8-02 40 views
1. 安装单机版集群环境
1.1 环境介绍
|
1 2 |
OS:CentOS 7.5 kubernetes:1.5.2 |
1.2 准备工作
1.2.1 关闭防火墙
|
1 2 3 4 |
systemctl disable firewalld systemctl stop firewalld sed -i '/SELINUX/s/enforcing/disabled/g' /etc/selinux/config setenforce 0 |
1.2.2 更新系统
|
1 |
yum -y update |
1.3 安装kubernetes
|
1 |
yum -y install etcd kubernetes |
1.4 启动所有服务
|
1 2 3 4 5 6 7 |
systemctl start etcd systemctl start docker systemctl start kube-apiserver systemctl start kube-controller-manager systemctl start kube-scheduler systemctl start kubelet systemctl start kube-proxy |
2. 部署MySQL服务
2.1 为MySQL服务创建一个RC定义文件
vim mysql-rc.yaml
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
apiVersion: v1 kind: ReplicationController metadata: name: mysql spec: replicas: 1 selector: app: mysql template: metadata: labels: app: mysql spec: containers: - name: mysql image: hub.c.163.com/library/mysql:latest ports: - containerPort: 3306 env: - name: MYSQL_ROOT_PASSWORD value: "123456" |
2.2 创建RC
2.2.1 执行kubectl create
|
1 2 |
# kubectl create -f mysql-rc.yaml replicationcontroller "mysql" created |
2.2.2 查看刚刚创建的RC
|
1 2 3 |
# kubectl get rc NAME DESIRED CURRENT READY AGE mysql 1 1 1 1m |
2.2.3 查看Pod的创建情况
|
1 2 3 |
# kubectl get pods mysql-3z9ww 0/1 ContainerCreating 0 16s nginx-2610807146-tk4xq 0/1 ContainerCreating 0 2s |
2.3 创建一个与之关联的Service
2.3.1 定义service
vim mysql-svc.yaml
|
1 2 3 4 5 6 7 8 9 |
apiVersion: v1 kind: Service metadata: name: mysql spec: ports: - port: 3306 selector: app: mysql |
2.3.2 执行kubectl create
|
1 2 |
# kubectl create -f mysql-svc.yaml service "mysql" created |
2.3.3 查看刚刚创建的service
|
1 2 3 |
# kubectl get svc NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE mysql 10.254.152.198 <none> 3306/TCP 10s |
3. 部署Tomcat服务
3.1 为Tomcat服务创建一个RC
3.1.1 RC定义文件
vim myweb-rc.yaml
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
apiVersion: v1 kind: ReplicationController metadata: name: myweb spec: replicas: 2 selector: app: myweb template: metadata: labels: app: myweb spec: containers: - name: myweb image: kubeguide/tomcat-app:v1 ports: - containerPort: 8080 |
3.1.2 执行kubectl create
|
1 2 |
# kubectl create -f myweb-rc.yaml replicationcontroller "myweb" created |
3.1.3 查看pods
|
1 2 3 4 5 |
# kubectl get pods [root@MiWiFi-R3L-srv ~]# kubectl get pods NAME READY STATUS RESTARTS AGE mysql-3z9ww 1/1 Running 1 1h myweb-4fn8w 1/1 Running 0 3s |
3.2 创建一个与之关联的Service
3.2.1 定义service
vim myweb-svc.yaml
|
1 2 3 4 5 6 7 8 9 10 11 |
apiVersion: v1 kind: Service metadata: name: myweb spec: type: NodePort ports: - port: 8080 nodePort: 30001 selector: app: myweb |
3.2.2 执行kubectl create
|
1 2 |
# kubectl create -f myweb-svc.yaml service "myweb" created |
3.2.3 查看pod
|
1 2 3 4 5 |
# kubectl get services NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes 10.254.0.1 <none> 443/TCP 10m mysql 10.254.152.198 <none> 3306/TCP 2m myweb 10.254.154.143 <nodes> 8080:30001/TCP 1m |
3.3 通过浏览器访问
http://虚拟机IP:30001/demo/
4. 排查过程及解决方式
4.1 “Service Account”
|
1 |
# kubectl describe ReplicationController |
报 “service acccount” Error:
|
1 |
Error from server (ServerTimeout): error when creating "busybox.yaml": No API token found for service account "default", retry after the token is automatically created and added to the service account |
查看”service account key”的配置
# cat /etc/kubernetes/apiserver
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
### # kubernetes system config # # The following values are used to configure the kube-apiserver # # The address on the local server to listen to. KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1" # The port on the local server to listen on. # KUBE_API_PORT="--port=8080" # Port minions listen on # KUBELET_PORT="--kubelet-port=10250" # Comma separated list of nodes in the etcd cluster KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379" # Address range to use for services KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16" # default admission control policies KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota" # Add your own! KUBE_API_ARGS="" |
看到”KUBE_API_ARGS”是空
4.1.1 创建service account key
|
1 |
openssl genrsa -out /etc/kubernetes/serviceaccount.key 2048 |
4.1.2 配置service_account_key
# vim /etc/kubernetes/apiserver
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
### # kubernetes system config # # The following values are used to configure the kube-apiserver # # The address on the local server to listen to. KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1" # The port on the local server to listen on. # KUBE_API_PORT="--port=8080" # Port minions listen on # KUBELET_PORT="--kubelet-port=10250" # Comma separated list of nodes in the etcd cluster KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379" # Address range to use for services KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16" # default admission control policies KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota" # Add your own! KUBE_API_ARGS="--service_account_key_file=/etc/kubernetes/serviceaccount.key" |
4.1.3 重启所有服务
|
1 |
systemctl restart etcd kube-apiserver kube-controller-manager kube-scheduler |
4.1.4 重新创建RC
|
1 2 |
kubectl delete rc mysql kubectl create -f mysql-rc.yaml |
4.1.5 再次查看RC状态
# kubectl describe ReplicationController
|
1 2 3 4 5 6 7 8 9 10 11 12 |
Name: mysql Namespace: default Image(s): hub.c.163.com/library/mysql:latest Selector: app=mysql Labels: app=mysql Replicas: 1 current / 1 desired Pods Status: 0 Running / 1 Waiting / 0 Succeeded / 0 Failed No volumes. Events: FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 12m 12m 1 {replication-controller } Normal SuccessfulCreate Created pod: mysql-2j9jv |
4.2 “redhat-ca.crt: no such file or directory”
4.2.1 查看Pods状态
# kubectl describe pods
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
Name: mysql-2j9jv Namespace: default Node: 127.0.0.1/127.0.0.1 Start Time: Wed, 01 Aug 2018 08:46:43 +0800 Labels: app=mysql Status: Pending IP: Controllers: ReplicationController/mysql Containers: mysql: Container ID: Image: hub.c.163.com/library/mysql:latest Image ID: Port: 3306/TCP State: Waiting Reason: ContainerCreating Ready: False Restart Count: 0 Volume Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-66fhn (ro) Environment Variables: MYSQL_ROOT_PASSWORD: 123456 Conditions: Type Status Initialized True Ready False PodScheduled True Volumes: default-token-66fhn: Type: Secret (a volume populated by a Secret) SecretName: default-token-66fhn QoS Class: BestEffort Tolerations: <none> Events: FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 12m 12m 1 {default-scheduler } Normal Scheduled Successfully assigned mysql-2j9jv to 127.0.0.1 12m 1m 7 {kubelet 127.0.0.1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)" 11m 2s 50 {kubelet 127.0.0.1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\"" |
4.2.2 查看”redhat-ca.crt”是否存在
# ll /etc/docker/certs.d/registry.access.redhat.com/
|
1 2 |
total 0 lrwxrwxrwx 1 root root 27 Aug 1 06:17 redhat-ca.crt -> /etc/rhsm/ca/redhat-uep.pem |
注:这是一个链接文件,会发现”/etc/rhsm/ca/redhat-uep.pem”是红色的,不存在
4.2.3 安装缺失的组件
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
[root@MiWiFi-R3L-srv ~]# yum search rhsm Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: centos.ustc.edu.cn * extras: mirrors.shu.edu.cn * updates: centos.ustc.edu.cn ================================================================================================= N/S matched: rhsm ================================================================================================== python-rhsm.x86_64 : A Python library to communicate with a Red Hat Unified Entitlement Platform python-rhsm-certificates.x86_64 : Certificates required to communicate with a Red Hat Unified Entitlement Platform subscription-manager-rhsm.x86_64 : A Python library to communicate with a Red Hat Unified Entitlement Platform subscription-manager-rhsm-certificates.x86_64 : Certificates required to communicate with a Red Hat Unified Entitlement Platform Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: centos.ustc.edu.cn * extras: mirrors.shu.edu.cn * updates: centos.ustc.edu.cn ================================================================================================= N/S matched: rhsm ================================================================================================== python-rhsm.x86_64 : A Python library to communicate with a Red Hat Unified Entitlement Platform python-rhsm-certificates.x86_64 : Certificates required to communicate with a Red Hat Unified Entitlement Platform subscription-manager-rhsm.x86_64 : A Python library to communicate with a Red Hat Unified Entitlement Platform subscription-manager-rhsm-certificates.x86_64 : Certificates required to communicate with a Red Hat Unified Entitlement Platform Name and summary matches only, use "search all" for everything. [root@MiWiFi-R3L-srv ~]# yum -y install python-rhsm-certificates subscription-manager-rhsm-certificates |
4.2.4 生成证书
|
1 2 |
[root@MiWiFi-R3L-srv ~]# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm [root@MiWiFi-R3L-srv ~]# rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem |
注:rpm2cpio 是将rpm包转成cpio格式;”cpio -iv –to-stdout ./etc/rhsm/ca/redhat-uep.pem”是将包中”./etc/rhsm/ca/redhat-uep.pem”这个文件的内容通过标准输出打印出来,最后”tee”是写入到目标文件中
4.2.5 删除已有的状态一直是创建中的Pod,会生动重新创建新的pod
|
1 2 3 4 5 6 7 8 9 10 11 12 |
# kubectl get pod NAME READY STATUS RESTARTS AGE mysql-2j9jv 0/1 ContainerCreating 0 3m nginx-2610807146-mp5pq 0/1 ContainerCreating 0 3m [root@MiWiFi-R3L-srv ~]# kubectl delete pods mysql-2j9jv pod "mysql-2j9jv" deleted [root@MiWiFi-R3L-srv ~]# kubectl delete pods nginx-2610807146-mp5pq pod "nginx-2610807146-mp5pq" deleted [root@MiWiFi-R3L-srv ~]# kubectl get pods NAME READY STATUS RESTARTS AGE mysql-3z9ww 0/1 ContainerCreating 0 16s nginx-2610807146-tk4xq 0/1 ContainerCreating 0 2s |
4.2.6 再次查看
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 |
[root@MiWiFi-R3L-srv ~]# kubectl describe pods Name: mysql-3z9ww Namespace: default Node: 127.0.0.1/127.0.0.1 Start Time: Wed, 01 Aug 2018 08:59:32 +0800 Labels: app=mysql Status: Pending IP: Controllers: ReplicationController/mysql Containers: mysql: Container ID: Image: hub.c.163.com/library/mysql:latest Image ID: Port: 3306/TCP State: Waiting Reason: ContainerCreating Ready: False Restart Count: 0 Volume Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-66fhn (ro) Environment Variables: MYSQL_ROOT_PASSWORD: 123456 Conditions: Type Status Initialized True Ready False PodScheduled True Volumes: default-token-66fhn: Type: Secret (a volume populated by a Secret) SecretName: default-token-66fhn QoS Class: BestEffort Tolerations: <none> Events: FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 24s 24s 1 {default-scheduler } Normal Scheduled Successfully assigned mysql-3z9ww to 127.0.0.1 Name: nginx-2610807146-tk4xq Namespace: default Node: 127.0.0.1/127.0.0.1 Start Time: Wed, 01 Aug 2018 08:59:44 +0800 Labels: name=nginx pod-template-hash=2610807146 Status: Pending IP: Controllers: ReplicaSet/nginx-2610807146 Containers: nginx: Container ID: Image: hub.c.163.com/library/nginx Image ID: Port: 80/TCP State: Waiting Reason: ContainerCreating Ready: False Restart Count: 0 Volume Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-66fhn (ro) Environment Variables: <none> Conditions: Type Status Initialized True Ready False PodScheduled True Volumes: default-token-66fhn: Type: Secret (a volume populated by a Secret) SecretName: default-token-66fhn QoS Class: BestEffort Tolerations: <none> Events: FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 12s 12s 1 {default-scheduler } Normal Scheduled Successfully assigned nginx-2610807146-tk4xq to 127.0.0.1 |
4.2.7 查看容器
|
1 2 3 4 5 6 7 8 9 10 11 12 |
[root@MiWiFi-R3L-srv ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 396cc00cc864 hub.c.163.com/library/nginx "nginx -g 'daemon ..." About a minute ago Up About a minute k8s_nginx.6dcf360c_nginx-2610807146-tk4xq_default_2deb235a-9526-11e8-986a-000c29a89493_23671454 20167e283d70 hub.c.163.com/library/mysql:latest "docker-entrypoint..." About a minute ago Up About a minute k8s_mysql.845f56be_mysql-3z9ww_default_2679eca9-9526-11e8-986a-000c29a89493_1c12f093 410ba4ecc67a registry.access.redhat.com/rhel7/pod-infrastructure:latest "/usr/bin/pod" 3 minutes ago Up 3 minutes k8s_POD.a8590b41_nginx-2610807146-tk4xq_default_2deb235a-9526-11e8-986a-000c29a89493_fea37ffe ee9abfc30a86 registry.access.redhat.com/rhel7/pod-infrastructure:latest "/usr/bin/pod" 3 minutes ago Up 3 minutes k8s_POD.1d520ba5_mysql-3z9ww_default_2679eca9-9526-11e8-986a-000c29a89493_b7c73106 [root@MiWiFi-R3L-srv ~]# kubectl get pods NAME READY STATUS RESTARTS AGE mysql-3z9ww 1/1 Running 0 3m nginx-2610807146-tk4xq 1/1 Running 0 1m |
如果想赏钱,可以用微信扫描下面的二维码,一来能刺激我写博客的欲望,二来好维护云主机的费用; 另外再次标注博客原地址 itnotebooks.com 感谢!
😛