美文网首页
k8s权威指南-搭建篇

k8s权威指南-搭建篇

作者: xyz098 | 来源:发表于2019-07-26 11:23 被阅读0次

    基础

    kubernetes中文社区 k8s官网

    kubernetes是一个全新的容器化技术分布式架构。是一个一站式的完备的分布式系统开发和支撑平台。

    安装

    download

    前提

    环境:VirualBox 64位Centos7,网络NAT访问外网

    # 关闭防火墙
    systemctl stop firewalld
    systemctl disable firewalld
    
    # 关闭selinux
    getenforce
    setenforce 0       // 临时修改
    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config  // 永久修改
    

    安装

    yum install -y etcd kubernetes
    
    # 改下docker的存储
    content='{  "graph": "/data1/docker_lib" }'
    echo $content  | python -m  json.tool | tee /etc/docker/daemon.json
    
    # 强制安装
    # 需/etc/rhsm/ca/redhat-uep.pem文件,否则kubectl get pods一直显示ContainerCreating
    yum install yum-utils -y
    yumdownloader python-rhsm-certificates
    rpm -ivh --nodeps python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
    ll /etc/rhsm/ca/redhat-uep.pem   # 文件存在
    

    卸载

    yum remove -y etcd kubernetes*
    

    启动服务

    systemctl start etcd
    systemctl start docker
    systemctl start kube-apiserver
    systemctl start kube-controller-manager
    systemctl start kube-scheduler
    systemctl start kubelet
    systemctl start kube-proxy
    

    kube-apiserver exit code 255 解决

    systemctl status kube-apiserver.service  // 查看信息不足
    # journalctl -xe    // 查看,这里会说明原因。 操作没有可用的网络地址
    # ifup enp0S3     // 虚拟机设置NAT网卡的网络地址
    

    实践

    Mysql
    创建RC副本控制器Pod

    创建RCmysql-rc.yml文件

    apiVersion: v1
    kind: ReplicationController       # kind资源对象的类型,RC副本控制器
    metadata:
      name: mysql
    spec:
      replicas: 1                     # 确保集群上始终仅有replicas个Pod实例运行
      selector:
        app: mysql                    # RC的Pod标签,监控和管理此标签的Pod实例
      template:                       # RC根据tempplate生成Pod实例
        metadata:
          labels:                     # label必须与selector匹配
            app: mysql
        spec:                         # Pod内容器定义部分
          containers:
          - name: mysql
            image: mysql:5.6
            ports:
            - containerPort: 3306
            env:                       # 注入容器内的环境变量
            - name: MYSQL_ROOT_PASSWORD
              value: "123456"
    

    创建pod命令

    kubectl create -f mysql-rc.yml          # yaml文件
    kubectl get rc                          # 获取rc信息
    kubectl get pods                        # 查看启动的pod,确保状态running
    NAME          READY     STATUS              RESTARTS   AGE
    mysql-mj205   0/1       Running   0          2d
    

    报错 kubectl get pods时No resources found

    # vim /etc/kubernetes/apiserver
    # 找到”KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"  去掉ServiceAccount,保存退出。
    
    # systemctl restart kube-apiserver 
    
    创建service服务

    服务mysql-svc.yaml文件

    apiVersion: v1
    kind: Service                                # 说明是Service服务
    metadata:
      name: mysql                                # Service的全局唯一名称
    spec:
      ports:
        - port: 3306                             # Service提供服务的端口号
      selector:
        app: mysql                               # Service对应Pod拥有定义的标签
    

    创建service命令

    kubectl create -f mysql-svc.yaml
    kubectl get svc
    
    Tomcat
    创建pod

    myweb-rc.yaml文件

    apiVersion: v1
    kind: ReplicationController
    metadata:
      name: myweb
    spec:
      replicas: 2
      selector:
        app: myweb
      template:
        metadata:
          labels:
            app: myweb
        spec:
          containers:
            - name: myweb
              image: kubeguide/tomcat-app:v1
              ports:
              - containerPort: 8080
    

    命令

    kubectl create -f myweb-rc.yaml 
    kubectl get pods
    
    创建service

    文件myweb-svc.yaml

    apiVersion: v1
    kind: Service
    metadata:
      name: myweb
    spec:
      type: NodePort
      ports:
        - port: 8080
          nodePort: 30001
      selector:
        app: myweb
    

    命令

    kubectl create -f myweb-svc.yaml
    kubectl get svc
    

    报错

    kubectl get pods一直显示ContainerCreating

    # kubectl get pods
    NAME          READY     STATUS              RESTARTS   AGE
    mysql-mj205   0/1       ContainerCreating   0          2d
    
    # kubectl  describe pod mysql-mj205
    Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.  details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
    
    #【缺少文件】
    # ll /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt
    lrwxrwxrwx. 1 root root 27 7月  16 10:03 /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt -> /etc/rhsm/ca/redhat-uep.pem
    
    # 查询文件提供的rpm包
    # yum provides */redhat-uep.pem    # 此命令第一次没结果,敲第二次可以查看
    python-rhsm-certificates-1.19.10-1.el7_4.x86_64 : Certificates required to communicate with a Red Hat Unified Entitlement Platform
    源    :base
    匹配来源:
    文件名    :/etc/rhsm/ca/redhat-uep.pem
    
    # 安装失败
    # yum install python-rhsm-certificates -y
    错误:依赖检测失败:
        python-rhsm-certificates <= 1.20.3-1 被 (已安裝) subscription-manager-rhsm-certificates-1.21.10-3.el7.centos.x86_64 取代
    
    # 直接下载手动安装
    # yumdownloader python-rhsm-certificates 
    
    # 强制安装
    rpm -ivh --nodeps python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
    ll /etc/rhsm/ca/redhat-uep.pem  文件存在
    
    # 查看还是报错,因为pull需要时间,等待pull ok,查看pod状态为running
    # docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
    

    mysqld: Can't read dir of '/etc/mysql/conf.d/' (OS errno 13 - Permission denied)

    # kubectl get pods
    NAME          READY     STATUS              RESTARTS   AGE
    mysql-27zl6   0/1       Error               0          10m
    
    # kubectl logs mysql-27zl6
    ERROR: mysqld failed while attempting to check config
    command was: "mysqld --verbose --help"
    mysqld: Can't read dir of '/etc/mysql/conf.d/' (OS errno 13 - Permission denied)
    
    # 关闭selinux
    getenforce
    setenforce 0       // 临时修改
    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config      // 永久修改
    
    # kubectl get pods
    NAME          READY     STATUS    RESTARTS   AGE
    mysql-27zl6   1/1       Running   10         30m
    myweb-7bf9q   1/1       Running   11         28m
    myweb-l4z33   1/1       Running   11         28m
    

    浏览器访问

    # kubectl get service
    NAME         CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
    kubernetes   10.254.0.1       <none>        443/TCP          49m
    mysql        10.254.238.31    <none>        3306/TCP         41m
    myweb        10.254.155.220   <nodes>       8080:30001/TCP   39m
    
    # curl -I 192.168.56.101:30001
    HTTP/1.1 200 OK
    Server: Apache-Coyote/1.1
    Content-Type: text/html;charset=UTF-8
    Transfer-Encoding: chunked
    Date: Fri, 26 Jul 2019 02:49:14 GMT
    

    本机可以通,其他机器无法访问

    # 防火墙问题,明明主机防火墙已经关闭。。查看发现FORWARD为DROP
    # iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    KUBE-FIREWALL  all  --  anywhere             anywhere            
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination         
    DOCKER-ISOLATION  all  --  anywhere             anywhere            
    DOCKER     all  --  anywhere             anywhere            
    
    # 手动开启,其他机器可以访问
    # iptables -P FORWARD ACCEPT 
    
    # vim /etc/sysconfig/docker
    ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
    

    可以访问,出现Error:com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException

    # 原因mysql的版本不对,编辑修改mysql-rc.yaml文件
    #  kubectl get pods
    # kubectl edit po mysql-27zl6
     image: mysql:5.6       // 找到image替换版本
     
     建议为了稳定,指定版本,否则更新后出现不必要的麻烦
    

    访问到了,不容易啊:)

    http://192.168.56.101:30001/demo

    相关文章

      网友评论

          本文标题:k8s权威指南-搭建篇

          本文链接:https://www.haomeiwen.com/subject/ttsrrctx.html