k8s问题

1.安装 k8s时拉取k8s镜像总是失败报错拉取不下来,是因为国内访问不到谷歌源,这时先从国内源拉取,然后打包重命名

docker pull mirrorgooglecontainers/kube-apiserver:v1.14.2

docker pull mirrorgooglecontainers/kube-controller-manager:v1.14.2

docker pull mirrorgooglecontainers/kube-scheduler:v1.14.2

docker pull mirrorgooglecontainers/kube-proxy:v1.14.2

docker pull mirrorgooglecontainers/pause:3.1

docker pull mirrorgooglecontainers/etcd:3.3.10

docker pull coredns/coredns:1.3.1

docker tag mirrorgooglecontainers/kube-proxy:v1.14.2  k8s.gcr.io/kube-proxy:v1.14.2

docker tag mirrorgooglecontainers/kube-scheduler:v1.14.2 k8s.gcr.io/kube-scheduler:v1.14.2

docker tag mirrorgooglecontainers/kube-apiserver:v1.14.2 k8s.gcr.io/kube-apiserver:v1.14.2

docker tag mirrorgooglecontainers/kube-controller-manager:v1.14.2 k8s.gcr.io/kube-controller-manager:v1.14.2

docker tag mirrorgooglecontainers/etcd:3.3.10  k8s.gcr.io/etcd:3.3.10

docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1

docker tag mirrorgooglecontainers/pause:3.1  k8s.gcr.io/pause:3.1

docker rmi mirrorgooglecontainers/kube-apiserver:v1.14.2

docker rmi mirrorgooglecontainers/kube-controller-manager:v1.14.2

docker rmi mirrorgooglecontainers/kube-scheduler:v1.14.2

docker rmi mirrorgooglecontainers/kube-proxy:v1.14.2

docker rmi mirrorgooglecontainers/pause:3.1

docker rmi mirrorgooglecontainers/etcd:3.3.10

docker rmi coredns/coredns:1.3.1

2.搭建好k8s的dashboard后访问网页,打不开时在谷歌浏览器上加入这用https来访问,是因为新的谷歌不支持自签名证书,加入这忽略掉证书错误

3.服务器重启后K8s节点没有起来出现 notready排错

[root@master ~]# kubectl get nodes

NAME     STATUS     ROLES    AGE   VERSION

master   Ready      master   47h   v1.14.2

node1    NotReady   <none>   47h   v1.14.2

node2    NotReady   <none>   46h   v1.14.2

[root@master ~]# kubectl get pods --all-namespaces -o wide

kube-system   coredns-fb8b8dccf-kxfr4          0/1     CrashLoopBackOff   72         2d    10.244.0.7     master   

kube-system   coredns-fb8b8dccf-vshsm          0/1     CrashLoopBackOff   77         2d    10.244.0.6     master

[root@master ~]# journalctl -f -u kubelet

用这个命令查看 不出来时用下面这个

[root@master ~]# kubectl logs -f coredns-fb8b8dccf-kxfr4 -n kube-system

E0523 08:18:47.818857       1 reflector.go:134] github.com/coredns/coredns/plugin/kubernetes/controller.go:315: Failed to list *v1.Service: Get https://10.96.0.1:443/api/v1/services?limit=500&resourceVersion=0: dial tcp 10.96.0.1:443: connect: no route to host

E0523 08:18:47.818857       1 reflector.go:134] github.com/coredns/coredns/plugin/kubernetes/controller.go:315: Failed to list *v1.Service: Get https://10.96.0.1:443/api/v1/services?limit=500&resourceVersion=0: dial tcp 10.96.0.1:443: connect: no route to host

log: exiting because of error: log: cannot create log: open /tmp/coredns.coredns-fb8b8dccf-kxfr4.unknownuser.log.ERROR.20190523-081847.1: no such file or directory

这很可能是 iptables 规则乱了,我通过执行以下命令解决了,在此记录:

  • systemctl stop kubelet
  • systemctl stop docker
  • iptables --flush
  • iptables -tnat --flush
  • systemctl start kubelet
  • systemctl start docker

3.k8s上部署helm时初始化时拉取镜像总是失败,要把repo源换成国内的

[root@master helm]# helm repo remove stable "stable" has been removed from your repositories [root@master helm]# helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts "stable" has been added to your repositories [root@master helm]# helm repo list NAME         URL                                                         local        http://127.0.0.1:8879/charts                                incubator    https://kubernetes-charts-incubator.storage.googleapis.com/ stable       https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts #更新 [root@master helm]# helm repo update Hang tight while we grab the latest from your chart repositories... ...Skip local chart repository ...Successfully got an update from the "incubator" chart repository ...Successfully got an update from the "stable" chart repository Update Complete. ⎈ Happy Helming!⎈

4.Kubernetes之解决从k8s.gcr.io拉取镜像失败问题(Kubernetes国内镜像仓库地址)

因谷歌网络限制问题,国内的K8ser大多数在学习Kubernetes过程中因为镜像下载失败问题间接地产生些许失落感,笔者也因此脑壳疼,故翻阅资料得到以下解决方式:

  在应用yaml文件创建资源时,将文件中镜像地址进行内容替换即可:

  将k8s.gcr.io替换为

registry.cn-hangzhou.aliyuncs.com/google_containers

  或者

registry.aliyuncs.com/google_containers

  或者

mirrorgooglecontainers

后续

5.部署完dabc完后浏览器打不开,这是证书的问题,重新生成 做成secret

#(umask 077;openssl genrsa -out dashboard.key 2048)

#openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=192.168.246.200'

# openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt  -days 3650

然后把原来的kubernetes-dashboard.yaml 里面的secret注释掉

#cd /etc/kubernetes/pki

#kubectel create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt

#然后在运行kubernetes-dashboard.yaml

# k8s
Logo
K8S/Kubernetes

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐

【深度】阿里巴巴万级规模 K8s 集群全局高可用体系之美

作者 |  韩堂、柘远、沉醉来源 | 阿里巴巴云原生公众号​前言台湾作家林清玄在接受记者采访的时候,如此评价自己 30 多年写作生涯:“第一个十年我才华横溢,‘贼光闪现’,令周边黯然失色;第二个十年,我终于‘宝光现形’,不再去抢风头,反而与身边的美丽相得益彰;进入第三个十年,繁华落尽见真醇,我进入了‘醇光初现’的阶段,真正体味到了境界之美”。​长夜有穷,真水无香。领略过了 K8s“身在江

avatar K8S/Kubernetes

如何基于 K8s 构建下一代 DevOps 平台?

作者 | 孙健波(天元)导读:当前云原生 DevOps 体系现状如何?面临哪些挑战?如何通过 OAM 解决云原生 DevOps 场景下的诸多问题?云原生开发应用模型 OAM(Open Application Model) 社区核心成员孙健波将为大家一一解答,并分享如何基于 OAM 和 Kubernetes 打造无限能力的下一代 DevOps 平台。什么是 DevOps?为什么基于 Kub

avatar K8S/Kubernetes

k8s 火了!

2020,上云之年,产品云端化成为一种趋势。在一线城市,很多公司都已经构建了自己的私有云环境,比如阿里云、网易云、华为云等。而Kubernetes 作为基于容器编排领域的王者,具备扩展...

avatar K8S/Kubernetes