個人備忘
下面這個地址能滿足大部分需求 :
無坑版本 k8s centos 安裝博文
上文:5.2 的配置三臺服務器都要修改 ,5.3 的命令 [root@k8s-master ~]# etcdctl mk /atomic.io/network/config '{ "Network": "10.0.0.0/16" }' 只在主節點執行就行。
補充 : 10.0.0.0/16 網段開的比較大,正常該處配置項應該和 vim /etc/kubernetes/apiserver 這個中的10.254.0.0/16 保持一致,自行挑選。
訪問http://kube-apiserver:port
http://192.168.234.130:8080/ 查看所有請求url
http://192.168.234.130:8080/healthz/ping 查看健康狀況
補充:阿里雲服務器記得開防火牆(安全組)2378,6443,10250,4001
注意: 如果你改變了 api-server 中的默認8080 端口,則在使用 kubectl 命令時 會出現,couldn't read version from server: get http://localhost:8080/version: dial tcp 127.0.0.1:8080: connection refused.
方法一: alias kubectl=" kubectl -s http://apiserver:8080" , 用改命令重新指定默認地址。
方法二:ubectl -s http://k8s-master:8081 get nodes , 加入 -s http://ip:port 指定到你設置的 端口。
etcd centos 集羣配置該片博文可參考
坑一:
kubernetes創建集羣資源對象, pod服務一直處於ContainerCreating狀態問題。
failed to “StartContainer” for “POD” with ErrImagePull
1.查看pods狀態,一直處於ContainerCreating狀態
1 2 3 |
[root@SZ-V-L-K8S ~]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-pod 0/1 ContainerCreating 0 15h |
2.查看pod資源的詳細信息中的錯信息提示
[root@SZ-V-L-K8S ~]# kubectl describe pod nginx-pod
1 2 3 4 |
Events: FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 15h 4m 180 {kubelet srv.node1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)" |
3.錯誤分析
錯誤提示: failed to “StartContainer” for “POD” with ErrImagePull: “image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)”
大概出錯意圖是,srv.node1這個節點機,拉取Docker鏡像的時候出錯了,因爲redhat-ca.crt這個證書文件不存在。
到srv.node1節點主機,手動執行拉取鏡像試一下。
1 2 3 |
[root@SZ-V-L-docker-node1 ~]# docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest Trying to pull repository registry.access.redhat.com/rhel7/pod-infrastructure ... open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory |
錯誤信息一樣的,查看下redhat-ca.crt這個證書文件目錄是否存在
1 2 |
[root@SZ-V-L-docker-node1 ~]# ls -l /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt lrwxrwxrwx. 1 root root 27 Apr 18 16:05 /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt -> /etc/rhsm/ca/redhat-uep.pem |
是個軟件鏈接到/etc/rhsm/ca/redhat-uep.pem這個文件,而且這個文件目錄不存在。
問題找到了。
4.錯誤解決
跟rhsm這個有關,全稱Red Hat Subscription Manager。 跟RedHat查關服務,直接用yum安裝下rhsm相關的組件。
1 2 3 4 5 |
[root@SZ-V-L-docker-node1 ~]# yum install *rhsm* Downloading packages: (1/3): python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | 41 kB 00:00:00 (2/3): python-dateutil-1.5-7.el7.noarch.rpm | 85 kB 00:00:01 (3/3): python-rhsm-1.19.10-1.el7_4.x86_64.rpm |
再手動執行拉取鏡像文件,現在可以拉取鏡像文件了,問題解決。
1 2 3 4 |
[root@SZ-V-L-docker-node1 ~]# docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest Trying to pull repository registry.access.redhat.com/rhel7/pod-infrastructure ... latest: Pulling from registry.access.redhat.com/rhel7/pod-infrastructure 26e5ed6899db: Downloading [=> ] 2.107 MB/74.87 MB |
5.重新集羣資源對象
返回到master主節點,刪除集羣資源對象再重新創建。
1 2 3 4 5 6 7 8 9 10 11 12 13 |
[root@ZSZ-V-L-K8S ~]# kubectl delete pod nginx-pod
[root@SZ-V-L-K8S ~]# kubectl get pods No resources found.
[root@SZ-V-L-K8S ~]# kubectl create -f /data/app/docker_nginx/nginx-pod.yaml |
6.重還有一種情況
我們node 上有/etc/rhsm/ca/ 目錄, 但是沒有 redhat-uep.pem 文件,這時候需要我們執行兩個命令:
(2)rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
這兩個命令會生成/etc/rhsm/ca/redhat-uep.pem文件.
順得的話會得到下面的結果。
[root@localhost]# docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
Trying to pull repository registry.access.redhat.com/rhel7/pod-infrastructure ...
latest: Pulling from registry.access.redhat.com/rhel7/pod-infrastructure
26e5ed6899db: Pull complete
此時在,刪除原來的pod , 重新 kubectl create -f xxx.yaml ,再次查看pods 的狀態,發現 該pod 爲 Running.