阿里雲Centos7 安裝 k8s 叢集(使用過程中的坑)
個人備忘
下面這個地址能滿足大部分需求 :
上文:5.2 的配置三臺伺服器都要修改 ,5.3 的命令 [[email protected] ~]# etcdctl mk /atomic.io/network/config '{ "Network": "10.0.0.0/16" }' 只在主節點執行就行。
補充 : 10.0.0.0/16 網段開的比較大,正常該處配置項應該和 vim /etc/kubernetes/apiserver 這個中的10.254.0.0/16 保持一致,自行挑選。
訪問http://kube-apiserver:port
補充:阿里雲伺服器記得開防火牆(安全組)2378,6443,10250,4001
注意: 如果你改變了 api-server 中的預設8080 埠,則在使用 kubectl 命令時 會出現,couldn't read version from server: get http://localhost:8080/version: dial tcp 127.0.0.1:8080: connection refused.
方法一: alias kubectl=" kubectl -s http://apiserver:8080" , 用改命令重新指定預設地址。
方法二:ubectl -s http://k8s-master:8081 get nodes , 加入 -s http://ip:port 指定到你設定的 埠。
坑一:
kubernetes建立叢集資源物件, pod服務一直處於ContainerCreating狀態問題。
failed to “StartContainer” for “POD” with ErrImagePull
1.檢視pods狀態,一直處於ContainerCreating狀態
1 2 3 |
[[email protected] ~]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-pod 0/1 ContainerCreating 0 15h |
2.檢視pod資源的詳細資訊中的錯資訊提示
[[email protected] ~]# kubectl describe pod nginx-pod
1 2 3 4 |
Events: FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 15h 4m 180 {kubelet srv.node1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)" |
3.錯誤分析
錯誤提示: failed to “StartContainer” for “POD” with ErrImagePull: “image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)”
大概出錯意圖是,srv.node1這個節點機,拉取Docker映象的時候出錯了,因為redhat-ca.crt這個證書檔案不存在。
到srv.node1節點主機,手動執行拉取映象試一下。
1 2 3 |
[[email protected] ~]# docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest Trying to pull repository registry.access.redhat.com/rhel7/pod-infrastructure ... open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory |
錯誤資訊一樣的,檢視下redhat-ca.crt這個證書檔案目錄是否存在
1 2 |
[[email protected] ~]# ls -l /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt lrwxrwxrwx. 1 root root 27 Apr 18 16:05 /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt -> /etc/rhsm/ca/redhat-uep.pem |
是個軟體連結到/etc/rhsm/ca/redhat-uep.pem這個檔案,而且這個檔案目錄不存在。
問題找到了。
4.錯誤解決
跟rhsm這個有關,全稱Red Hat Subscription Manager。 跟RedHat查關服務,直接用yum安裝下rhsm相關的元件。
1 2 3 4 5 |
[[email protected] ~]# yum install *rhsm* Downloading packages: (1/3): python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | 41 kB 00:00:00 (2/3): python-dateutil-1.5-7.el7.noarch.rpm | 85 kB 00:00:01 (3/3): python-rhsm-1.19.10-1.el7_4.x86_64.rpm |
再手動執行拉取映象檔案,現在可以拉取映象檔案了,問題解決。
1 2 3 4 |
[[email protected] ~]# docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest Trying to pull repository registry.access.redhat.com/rhel7/pod-infrastructure ... latest: Pulling from registry.access.redhat.com/rhel7/pod-infrastructure 26e5ed6899db: Downloading [=> ] 2.107 MB/74.87 MB |
5.重新叢集資源物件
返回到master主節點,刪除叢集資源物件再重新建立。
1 2 3 4 5 6 7 8 9 10 11 12 13 |
[[email protected] ~]# kubectl delete pod nginx-pod [[email protected] ~]# kubectl get pods No resources found. [[email protected] ~]# kubectl create -f /data/app/docker_nginx/nginx-pod.yaml |
6.重還有一種情況
我們node 上有/etc/rhsm/ca/ 目錄, 但是沒有 redhat-uep.pem 檔案,這時候需要我們執行兩個命令:
(2)rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
這兩個命令會生成/etc/rhsm/ca/redhat-uep.pem檔案.
順得的話會得到下面的結果。
[[email protected]]# docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
Trying to pull repository registry.access.redhat.com/rhel7/pod-infrastructure ...
latest: Pulling from registry.access.redhat.com/rhel7/pod-infrastructure
26e5ed6899db: Pull complete
此時在,刪除原來的pod , 重新 kubectl create -f xxx.yaml ,再次檢視pods 的狀態,發現 該pod 為 Running.