我已经开始使用some of this tutorial和a bit of this one学习Minikube。我的计划是使用“无”驱动程序来使用Docker而不是标准的Virtual Box。
我的目的是学习一些比Docker Swarm更灵活的基础设施/操作技术。 Swarm不支持一些docker run开关,所以我正在寻找其他选择。
设置它时,我有几个错误的开始,因为我最初没有指定--vm-driver=none,我不得不做一个sudo -rf ~/.minikube和/或sudo minikube delete不使用VirtualBox。 (虽然我不认为它是相关的,但无论如何我会提到我在VirtualBox Linux Mint VM中工作,这是一个长期的安全性偏好)。
所以,我认为我有一个主要安装Minikube的工作,但是仪表板上有些东西是不对的,因为Hello World教程要求我让它工作,我想坚持这个。
这是命令和错误:
$ sudo minikube dashboard
🔌 Enabling dashboard ...
🤔 Verifying dashboard health ...
🚀 Launching proxy ...
🤔 Verifying proxy health ...
💣 http://127.0.0.1:41303/api/v1/namespaces/kube-system/services/http:kubernetes-dashboard:/proxy/ is not responding properly: Temporary Error: unexpected response code: 503
Temporary Error: unexpected response code: 503
Temporary Error: unexpected response code: 503
Temporary Error: unexpected response code: 503
Temporary Error: unexpected response code: 503
Temporary Error: unexpected response code: 503
Temporary Error: unexpected response code: 503
{snipped many more of these}
Minikube本身看起来不错:
$ sudo minikube status
host: Running
kubelet: Running
apiserver: Running
kubectl: Correctly Configured: pointing to minikube-vm at 10.0.2.15
然而,看起来有些组件无法启动,但没有迹象表明它们遇到麻烦:
$ sudo kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-fb8b8dccf-2br2c 0/1 CrashLoopBackOff 16 62m
kube-system coredns-fb8b8dccf-nq4b8 0/1 CrashLoopBackOff 16 62m
kube-system etcd-minikube 1/1 Running 2 60m
kube-system kube-addon-manager-minikube 1/1 Running 3 61m
kube-system kube-apiserver-minikube 1/1 Running 2 61m
kube-system kube-controller-manager-minikube 1/1 Running 3 61m
kube-system kube-proxy-dzqsr 1/1 Running 0 56m
kube-system kube-scheduler-minikube 1/1 Running 2 60m
kube-system kubernetes-dashboard-79dd6bfc48-94c8l 0/1 CrashLoopBackOff 12 40m
kube-system storage-provisioner 1/1 Running 3 62m
我假设READY列中的零意味着某些东西无法启动。
我一直在发出有或没有sudo的命令,所以这可能是相关的。有时在我的非root ~/.minikube文件夹中有root文件所拥有的配置文件,我被迫使用sudo进一步推进。
这似乎看起来不错:
Kubernetes master is running at https://10.0.2.15:8443
KubeDNS is running at https://10.0.2.15:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
顺便说一句,我真的不知道这些各种状态命令是做什么的,或者它们是否相关 - 我在这里和GitHub上发现了一些类似的帖子,他们各自的作者使用这些命令来编写问题和错误报告。
这个API状态看起来像是泡菜,但我不知道它是否相关(我通过半随机挖掘找到它):
https://10.0.2.15:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
{
"kind": "Status",
"apiVersion": "v1",
"metadata": { },
"status": "Failure",
"message": "services \"kube-dns:dns\" is forbidden: User \"system:anonymous\" cannot get resource \"services/proxy\" in API group \"\" in the namespace \"kube-system\"",
"reason": "Forbidden",
"details": {
"name": "kube-dns:dns",
"kind": "services"
},
"code": 403
}
我也设法引起了Go崩溃,在sudo minikube logs中看到:
panic: secrets is forbidden: User "system:serviceaccount:kube-system:default" cannot create resource "secrets" in API group "" in the namespace "kube-system"
goroutine 1 [running]:
github.com/kubernetes/dashboard/src/app/backend/auth/jwe.(*rsaKeyHolder).init(0xc42011c2e0)
/home/travis/build/kubernetes/dashboard/.tmp/backend/src/github.com/kubernetes/dashboard/src/app/backend/auth/jwe/keyholder.go:131 +0x35e
github.com/kubernetes/dashboard/src/app/backend/auth/jwe.NewRSAKeyHolder(0x1367500, 0xc4200d0120, 0xc4200d0120, 0x1213a6e)
/home/travis/build/kubernetes/dashboard/.tmp/backend/src/github.com/kubernetes/dashboard/src/app/backend/auth/jwe/keyholder.go:170 +0x64
main.initAuthManager(0x13663e0, 0xc420301b00, 0xc4204cdcd8, 0x1)
/home/travis/build/kubernetes/dashboard/.tmp/backend/src/github.com/kubernetes/dashboard/src/app/backend/dashboard.go:185 +0x12c
main.main()
/home/travis/build/kubernetes/dashboard/.tmp/backend/src/github.com/kubernetes/dashboard/src/app/backend/dashboard.go:103 +0x26b
我希望这对应于我得到的503,这是某种服务器错误。
一些版本:
$ minikube version
minikube version: v1.0.0
$ docker --version
Docker version 18.09.2, build 6247962
$ sudo kubectl version
Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.1", GitCommit:"b7394102d6ef778017f2ca4046abbaa23b88c290", GitTreeState:"clean", BuildDate:"2019-04-08T17:11:31Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.0", GitCommit:"641856db18352033a0d96dbc99153fa3b27298e5", GitTreeState:"clean", BuildDate:"2019-03-25T15:45:25Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"linux/amd64"}
$ kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.0", GitCommit:"641856db18352033a0d96dbc99153fa3b27298e5", GitTreeState:"clean", BuildDate:"2019-03-25T15:51:21Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"linux/amd64"}
相关链接:
minikube delete删除集群,我已经出于其他原因这样做了。我可以尝试下一步调试这个?
看起来我需要对这个问题进行躲避,以便找到答案。 Go崩溃是要研究的东西,是documented in this bug report。
创建缺少角色的命令是:
$ kubectl create clusterrolebinding kube-system-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default
clusterrolebinding.rbac.authorization.k8s.io/kube-system-cluster-admin created
然后我们需要获取仪表板的系统pod名称:
$ sudo kubectl get pods -n kube-system
最后,使用仪表板pod的ID而不是kubernetes-dashboard-5498ccf677-dq2ct:
$ kubectl delete pods -n kube-system kubernetes-dashboard-5498ccf677-dq2ct
pod "kubernetes-dashboard-5498ccf677-dq2ct" deleted
我认为这会删除配置错误的仪表板,当您发出此命令时,会在其位置生成新的仪表板:
sudo minikube dashboard
在我看来,Go错误看起来非常赤裸裸,并且处理不当,需要捕获,但是后来我并不是Go。错误报告已由CI机器人自动关闭,并且几次重新打开它的尝试似乎都失败了。
猜测一下,我可以通过设置角色配置来避免这种痛苦。但是,在Hello World教程中没有注意到这一点,因此期望初学者不要进入此陷阱是不合理的:
sudo minikube start --vm-driver=none --extra-config='apiserver.Authorization.Mode=RBAC'