Kubernetes单节点实验的一些记录

作者: ljyfree | 来源:发表于2018-12-24 15:21 被阅读23次

为了对k8s有一个直观的印象，搜了一个实验开始step by step，期间遇到的一些问题，都记录在这里。

我使用的教程的网址是https://www.cnblogs.com/neutronman/p/8047547.html

解决Pod状态一直是ContainerCreating的问题

Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory

按照教程上说的

yum install *rhsm* -y

然后删除pod再重新创建，并没有解决，后来搜到的如下方法才搞定。

# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
# rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem

mysql的server创建yaml文件

原教程中没有加nodePort,应该是因为只创建了一个mysql的pod，所以直接用3306这个mysql常用端口
更一般的，考虑到后续可能会有多节点，所以建议添加nodePort再创建

# cat mysql-svc.yaml
apiVersion: v1                      
kind: Service                              #表明是K8s Service
metadata: 
  name: mysql                              #Service的全局唯一名称
spec:
  ports:
    - port: 3306                           #Service提供服务的端口号
      nodePort: 31101
  selector:                                #Service对应的Pod拥有这里定义的标签
    app: mysql
  type: NodePort

几个show结果的分析

services

# kubectl get service
NAME         CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
kubernetes   10.254.0.1       <none>        443/TCP          1h
mysql        10.254.116.110   <nodes>       3306:31101/TCP   32m
myweb        10.254.93.182    <nodes>       8080:30001/TCP   1h
#

除了k8s本身之外，一共启动了两个services:mysql和myweb
service是一组pod的服务抽象，相当于一组pod的LB，负责将请求分发给对应的pod
注意到每个service都会提供一个10.254.x.y的IP，这个是Cluster-IP，是一个虚IP
Pod之间访问service，用Cluster-IP+containerPort，例如通过10.254.116.110:3306访问mysql
K8s集群之外访问service，用服务器IP+nodePort,例如可以通过浏览器访问http://<服务器IP>:30001/打开网页

服务端口

# netstat -apn | grep 31101
tcp6       0      0 :::31101                :::*                    LISTEN      17216/kube-proxy    
# netstat -apn | grep 30001
tcp6       0      0 :::30001                :::*                    LISTEN      17216/kube-proxy    
#

kube-proxy的作用主要是负责service的实现，具体来说，就是实现了内部从pod到service和外部的从node port向service的访问
kube-proxy是所有pod的服务抽象，担负着透明代理和负载均衡的角色，其实就是将某个访问service的请求，通过一套算法和规则转发给后端的pod
无论pod内还是pod外要访问service，都会有kube-proxy来转发到service所代表的一个具体的pod上

pods

# kubectl get pods
NAME          READY     STATUS    RESTARTS   AGE
mysql-f9f5j   1/1       Running   0          1h
myweb-0ghm7   1/1       Running   0          1h
myweb-5m78d   1/1       Running   0          1h
myweb-6g4x6   1/1       Running   0          1h
myweb-87fvm   1/1       Running   0          1h
myweb-svf8n   1/1       Running   0          1h
#

mysql的pod建立了一个，myweb一次就创建了五个，确实非常方便

service的内部IP

# kubectl describe svc mysql
Name:           mysql
Namespace:      default
Labels:         <none>
Selector:       app=mysql
Type:           NodePort
IP:         10.254.116.110
Port:           <unset> 3306/TCP
NodePort:       <unset> 31101/TCP
Endpoints:      172.17.0.2:3306
Session Affinity:   None
No events.
# 
# kubectl describe svc myweb
Name:           myweb
Namespace:      default
Labels:         <none>
Selector:       app=myweb
Type:           NodePort
IP:         10.254.93.182
Port:           <unset> 8080/TCP
NodePort:       <unset> 30001/TCP
Endpoints:      172.17.0.3:8080,172.17.0.4:8080,172.17.0.5:8080 + 2 more...
Session Affinity:   None
No events.
#

mysql只启动了一个pod，因此分配了一个内部IP :172.17.0.2
myweb启动了五个pod组成LB，细分内部IP为172.17.0.3~7,分别指向这五个myweb pod，他们是myweb这个service LB的成员

网络接口

# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno16777984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:50:56:a9:7c:18 brd ff:ff:ff:ff:ff:ff
    inet 10.25.130.254/16 brd 10.25.255.255 scope global noprefixroute eno16777984
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea9:7c18/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:1c:ee:af brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:1c:ee:af brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:f3:1e:6e:0c brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:f3ff:fe1e:6e0c/64 scope link 
       valid_lft forever preferred_lft forever
7: veth97cd88d@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether fe:31:43:92:2c:f3 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::fc31:43ff:fe92:2cf3/64 scope link 
       valid_lft forever preferred_lft forever
9: vethd739ec1@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 76:af:fd:c4:d3:f8 brd ff:ff:ff:ff:ff:ff link-netnsid 2
    inet6 fe80::74af:fdff:fec4:d3f8/64 scope link 
       valid_lft forever preferred_lft forever
11: vethc9fcdfc@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether ce:f2:84:06:79:86 brd ff:ff:ff:ff:ff:ff link-netnsid 4
    inet6 fe80::ccf2:84ff:fe06:7986/64 scope link 
       valid_lft forever preferred_lft forever
13: veth842480c@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether e2:20:a3:f5:6d:c8 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::e020:a3ff:fef5:6dc8/64 scope link 
       valid_lft forever preferred_lft forever
15: vethc6943c5@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 62:71:e5:a2:9d:cb brd ff:ff:ff:ff:ff:ff link-netnsid 5
    inet6 fe80::6071:e5ff:fea2:9dcb/64 scope link 
       valid_lft forever preferred_lft forever
17: vethe9473c3@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 3e:5c:ca:eb:31:f1 brd ff:ff:ff:ff:ff:ff link-netnsid 3
    inet6 fe80::3c5c:caff:feeb:31f1/64 scope link 
       valid_lft forever preferred_lft forever
#

可以看到网桥docker0,IP是172.17.0.1/16
在同一个node上，pod之间都是通过veth链接到docker0网桥上，docker0会动态地分配IP地址给pod
同一个节点上的pod就是通过这个网桥通信的

最后demo网页没有显示出来的问题

原文最后访问http://<host-IP>:30001/demo，没有显示出表格，反而网页报错

Error:com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.

只访问http://<host-IP>:30001是不对的，因为即便没有连接mysql，开这个网页也会显示出猫的，这个是tomcat独立就可以完成
经过搜索和摸索，最后确定myweb-rc.yaml要是这个样子

# cat myweb-rc.yaml
apiVersion: v1
kind: ReplicationController
metadata:
  name: myweb
spec:
  replicas: 5                                       #Pod副本期待数量为5
  selector:
    app: myweb
  template:
    metadata:
      labels:
        app: myweb
    spec:
      containers:
      - name: myweb
        image: kubeguide/tomcat-app:v1
        ports: 
        - containerPort: 8080

删除已有重新创建

# kubectl delete -f  myweb-svc.yaml
# kubectl delete -f  myweb-rc.yaml
# kubectl create -f  myweb-rc.yaml
# kubectl create -f  myweb-svc.yaml

终于看到表格啦！

进入pod shell

先get pod的名字

# kubectl get pods
NAME          READY     STATUS    RESTARTS   AGE
mysql-g7bxp   1/1       Running   0          50m
myweb-4640d   1/1       Running   0          38m
myweb-469nq   1/1       Running   0          38m
myweb-g47sb   1/1       Running   0          38m
myweb-kk2sb   1/1       Running   0          38m
myweb-lkwd4   1/1       Running   0          38m
#

例如要进入myweb-4640d

# kubectl exec -it myweb-4640d sh
# cat /etc/issue
Debian GNU/Linux 8 \n \l

#

坑爹的是没有vi/vim，apt-get install也不能装，需要添加一些源

# cat > sources.list <<EOF
deb http://mirrors.163.com/debian/ jessie main non-free contrib
deb http://mirrors.163.com/debian/ jessie-updates main non-free contrib
deb http://mirrors.163.com/debian/ jessie-backports main non-free contrib
deb-src http://mirrors.163.com/debian/ jessie main non-free contrib
deb-src http://mirrors.163.com/debian/ jessie-updates main non-free contrib
deb-src http://mirrors.163.com/debian/ jessie-backports main non-free contrib
deb http://mirrors.163.com/debian-security/ jessie/updates main non-free contrib
deb-src http://mirrors.163.com/debian-security/ jessie/updates main non-free contrib
EOF
# cat sources.list
deb http://mirrors.163.com/debian/ jessie main non-free contrib
deb http://mirrors.163.com/debian/ jessie-updates main non-free contrib
deb http://mirrors.163.com/debian/ jessie-backports main non-free contrib
deb-src http://mirrors.163.com/debian/ jessie main non-free contrib
deb-src http://mirrors.163.com/debian/ jessie-updates main non-free contrib
deb-src http://mirrors.163.com/debian/ jessie-backports main non-free contrib
deb http://mirrors.163.com/debian-security/ jessie/updates main non-free contrib
deb-src http://mirrors.163.com/debian-security/ jessie/updates main non-free contrib
# apt-get update -y

然后就可以装vim了

# apt-get install vim -y

先记录这么多……

Kubernetes单节点实验的一些记录

解决Pod状态一直是ContainerCreating的问题

mysql的server创建yaml文件

几个show结果的分析

services

服务端口

pods

service的内部IP

网络接口

最后demo网页没有显示出来的问题

进入pod shell

相关文章

网友评论

延伸阅读

深度阅读

栏目导航

热点阅读