kubernets-1.14.3 部署实验
kubernets1.14.3 实验linux 常用命令时间服务同步systemctl相关ansible命令docker常用操作命令使用阿里云源 安装salt-master & kubernetskubernets 安装配置安装全节点配置设定docker和kubelet开机自启动:初始化master节点:master节点运行进程解决k8s镜像下载问题初始化k
kubernets1.14.3 实验
linux 常用命令
时间服务同步
yum install ntp -y
systemctl restart ntpd
systemctl enable ntpd
时间不同步
查看同步情况
#ntpq -p
ntpq: read: Connection refused
原因很可能是ntpd死掉了,没有起来
systemctl相关
#更改 /usr/lib/systemd/ 中启动文件后,需要使用命令加载
systemctl daemon-reload
systemctl restart ****
ansible命令
docker常用操作命令
#重启docker
docker restart 容器ID
#搜索镜像
docker search gitlab
#启动docker容器
docker start -it walle-python /bin/bash
docker exec -it gitlab /bin/bash
列出所有的容器 ID
docker ps -aq
停止所有的容器
docker start $(docker ps -aq)
docker stop $(docker ps -aq)
删除所有的容器
docker rm $(docker ps -aq)
删除所有的镜像
docker rmi $(docker images -q)
复制文件
docker cp mycontainer:/opt/file.txt /opt/local/
docker cp /opt/local/file.txt mycontainer:/opt/
更新: @snakeliwei 的提醒, 现在的docker有了专门清理资源(container、image、网络)的命令。 docker 1.13 中增加了 docker system prune的命令,针对container、image可以使用docker container prune、docker image prune命令。
docker image prune --force --all或者docker image prune -f -a` : 删除所有不使用的镜像
docker container prune -f: 删除所有停止的容器
使用阿里云源 安装salt-master & kubernets
yum install https://mirrors.aliyun.com/saltstack/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet
#启动命令暂不执行
systemctl start kubelet
kubernets 安装配置
安装
yum install kubeadm kubectl kubelet -y
#版本
kubectl-1.13.4-0.x86_64
kubelet-1.13.4-0.x86_64
kubernetes-cni-0.6.0-0.x86_64
kubeadm-1.13.4-0.x86_64
全节点配置
1. 网络相关预配置
#网络转换
net.ipv4.ip_forward = 1
#查看bridge-nf配置,确认值都是1
# cat /proc/sys/net/bridge/bridge-nf-call-ip6tables
0
# cat /proc/sys/net/bridge/bridge-nf-call-iptables
0
#cat <<EOF >> /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl -p
#如果遇到
sysctl -p
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory
#解决办法
modprobe br_netfilter
sysctl -p
/proc/sys/net/ipv6/conf/all/accept_dad: No such file or directory
Edit /etc/default/grub and change the value of kernel parameter ipv6.disable from 1 to 0 in line:
# grub2-mkconfig -o /boot/grub2/grub.cfg
# shutdown -r now
2. 配置 /etc/sysconfig/kubelet
master节点和node节点的服务器都需要配置这个参数
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
KUBE_PROXY_MODE=ipvs
设定docker和kubelet开机自启动:
# systemctl enable docker kubelet
初始化master节点:
# kubeadm init --kubernetes-version=v1.13.4 --pod-network-cidr=10.244.0.0/16 servicecidr=10.96.0.0/12 --ignore-preflight-errors=Swap
#--pod-network-cidr
#servicecidr
# 备忘重启
systemctl restart kubelet
master节点运行进程
- kube-controller-manager
- kube-apiserver
- kube-scheduler
- etcd
- kube-proxy
- kubelet
[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-controller-manager:v1.13.4
解决k8s镜像下载问题
内容摘自 https://blog.csdn.net/jinguangliu/article/details/82792617
docker.io仓库对google的容器做了镜像,可以通过下列命令下拉取相关镜像:
docker pull mirrorgooglecontainers/kube-apiserver-amd64:v1.13.4
docker pull mirrorgooglecontainers/kube-controller-manager-amd64:v1.13.4
docker pull mirrorgooglecontainers/kube-scheduler-amd64:v1.13.4
docker pull mirrorgooglecontainers/kube-proxy-amd64:v1.13.4
docker pull mirrorgooglecontainers/pause:3.1
docker pull mirrorgooglecontainers/etcd-amd64:3.2.24
docker pull coredns/coredns:1.2.6
版本信息需要根据实际情况进行相应的修改。通过docker tag命令来修改镜像的标签:
docker tag docker.io/mirrorgooglecontainers/kube-proxy-amd64:v1.13.4 k8s.gcr.io/kube-proxy:v1.13.4
docker tag docker.io/mirrorgooglecontainers/kube-scheduler-amd64:v1.13.4 k8s.gcr.io/kube-scheduler:v1.13.4
docker tag docker.io/mirrorgooglecontainers/kube-apiserver-amd64:v1.13.4 k8s.gcr.io/kube-apiserver:v1.13.4
docker tag docker.io/mirrorgooglecontainers/kube-controller-manager-amd64:v1.13.4 k8s.gcr.io/kube-controller-manager:v1.13.4
docker tag docker.io/mirrorgooglecontainers/etcd-amd64:3.2.24 k8s.gcr.io/etcd:3.2.24
docker tag docker.io/mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag docker.io/coredns/coredns:1.2.6 k8s.gcr.io/coredns:1.2.6
初始化kubectl
生产环境不建议用root用户作为kubernets的启动用户
# mkdir ~/.kube
#cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
测试:
## cs是componentstatus的缩写
# kubectl get cs
# kubectl get componentstatus
# kubectl get nodes
kubectl get获取组件状态报错
#kubectl get cs
The connection to the server localhost:8080 was refused - did you specify the right host or port?
- 解决方案1
解决方案摘自 https://www.jianshu.com/p/6fa06b9bbf6a
出现这个问题的原因是kubectl命令需要使用kubernetes-admin来运行,解决方法如下,将主节点中的【/etc/kubernetes/admin.conf】文件拷贝到从节点相同目录下,然后配置环境变量:
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
立即生效
source ~/.bash_profile
接着再运行kubectl命令就OK了
- 解决方案2
# mkdir ~/.kube
#cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
添加flannel网络附件
# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
验正master节点已经就绪
# kubectl get ns
# kubectl get pods -n kube-system
初始化node节点
kubeadm join 192.168.145.3:6443 --token sgi92u.h5vbx4vqthx2hb5m --discovery-token-ca-cert-hash sha256:5935afa822edb319535c01805c5b6e4b8dd59ba44c74c3632d083c260976a0bd --ignore-preflight-errors=Swap
kubeadm join 报错
kubeadm join 命令过程有以下错误输出:
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get http://localhost:10248/healthz: dial tcp [::1]:10248: connect: connection refused.
- 没有加localhost解析
- kubelet没有启动
#journalctl -xeu kubelet
Mar 16 08:35:22 master01.example.com kubelet[22951]: I0316 08:35:22.784823 22951 certificate_store.go:130] Loading cert/key pair from "/var/lib/kubelet/pki/kubelet-client-current.pem".
Mar 16 08:35:22 master01.example.com kubelet[22951]: I0316 08:35:22.837196 22951 server.go:666] --cgroups-per-qos enabled, but --cgroup-root was not specified. defaulting to /
Mar 16 08:35:22 master01.example.com kubelet[22951]: F0316 08:35:22.837377 22951 server.go:261] failed to run Kubelet: Running with swap on is not supported, please disable swap! or set --fail-swap-on flag to false. /proc/swaps conta
Mar 16 08:35:22 master01.example.com systemd[1]: kubelet.service: main process exited, code=exited, status=255/n/a
Mar 16 08:35:22 master01.example.com systemd[1]: Unit kubelet.service entered failed state.
Mar 16 08:35:22 master01.example.com systemd[1]: kubelet.service failed.
解决办法:
配置 /etc/sysconfig/kubelet
master节点和node节点的服务器都需要配置这个参数
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
KUBE_PROXY_MODE=ipvs
然后
systemctl restart kubelet
node节点所需镜像
docker pull mirrorgooglecontainers/kube-proxy-amd64:v1.13.4
docker pull mirrorgooglecontainers/pause:3.1
docker tag docker.io/mirrorgooglecontainers/kube-proxy-amd64:v1.13.4 k8s.gcr.io/kube-proxy:v1.13.4
docker tag docker.io/mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
node节点进程 & pods
- 进程
- kubelet
- kube-proxy
- pods
- flannel
- kube-proxy
碎片命令
kubelet
kubectl get pods -n kube-system -o wide
kubelet init 失败后清理
kubeadm reset
#或者
rm -rf /etc/kubernetes/*.conf
rm -rf /etc/kubernetes/manifests/*.yaml
docker ps -a |awk '{print $1}' |xargs docker rm -f
systemctl stop kubelet
docker pull mirrorgooglecontainers/kube-proxy
更多推荐
所有评论(0)