基础
kubernetes是一个全新的容器化技术分布式架构。是一个一站式的完备的分布式系统开发和支撑平台。
安装
前提
环境:VirualBox 64位Centos7,网络NAT访问外网
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
# 关闭selinux
getenforce
setenforce 0 // 临时修改
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config // 永久修改
安装
yum install -y etcd kubernetes
# 改下docker的存储
content='{ "graph": "/data1/docker_lib" }'
echo $content | python -m json.tool | tee /etc/docker/daemon.json
# 强制安装
# 需/etc/rhsm/ca/redhat-uep.pem文件,否则kubectl get pods一直显示ContainerCreating
yum install yum-utils -y
yumdownloader python-rhsm-certificates
rpm -ivh --nodeps python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
ll /etc/rhsm/ca/redhat-uep.pem # 文件存在
卸载
yum remove -y etcd kubernetes*
启动服务
systemctl start etcd
systemctl start docker
systemctl start kube-apiserver
systemctl start kube-controller-manager
systemctl start kube-scheduler
systemctl start kubelet
systemctl start kube-proxy
kube-apiserver exit code 255 解决
systemctl status kube-apiserver.service // 查看信息不足
# journalctl -xe // 查看,这里会说明原因。 操作没有可用的网络地址
# ifup enp0S3 // 虚拟机设置NAT网卡的网络地址
实践
Mysql
创建RC副本控制器Pod
创建RCmysql-rc.yml
文件
apiVersion: v1
kind: ReplicationController # kind资源对象的类型,RC副本控制器
metadata:
name: mysql
spec:
replicas: 1 # 确保集群上始终仅有replicas个Pod实例运行
selector:
app: mysql # RC的Pod标签,监控和管理此标签的Pod实例
template: # RC根据tempplate生成Pod实例
metadata:
labels: # label必须与selector匹配
app: mysql
spec: # Pod内容器定义部分
containers:
- name: mysql
image: mysql:5.6
ports:
- containerPort: 3306
env: # 注入容器内的环境变量
- name: MYSQL_ROOT_PASSWORD
value: "123456"
创建pod命令
kubectl create -f mysql-rc.yml # yaml文件
kubectl get rc # 获取rc信息
kubectl get pods # 查看启动的pod,确保状态running
NAME READY STATUS RESTARTS AGE
mysql-mj205 0/1 Running 0 2d
报错 kubectl get pods时No resources found
# vim /etc/kubernetes/apiserver
# 找到”KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota" 去掉ServiceAccount,保存退出。
# systemctl restart kube-apiserver
创建service服务
服务mysql-svc.yaml
文件
apiVersion: v1
kind: Service # 说明是Service服务
metadata:
name: mysql # Service的全局唯一名称
spec:
ports:
- port: 3306 # Service提供服务的端口号
selector:
app: mysql # Service对应Pod拥有定义的标签
创建service命令
kubectl create -f mysql-svc.yaml
kubectl get svc
Tomcat
创建pod
myweb-rc.yaml
文件
apiVersion: v1
kind: ReplicationController
metadata:
name: myweb
spec:
replicas: 2
selector:
app: myweb
template:
metadata:
labels:
app: myweb
spec:
containers:
- name: myweb
image: kubeguide/tomcat-app:v1
ports:
- containerPort: 8080
命令
kubectl create -f myweb-rc.yaml
kubectl get pods
创建service
文件myweb-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: myweb
spec:
type: NodePort
ports:
- port: 8080
nodePort: 30001
selector:
app: myweb
命令
kubectl create -f myweb-svc.yaml
kubectl get svc
报错
kubectl get pods一直显示ContainerCreating
# kubectl get pods
NAME READY STATUS RESTARTS AGE
mysql-mj205 0/1 ContainerCreating 0 2d
# kubectl describe pod mysql-mj205
Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
#【缺少文件】
# ll /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt
lrwxrwxrwx. 1 root root 27 7月 16 10:03 /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt -> /etc/rhsm/ca/redhat-uep.pem
# 查询文件提供的rpm包
# yum provides */redhat-uep.pem # 此命令第一次没结果,敲第二次可以查看
python-rhsm-certificates-1.19.10-1.el7_4.x86_64 : Certificates required to communicate with a Red Hat Unified Entitlement Platform
源 :base
匹配来源:
文件名 :/etc/rhsm/ca/redhat-uep.pem
# 安装失败
# yum install python-rhsm-certificates -y
错误:依赖检测失败:
python-rhsm-certificates <= 1.20.3-1 被 (已安裝) subscription-manager-rhsm-certificates-1.21.10-3.el7.centos.x86_64 取代
# 直接下载手动安装
# yumdownloader python-rhsm-certificates
# 强制安装
rpm -ivh --nodeps python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
ll /etc/rhsm/ca/redhat-uep.pem 文件存在
# 查看还是报错,因为pull需要时间,等待pull ok,查看pod状态为running
# docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
mysqld: Can't read dir of '/etc/mysql/conf.d/' (OS errno 13 - Permission denied)
# kubectl get pods
NAME READY STATUS RESTARTS AGE
mysql-27zl6 0/1 Error 0 10m
# kubectl logs mysql-27zl6
ERROR: mysqld failed while attempting to check config
command was: "mysqld --verbose --help"
mysqld: Can't read dir of '/etc/mysql/conf.d/' (OS errno 13 - Permission denied)
# 关闭selinux
getenforce
setenforce 0 // 临时修改
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config // 永久修改
# kubectl get pods
NAME READY STATUS RESTARTS AGE
mysql-27zl6 1/1 Running 10 30m
myweb-7bf9q 1/1 Running 11 28m
myweb-l4z33 1/1 Running 11 28m
浏览器访问
# kubectl get service
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes 10.254.0.1 <none> 443/TCP 49m
mysql 10.254.238.31 <none> 3306/TCP 41m
myweb 10.254.155.220 <nodes> 8080:30001/TCP 39m
# curl -I 192.168.56.101:30001
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 26 Jul 2019 02:49:14 GMT
本机可以通,其他机器无法访问
# 防火墙问题,明明主机防火墙已经关闭。。查看发现FORWARD为DROP
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
KUBE-FIREWALL all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-ISOLATION all -- anywhere anywhere
DOCKER all -- anywhere anywhere
# 手动开启,其他机器可以访问
# iptables -P FORWARD ACCEPT
# vim /etc/sysconfig/docker
ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
可以访问,出现Error:com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException
# 原因mysql的版本不对,编辑修改mysql-rc.yaml文件
# kubectl get pods
# kubectl edit po mysql-27zl6
image: mysql:5.6 // 找到image替换版本
建议为了稳定,指定版本,否则更新后出现不必要的麻烦
访问到了,不容易啊:)
网友评论