running the following on each node
注意到kube-apiserver的选项--insecure-port=0,也就是说kubeadm 1.6.0初始化的集群,kube-apiserver没有监听默认的http 8080端口。
所以我们使用kubectl get nodes会报The connection to the server localhost:8080 was refused - did you specify the right host or port?。
查看kube-apiserver的监听端口可以看到只监听了https的6443端口
[iyunv@k8s1 ~]# kubectl --kubeconfig=/etc/kubernetes/admin.conf run curl --image=radial/busyboxplus:curl -i --tty
If you don
't see a command prompt, try pressing enter.
[ root@curl-57077659-s2l5v:/ ]$ nslookup
从http://NodeIp:NodePort访问dashboard,浏览器显示下面的错误
User "system:serviceaccount:kube-system:default" cannot list statefulsets.apps in the namespace "default". (get statefulsets.apps)
这是因为Kubernetes 1.6开始API Server启用了RBAC授权,当前的kubernetes-dashboard.yaml没有定义授权的ServiceAccount,所以访问API Server时被拒绝了。
根据https://github.com/kubernetes/dashboard/issues/1803中的内容临时授予system:serviceaccount:kube-system:default cluster_admin的角色,临时解决一下。
创建dashboard-rbac.yaml,定义system:serviceaccount:kube-system:default和ClusterRole cluster-admin绑定: