我是kubernetes tech的新手,我尝试建立一个健康的本地集群(在ESXI上)。
我遇到了许多我无法解决的错误:
我认为他们中的大多数是由于同样错过配置/错误,但我能够找到这个破碎的金砖四国/哪里。
如果我忘记了一些信息告诉我,我会将它们添加到帖子中。
我在vm上运行集群。所有vm都在运行centos7我已经在所有这些上运行:
swapoff -a
systemctl disable firewalld
systemctl stop firewalld
setenforce 0
systemctl daemon-reload
systemctl restart docker
systemctl restart kubelet
对于法兰绒
sysctl -w net.bridge.bridge-nf-call-iptables=1
sysctl -w net.bridge.bridge-nf-call-ip6tables=1
kubectl版本
Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:22:21Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:10:24Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
kubectl得到ep
NAME ENDPOINTS AGE
dark-room-dep 172.17.0.10:8085,172.17.0.9:8085 19h
kubernetes 10.66.222.223:6443 8d
kubectl获得svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dark-room-dep NodePort 10.99.12.214 <none> 8085:30991/TCP 19h
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 8d
kubectl cluster-info
Kubernetes master is running at https://10.66.222.223:6443
Heapster is running at https://10.66.222.223:6443/api/v1/namespaces/kube-system/services/heapster/proxy
KubeDNS is running at https://10.66.222.223:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
monitoring-grafana is running at https://10.66.222.223:6443/api/v1/namespaces/kube-system/services/monitoring-grafana/proxy
monitoring-influxdb is running at https://10.66.222.223:6443/api/v1/namespaces/kube-system/services/monitoring-influxdb/proxy
kubectl获得部署
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
dark-room-dep 2 2 2 2 20h
kubectl获取pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default dark-room-dep-577bf64bb8-9n5p7 1/1 Running 0 20h
default dark-room-dep-577bf64bb8-jmppg 1/1 Running 0 20h
kube-system etcd-localhost.localdomain 1/1 Running 6 8d
kube-system heapster-69b5d4974d-qvtrj 1/1 Running 0 1d
kube-system kube-apiserver-localhost.localdomain 1/1 Running 5 8d
kube-system kube-controller-manager-localhost.localdomain 1/1 Running 4 8d
kube-system kube-dns-86f4d74b45-njzj9 3/3 Running 0 1d
kube-system kube-flannel-ds-h9c2m 1/1 Running 3 6d
kube-system kube-flannel-ds-tcbd7 1/1 Running 5 8d
kube-system kube-proxy-7v6mf 1/1 Running 3 6d
kube-system kube-proxy-hwbwl 1/1 Running 4 8d
kube-system kube-scheduler-localhost.localdomain 1/1 Running 6 8d
kube-system kubernetes-dashboard-7d5dcdb6d9-q42q5 1/1 Running 0 1d
kube-system monitoring-grafana-69df66f668-zf2kc 1/1 Running 0 1d
kube-system monitoring-influxdb-78d4c6f5b6-nhdbx 1/1 Running 0 1d
路线-n
Table de routage IP du noyau
Destination Passerelle Genmask Indic Metric Ref Use Iface
0.0.0.0 10.66.222.1 0.0.0.0 UG 100 0 0 ens192
10.66.222.0 0.0.0.0 255.255.254.0 U 100 0 0 ens192
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.25.1.0 172.25.1.0 255.255.255.0 UG 0 0 0 flannel.1
kubectl获取节点--all-namespaces
NAME STATUS ROLES AGE VERSION
k8s-01 Ready <none> 6d v1.10.2
localhost.localdomain Ready master 8d v1.10.2
谢谢你的帮助。祝你今天愉快。
佐科
我解决的错误:
我无法从pod中检索日志:node disable firewall
我无法kubeadm升级计划:代理配置错误
我无法解决的错误:
DashBoard正在运行但无法通过kubectl代理api访问:我已经完成了这项工作并发现它需要heapster和heapster需要其他组件......我能够使其工作。
我无法访问在NodePort类型中暴露的任何svc(tcp连接重置):我已经在端口80上成功部署svc,但它不能在任何其他端口上工作。
要访问DASHBOARD UI,这就是我所做的,它适用于具有以下规范的kuebernetes集群:
OS : CentOS 7
Kubernetes组件版本(但对我来说也适用于v1.10.x):
Client Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.2", GitCommit:"bb9ffb1654d4a729bb4cec18ff088eacc153c239", GitTreeState:"clean", BuildDate:"2018-08-07T23:17:28Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.2", GitCommit:"bb9ffb1654d4a729bb4cec18ff088eacc153c239", GitTreeState:"clean", BuildDate:"2018-08-07T23:08:19Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
脚步
kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
.kube从主节点复制到本地计算机<name>的服务帐户(你可以放任何你想要的东西,但根据我的经验,如果你在你的机器中使用相同的帐户名,你导入.kube目录)在namespace kube-system中更好$ vim my_user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: <your account user_name>
namespace: kube-system
kubectl create -f my_user.yaml
$ vim cluster-admin-role-association.yml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: <your account user_name>
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: <your account user_name>
namespace: kube-system
kubectl create -f cluster-admin-role-association.yml
$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep <your account user_name> | awk '{print $1}')
`Name: <your account user_name>-token-xxxxx
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name=<your account user_name>
kubernetes.io/service-account.uid=xxxxxxxxxxxxxxxxxxxxxx
Type: kubernetes.io/service-account-token
Data
====
namespace: 11 bytes
token:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (your token)`
kubectl proxy中执行,访问以下URL上的de DashboardUI并使用令牌登录:http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
例如,您可以更改名称空间以将不同的用户影响到不同的项目,并且可以使用权限更精确
要访问服务通常,至少在我的部署中,您需要知道服务正在哪个节点运行(您可以通过将-o wide添加到kubectl get resource查询来获取它)并且您应该能够使用http(s)://<node_ip>:<service_port>/<any url complement if there is one>访问它
可能有一种更好的方式来访问服务(dns名称),但我还在学习,所以暂时我就是这样做的
希望它有所帮助
干杯