k8s入门、单机版安装
安装流程,切换成root1.关闭centos自带的防火墙# systemctl disable firewalld# systemctl stop firewalld2.安装etcd和kubernetes软件(会自动安装docker)# yum install -y etcd kubernetes启动所有服务# systemctl start etcd# systemctl start docke
安装流程,切换成root
1.关闭centos自带的防火墙
# systemctl disable firewalld
# systemctl stop firewalld
2.安装etcd和kubernetes软件(会自动安装docker)
# yum install -y etcd kubernetes
修改docker配置文件vi /etc/sysconfig/docker为
原始形式:
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
后来形式:
OPTIONS='--selinux-enabled=false --insecure-registry gcr.io --log-driver=journald --signature-verification=false'
检查一下etcd的配置,是否如下所示,如果不是则修改成如下样子:
grep -v '^#' /etc/etcd/etcd.conf
[root@localhost abc]# grep -v '^#' /etc/etcd/etcd.conf
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_CLIENT_URLS="http://localhost:2379"
ETCD_NAME="default"
ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"
修改/etc/kubernetes/apiserver文件
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
启动所有服务
systemctl start etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy
# systemctl start etcd
# systemctl start docker
# systemctl start kube-apiserver
# systemctl start kube-controller-manager
# systemctl start kube-scheduler
# systemctl start kubelet
# systemctl start kube-proxy
初入门小实例
$ kubectl run my-nginx --image=nginx --port=80
$ kubectl get pod # 查看pod
发现pod状态无论多久都是处于pending。READY字段一直是0/1,服务部署失败的原因是”中国墙“的问题导致无法下载pod启动时需要的谷歌镜像,所以我们得间接的创建所需的镜像。
补充: Pending状态表示API Server已经创建Pod,但Pod内还有一个或者多个容器没有创建,或者正在下载镜像的过程。详细的参考Pod声明周期和重启策略
创建RC服务出现的问题
执行kubectl get pod时会看到状态一直是“ContainerCreating”,是什么原因呢?
可以使用kubectl describe pod mysql命令,看到输出结果为:
......
failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\""
17m 10s 7 {kubelet 127.0.0.1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
查看/etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt路径发现是一个链接文件,但是我本地没有/etc/rhsm/ca/redhat-uep.pem怎么办。
方法一:
先下载一个试试:
yum -y install *rhsm*
安装完成后,重新创建mysql RC:
kubectl delete -f mysql-rc.yaml
kubectl create -f mysql-rc.yaml
如果发现rc的状态还是ContainerCreating,说明还是不成功。
方法二:
安装完成后,执行一下docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
如果依然报错,可参考下面的方案:
# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
# rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
这两个命令会生成/etc/rhsm/ca/redhat-uep.pem文件.
顺得的话会得到下面的结果。
docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
删除原来创建的rc
kubectl delete -f mysql-rc.yaml
重新创建
方法三:
执行下面命令,手动下载pause镜像:
docker pull docker.io/kubernetes/pause
docker tag docker.io/kubernetes/pause gcr.io/google_containers/pause-amd64:3.0
docker rmi -f docker.io/kubernetes/pause
然后再重新创建mysql-rc
kubectl delete -f mysql-rc.yaml
kubectl create -f mysql-rc.yaml
隔几十秒后发现rc和pod的状态已经变成Running了。
更多推荐
所有评论(0)